Last updated on September 9th 2019.
MyHeartDiseaseTeam (also referred to as www.MyHeartDiseaseTeam.com, or, – the “Platform”) operated by MyHealthTeams, Inc. (“MHT” “we”, “our”, “us”) respects the privacy of our users.
We are a company established in the United States with a registered office at One Post Street, Suite 2250, San Francisco, CA 94104, and for the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller. You can contact our Data Privacy Officer (DPO) at email@example.com should you have any issues in connection with personal information processed through our Platform (contact details provided below).
Information we collect from you
- Information you provide about yourself: in order to join the MyHeartDiseaseTeam community, you must provide your name, e-mail address, date of birth and role (patient, parent, or spouse). While participating in the community or otherwise using the Platform, you can also provide additional information such as your city, gender, profile image, diagnosis treatment information and other health-related information.
Information you provide as a caregiver
- Information you provide about doctors, specialists or other providers: we collect information such as name, e-mail address, phone number, business address and area of specialization of health care providers that you add to our Platform directory.
How we use the information we collect
This Platform is about connecting and learning from other people going through the same thing as you. We provide areas on our Platform where you can post information about yourself and others, communicate with and ask questions of others, post recommendations of doctors or other establishments, and upload content (e.g. pictures, videos, audio files, etc.). Such postings are governed by our TOS: https://www.myheartdiseaseteam.com/about/tos. This site is a password-protected site and your personal content is only visible to those who have signed up for an account.
All content that you share on MyHeartDiseaseTeam will be viewed by all members of the MyHeartDiseaseTeam community. By joining the MyHeartDiseaseTeam community, you consent to the information that you post being shared with all members of the MyHeartDiseaseTeam community.
While we encourage openness and transparency, only share content you are comfortable sharing with everyone else who have signed up for an account on MyHeartDiseaseTeam. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution and only post information that you are happy to share publicly.
- Information you provide about yourself: with your consent, we use the information that you provide to communicate with you, deliver the services that you have requested, connect you to the MHT social networks that you chose to join, and develop and display content tailored to your interests on our Platform. We also use your information to respond to customer service requests, provide technical support and enforce our terms and conditions, based on our legitimate interest to ensure the proper functioning of our Platform and offer you the best experience as a member.
Information you provide as a caregiver:
- about your child under 18 years old: with your consent on behalf of your child, we use the information that you provide about your child to deliver the services that you have requested, connect you to the MHT social networks that you chose to join on the child’s behalf, and develop and display content tailored to your child’s condition on our Platform.
- about your spouse [or other family members above 18 years old]: based on your representation of the consent from your spouse [or other family members above 18 years old], or with your legal consent on their behalf, when applicable, we use their information to deliver the services that you have requested, connect you to the MHT social networks that you chose to join on their behalf, and develop and display content tailored to your interests on their behalf.
- Information you provide about doctors, specialists or other providers: based on your and our legitimate interest to provide useful information for Platform users, we add information that you provide on doctors, specialists and other providers to our “provider directory” on the Platform. Note, however, that we are not a medical referral site and we do not recommend or endorse any particular Provider or medical treatment. No information on our Platform should be construed as medical and/or health advice. [MyHeartDiseaseTeam is not a “covered entity” for purposes of determining applicability of the Health Insurance Portability and Accountability Act of 1996 and the rules promulgated there under (HIPAA) to the Site and the treatment of User Content (defined in the Terms of Service) provided by you.]
- Sharing Information That Is Relevant To You: If you have consented to receive e-mails or phone calls, we may send you communications about features or services related to the use of this social network, as well as share information on upcoming clinical trials, research, patient education, or other services relevant to you. We do not, however, share your contact information without your explicit consent. For instance, if you learn of a clinical trial opportunity through this social network and wanted to be contacted by a trial site near you, it would be up to you to either click through to the trial website and share your contact information there, or provide your explicit consent to be contacted on a form provided by this social network. In some instances, anonymized information members share regarding side effects from medicines may be reported to manufacturers or regulators to further improvements in drug safety and efficacy, but no personally identifying information is shared without your explicit consent. Your privacy is paramount.
For more information about the cookies used on our Platform, the third-party service providers that we use to gather such information, and reports that we receive based on the use of tracking technologies, please refer to our Cookies Policy at https://www.myheartdiseaseteam.com/about/cookies_policy
With whom we will share your information
We never sell personal information to third parties.
We do not share your personal information with others except as indicated below or when you have expressly consented and requested that we share such information on your behalf.
MHT shares your personal information with our authorized technical service providers, to the extent needed for them to provide their services to us; they are not permitted to share or use your personal information for any other purposes. These providers include:
- Google Analytics, a web analytics tool provider located in the United States, who we use to help us understand how users engage with the Platform.
- MailChimp and SendGrid, an e-mail marketing service provider located in the United States, who we use to create and send e-mails and advertise our services.
- FreshDesk, a help desk provider located in the United States who we use for customer support.
- Amazon AWS, a cloud services platform located in the United States, who we use for backend storage.
- Hotjar is a technology service that helps us better understand our users experience and this enables us to build and maintain our service with user feedback.
