Last updated on August 12th 2020.
MyHeartDiseaseTeam (also referred to as www.MyHeartDiseaseTeam.com, or, — the "Platform") operated by MyHealthTeam, Inc. ("MHT," "we," "our," "us") respects the privacy of our users. We never sell your personal information to third parties.
We are a company established in the United States with a registered office at One Post Street, Suite 2250, San Francisco, CA 94104, and for the purpose of the General Data Protection Regulation (the "GDPR"), we are the data controller. You can contact our Data Privacy Officer (DPO) at email@example.com should you have any issues in connection with personal information processed through our Platform (contact details provided below).
Information we collect from you
- Information you provide about yourself: in order to join the MyHeartDiseaseTeam community, you must provide a username (either your real name or a username that does not identify you), e-mail address, date of birth and role (patient, parent, or spouse). While participating in the community or otherwise using the Platform, you can also provide additional information such as your city, gender, profile image, diagnosis treatment information and other health-related information.
Information you provide as a caregiver
- Information you provide about doctors, specialists or other providers: we collect information such as name, e-mail address, phone number, business address and area of specialization of health care providers that you add to our Platform directory.
How we use the information we collect
This Platform is about connecting and learning from other people going through the same thing as you. We provide areas on our Platform where you can post information about yourself and others, communicate with and ask questions of others, post recommendations of doctors or other establishments, and upload content (e.g. pictures, videos, audio files, etc.). Such postings are governed by our terms of service or TOS: https://www.myheartdiseaseteam.com/about/tos. This Platform is password-protected and your personal content is only visible to those who have signed up for an account.
All content that you share on MyHeartDiseaseTeam will be viewed by all members of the MyHeartDiseaseTeam community. By joining the MyHeartDiseaseTeam community, you consent to the information that you post being shared with all members of the MyHeartDiseaseTeam community.
While we encourage openness and transparency, only share content you are comfortable sharing with everyone else who has signed up for an account on MyHeartDiseaseTeam. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution and only post information that you are happy to share publicly.
- Information you provide about yourself: with your consent, we use the information that you provide to communicate with you, deliver the services that you have requested, connect you to the MHT social networks that you chose to join, and develop and display content tailored to your interests on our Platform. We also use your information to respond to customer service requests, provide technical support and enforce our terms and conditions, based on our legitimate interest to ensure the proper functioning of our Platform and offer you the best experience as a member.
Information you provide as a caregiver:
- about your child under 18 years old: with your consent on behalf of your child, we use the information that you provide about your child to deliver the services that you have requested, connect you to the MHT social networks that you chose to join on the child's behalf, and develop and display content tailored to your child's condition on our Platform.
- about your spouse [or other family members above 18 years old]: based on your representation of the consent from your spouse [or other family members above 18 years old], or with your legal consent on their behalf, when applicable, we use their information to deliver the services that you have requested, connect you to the MHT social networks that you chose to join on their behalf, and develop and display content tailored to your interests on their behalf.
- Information you provide about doctors, specialists or other providers: based on your and our legitimate interest to provide useful information for Platform users, we add information that you provide on doctors, specialists and other providers to our "provider directory" on the Platform. Note, however, that we are not a medical referral site and we do not recommend or endorse any particular Provider or medical treatment. No information on our Platform should be construed as medical and/or health advice. [MyHeartDiseaseTeam is not a "covered entity" for purposes of determining applicability of the Health Insurance Portability and Accountability Act of 1996 and the rules promulgated thereunder (HIPAA) to the Site and the treatment of User Content (defined in the Terms of Service) provided by you.]
- Sharing Information That Is Relevant To You: If you have consented to receive e-mails, text messages, or phone calls, we may send you communications about features or services related to the use of this social network, as well as share information on upcoming clinical trials, research, patient education, or other services relevant to you. We do not, however, share your contact information without your explicit consent. For instance, if you learn of a clinical trial opportunity through this social network and wanted to be contacted by a trial site near you, it would be up to you to either click through to the trial website and share your contact information there, or provide your explicit consent to be contacted on a form provided by this social network. In some instances, anonymized information members share regarding side effects from medicines may be reported to manufacturers or regulators to further improvements in drug safety and efficacy, but no personally identifying information is shared without your explicit consent. Your privacy is paramount.
For more information about the cookies used on our Platform, the third-party service providers that we use to gather such information, and reports that we receive based on the use of tracking technologies, please refer to our Cookies Policy at https://www.myheartdiseaseteam.com/about/cookies_policy
With whom we will share your information
We never sell personal information to third parties.
We do not share your personal information with others except as indicated below or when you have expressly consented and requested that we share such information on your behalf.
MHT shares your personal information with our authorized technical service providers, to the extent needed for them to provide their services to us; they are not permitted to share or use your personal information for any other purposes. These providers include:
- Google Analytics, a web analytics tool provider located in the United States, who we use to help us understand how users engage with the Platform.
- Iterable and SendGrid, an e-mail marketing service provider located in the United States, who we use to create and send e-mails and advertise our services.
- FreshDesk, a help desk provider located in the United States who we use for customer support.
- Amazon AWS, a cloud services platform located in the United States, who we use for backend storage.