MHT will also disclose your information:
- In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency, including to meet national security or law enforcement requirements; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
- When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Platform terms and conditions or other agreements or policies.
- In the event that we sell MyHeartDiseaseTeam or MyHealthTeams we will disclose your data to the prospective buyer of such business or assets; or if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets to that third party.
MyHeartDiseaseTeam will share trends and insights based on de-identified content, about the data on the social network to make sure real patients have a de-identified voice in how treatments for this condition could be shaped. (This will in no way include any personal information.) We may partner, for example, with a pharmaceutical company developing therapies for a condition and share de-identified or aggregated data from MyHeartDiseaseTeam that does not identify any of our users.
Where we store the information we collect
Our Platform is hosted in the United States and based on your consent the information that you submit to us will be held by MHT in the United States.
Any onward transfers of your personal information by MHT to third service providers in the United States will be made either:
- in compliance with the US-EU Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your personal data from European Union Member States, in case the third service provider certifies that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.
- under the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU. Please contact the DPO if you wish to examine the standard contractual clauses.
How Long We Store Your Data
We will retain your information as follows:
- Data that you provide to us about yourself: Until you delete your data or your account, or, until such time as your account is inactive for a period of 10 years.
- Data that you provide to use as caregiver about your child under 18 years old: Until you deleted your data or your account, or, until such time as your account is inactive for a period of 10 years.
- Data that you provide to use as caregiver about your spouse [or other family members above 18 years old]: Until you deleted your data or your account, or, until such time as your account is inactive for a period of 10 years.
- Information you provide about doctors, specialists or other providers: Reviews you provide are removed if you delete that specific data, or deleted your account, and if an account remains inactive for one year, then we will delete your data after 10 years.
After you have terminated your use of our services, we may store your information in an aggregated format for up to 12 months via disaster recovery backups.
Your Rights over Personal Information
Generally, a Platform user can review, update, and delete inaccuracies related to personal information through the user's MHT account interface by clicking: https://www.MyHeartDiseaseTeam.com
In certain circumstances, individuals also have the following rights under the GDPR as set out below:
- Access and portability: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with. [In some circumstances you are entitled to a copy of that data in commonly used machine-readable format or can ask us to send it to another provider/ third party]
- Correction, erasure and restriction of processing: You have the right to require us to correct any personal data held about you that is inaccurate and have incomplete data corrected or ask us to delete data (i) where you believe it is no longer necessary for us to hold the personal data; (ii) where we are processing your data on the basis of our legitimate interest and you object to such processing; or (iii) if you believe the personal data we hold about you is being unlawfully processed by us. You can ask us to restrict processing data we hold about you other than for storage purposes if you believe the personal data is not accurate (whilst we verify accuracy); where we want to erase the personal data as the processing we are doing is unlawful but you want us to continue to store said data; where we no longer need the personal data for the purposes of the processing but you require us to retain the data for the establishment, exercise or defense of legal claims or where you have objected to us processing personal data and we are considering your objection.
- Withdrawal of consent: You can withdraw the consent that you provided when you signed up to join the MyHeartDiseaseTeam community by deleting your account here: https://www.myheartdiseaseteam.com/users/account/edit If you withdraw consent you will be completely excluded from the MyHeartDiseaseTeam Community.
- Objection: You have the right to object to our processing of data about you [based on legitimate interests] and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims.
- Newsletters, clinical trials and research: You have the right to ask us not to send you information about or not to process your personal data for purposes of our newsletter, clinical trial or research purposes. You can exercise your right to prevent such processing at any time by changing your email settings here: https://www.myheartdiseaseteam.com/users/account/email_notifications
- Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at firstname.lastname@example.org and we will endeavor to deal with your request. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
You can exercise these rights by sending an email to email@example.com or by mailing MHT at the address listed in this policy. Before we respond to your request, we will ask you to verify your identity.
How we protect your personal information
This social network is password-protected. The only content that search engines such as Google are able to see are anonymized versions of the QA section and anonymized versions of the provider listings, and anonymized versions of the blog posts and resource sections.
We take appropriate security measures (including physical, electronic and procedural measures) to help safeguard your personal information from unauthorized access and disclosure. For example, only authorized employees are permitted to access personal information, and they may do so only for permitted business functions. In addition, we use firewalls to help prevent unauthorized persons from gaining access to your personal information.
While MHT strives to use commercially acceptable standards to protect personal information, MHT cannot guarantee absolute security. Therefore, although we take steps to secure your information, we do not promise, and you should not expect, that your personal information, searches, or other communications will always remain secure. Users should also take care with how they handle and disclose their personal information and should avoid sending personal information through insecure email. Please refer to the Federal Trade Commission’s Platform at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft.
Our Platform is for use only by those over the age of 18. If you are under the age of 18, you are not permitted to use our Platform. The conditions under which we process information of children below the 18 are described above.
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at firstname.lastname@example.org and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.
How to contact us
MyHealthTeams One Post Street, Suite 2250, San Francisco, CA 94104 email@example.com
For assistance with technical difficulties, including problems with accessing or using your customer account, please email firstname.lastname@example.org. © MyHealthTeams. All rights reserved.