- Hotjar is a technology service that helps us better understand our users experience and this enables us to build and maintain our service with user feedback.
MHT will also disclose your information:
- In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency, including to meet national security or law enforcement requirements; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
- When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Platform terms and conditions or other agreements or policies.
- In the event that we sell MyHeartDiseaseTeam or MyHealthTeam we will disclose your data to the prospective buyer of such business or assets; or if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets to that third party.
MyHeartDiseaseTeam will share trends and insights based on de-identified content, about the data on the social network to make sure real patients have a de-identified voice in how treatments for this condition could be shaped. (This will in no way include any personal information.) We may partner, for example, with a pharmaceutical company developing therapies for a condition and share de-identified or aggregated data from MyHeartDiseaseTeam that does not identify any of our users.
Where we store the information we collect
Our Platform is hosted in the United States and based on your consent the information that you submit to us will be held by MHT in the United States.
Any onward transfers of your personal information by MHT to third service providers in the United States will be made either:
- in compliance with the US-EU Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your personal data from European Union Member States, in case the third service provider certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.
- under the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU. Please contact the DPO if you wish to examine the standard contractual clauses.
How Long We Store Your Data
We will retain your information as follows:
- Data that you provide to us about yourself: Until you delete your data or your account, or, until such time as your account is inactive for a period of 10 years.
- Data that you provide to use as caregiver about your child under 18 years old: Until you deleted your data or your account, or, until such time as your account is inactive for a period of 10 years.
- Data that you provide to use as caregiver about your spouse [or other family members above 18 years old]: Until you deleted your data or your account, or, until such time as your account is inactive for a period of 10 years.
- Information you provide about doctors, specialists or other providers: Reviews you provide are removed if you delete that specific data, or deleted your account, and if an account remains inactive for one year, then we will delete your data after 10 years.
After you have terminated your use of our services, we may store your information in an aggregated format for up to 12 months via disaster recovery backups.
Your Rights over Personal Information
Generally, a Platform user can review, update, and delete inaccuracies related to personal information through the user's MHT account interface by clicking: https://www.MyHeartDiseaseTeam.com
In certain circumstances, individuals also have the following rights under the GDPR as set out below:
- Access and portability: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with. [In some circumstances you are entitled to a copy of that data in commonly used machine-readable format or can ask us to send it to another provider/ third party]
- Correction, erasure and restriction of processing: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data corrected or ask us to delete data (i) where you believe it is no longer necessary for us to hold the personal data; (ii) where we are processing your data on the basis of our legitimate interest and you object to such processing; or (iii) if you believe the personal data we hold about you is being unlawfully processed by us. You can ask us to restrict processing data we hold about you other than for storage purposes if you believe the personal data is not accurate (whilst we verify accuracy); where we want to erase the personal data as the processing we are doing is unlawful but you want us to continue to store said data; where we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims or where you have objected to us processing personal data and we are considering your objection.
- Withdrawal of consent: You can withdraw the consent that you provided when you signed up to join the MyHeartDiseaseTeam community by deleting your account here: https://www.myheartdiseaseteam.com/users/account/edit If you withdraw consent you will be completely excluded from the MyHeartDiseaseTeam Community.
- Objection: You have the right to object to our processing of data about you [based on legitimate interests] and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
- Newsletters, clinical trials and research: You have the right to ask us not to send you information about or not to process your personal data for purposes of our newsletter, clinical trial or research purposes. You can exercise your right to prevent such processing at any time by changing your email settings here: https://www.myheartdiseaseteam.com/users/account/email_notifications
- Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavor to deal with your request. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
You can exercise these rights by sending an email to email@example.com or by mailing MHT at the address listed in this policy. Before we respond to your request, we will ask you to verify your identity.
The California Consumer Privacy Act (CCPA) provides consumers (California residents) with specific rights regarding their personal information. We extend these rights to any member requesting such information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information. (We do not sell your personal information).
- The categories of third parties with whom we share that personal information (as listed above).
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose you may request a list of the following information:
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please send an email to firstname.lastname@example.org or send us a written request via mail at the address listed in this policy. Before we respond to your request, we will ask you to verify your identity.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response via email to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
How we protect your personal information
This social network is password-protected. The only content that search engines such as Google are able to see are anonymized versions of the QA section and anonymized versions of the provider listings, and anonymized versions of the blog posts and resource sections.
We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are permitted to access personal information, and they may do so only for permitted business functions. In addition, we use firewalls to help prevent unauthorized persons from gaining access to your personal information.
While MHT strives to use commercially acceptable standards to protect personal information, MHT cannot guarantee absolute security. Therefore, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information, searches, or other communications will always remain secure. Users should also take care with how they handle and disclose their personal information and should avoid sending personal information through insecure email. Please refer to the Federal Trade Commission's Platform at consumer.ftc.gov for information about how to protect yourself against identity theft.
Our Platform is for use only by those over the age of 18. If you are under the age of 18, you are not permitted to use our Platform. The conditions under which we process information of children below the 18 are described above.
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
How to contact us
MyHealthTeam One Post Street, Suite 2250, San Francisco, CA 94104 firstname.lastname@example.org
For assistance with technical difficulties, including problems with accessing or using your customer account, please email email@example.com. © MyHealthTeam. All rights reserved.