If your use of our Services is in connection with a school, employer, health institution or other organization (your “Institution”) who is a customer of MedHub, information about you may be shared with your Institution.
Commitment to Privacy
Our privacy practices may vary among the states, countries and regions in which we operate in order to comply with applicable legal requirements. We are committed to compliance with the EU-U.S. and SWISS-U.S. Privacy Shield.
MedHub is dedicated to protecting the privacy of all personal information collected through this website and our Services. We may collect information from you (directly or through third party vendors we retain) or from a third party who is authorized by you or otherwise permitted by applicable law to share information with us (for example, your school or employer) in situations such as the following:
We also may collect information about you from other sources. We work closely with third parties (for example, business partners, service providers, sub-contractors, educational institutions, analytics providers, search information providers, fraud protection services) and may receive information about you from them. We may also collect and process information about you that your school, employer, institution or other organization (such as a professional, governmental, oversight or other organization) (“Institution”) with which you are, or previously were, affiliated provides to us. We may also collect and process information about you that we receive from other sources including organizations that are our customers (which might be your Institution, for example), organizations that are integrated with our Services through our partner program, and organizations that sponsor surveys or programs in connection with our Services. If you use our Services through a third party (including your Institution), please contact that third party first if you have any questions about the data they collect from you and share with us. If they do not address your concerns, please contact us.
To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about users of our Services in order to provide or optimize the Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose. Our Services may collect certain information by automated means when you access or use our Services. This information may include, but is not limited to, usage details, Internet Protocol (“IP”) address, browser type, browser language, devices you use, access times, the sites linked from, pages visited, applications downloaded or accessed, links and features used, content viewed or requested, information collected through cookies and other such information. We generally collect this information to improve our Services for our users, to learn about our users’ interests and enhance the Services we provide, for security and analytics purposes, and for other lawful purposes. To learn more, please see our “Cookies and Similar Technologies” section below.
Educational Records (FERPA) and Medical Records (HIPAA). In providing our Services, we do not require the collection of personal information covered by the U.S. Health Insurance Portability and Accountability Act (“HIPAA”); indeed you are prohibited from using our Services to record, store or communicate personal health information (“PHI”). Also, in providing our Services we may be provided personal information covered by the U.S. Federal Educational Rights and Privacy Act (“FERPA”) under the “school official” exception. To the extent we are required to do so by contract with your Institution, we will comply with HIPAA, FERPA, or an equivalent law or regulation for your state or country of residence as required by such contract.
How We May Use Your Information
We use your information to provide you, either directly or through a third party (including your Institution), with our Services. We also may use your information to support our business functions, such as fraud prevention, marketing, analytics and legal functions.
We may use your information:
We also may use, process, transfer, and store any data about you in an anonymous, aggregated manner. We may combine personal information with other information, collected online and offline, including information from third party sources.
We may also use information in other ways with your consent or as permitted by applicable law.
We also may share information to fulfill any other purpose for which you have provided information to us; for any other purpose disclosed by us or the third party with whom you are interacting when you provide the information; to enforce our rights arising from any contracts; for billing and collection; or as otherwise permitted under applicable law.
Security of your personal information is of the utmost importance to us. We use administrative, technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We take reasonable security measures to secure your personal information against unauthorized access, loss, use, disclosure, or alteration by third parties and unauthorized employees. We use Secure Sockets Layer (SSL) encryption, the industry standard for secure online transmissions.
If information is transmitted to us using a means that is outside our systems, or if you transmit information to a third party, we cannot guarantee the security of information during transmission. Any such unsecured transmission is at your own risk. We recommend that you use appropriate security measures to protect your information.
Correction of Your Personal Information
Accuracy is a top priority for us. You can ensure that any contact data is up-to-date and can correct, update or delete inaccuracies to the information by either logging into your account to review and maintain your information or by contacting customer service. Other corrections or updates to inputted data may depend on the privileges assigned by your Institutions or may require assistance from customer service in making a change. We will respond to your request to make changes to your information as soon as reasonably possible.
We will attempt to answer all requests that we correct the data if it is inaccurate or delete it as long as we are not required to retain it by law or for legitimate business purposes or as otherwise set forth below.
In addition, to protect your privacy, we may require you to prove your identity before granting access to, or agreeing to update, correct or delete your personal information.
Not all information about you can be changed by us. For example, we may have records tracking how much time you spent working in a training module or your clinical rotation hours. We may also have faculty evaluations and procedures logs relating to your clinical performance in our system. Although this information is linked to you, it may not be changed and, in certain instances, it may be subject to government or regulatory oversight. You should contact your Institution if you believe such information is not accurate.
Cookies and other Tracking Devices
We may use the following types of cookies and similar technologies:
Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all of the features available through our Services, such as tests, trainings or other activities.
For more information, visit the help page for your web browser or see https://www.allaboutcookies.org or visit www.youronlinechoices.com which has further information about behavioral advertising and online privacy.
We may use third party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects your information regarding Google Analytics and how you can opt-out, please see https://tools.google.com/dlpage/gaoptout.
Cross Device Tracking. When you use your mobile device to interact with us or our Services, we may receive information about your mobile device, including a unique identifier for your device. We and our service providers and third parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
We do not acknowledge browser “do-not-track” indicators.
Our Sites or Services may contain links or other connections to other third-party websites, platforms, products, services or applications that are independent of our Services. The information collection practices and privacy policies of these third parties may differ from ours. MedHub provides links to you only as a convenience, and the inclusion of any link does not imply affiliation, endorsement or adoption by MedHub of any site or any information contained therein.
To the extent permitted by applicable law, we may retain your information for as long as your account is active, for at least twenty-four (24) months thereafter, or as long as is reasonably necessary to provide you with our Services or as needed for other lawful purposes. We may retain cached or archived copies of your information. We may be required to retain some of your data for a longer period of time (including indefinitely) because of various laws and regulations or because of contractual obligations. We also will retain your information as long as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
Telephone Consumer Protection Act Notice
We may use your information to make business, informational and collections calls relating to our Services to all telephone numbers, including cellular numbers or mobile devices, you choose to provide on your account or in registering for any of our Services. You agree such calls may be pre-recorded messages or placed with an automatic telephone dialing system. In addition, you agree that we may send service or account related text messages to cellular phone numbers you provide to us, and you agree to accept and pay all carrier message and data rates that apply to such text messages. If you choose to provide an email or other electronic address on your account, you acknowledge and consent to receive business and informational messages relating to our Services at such address, including collections messages, and you represent and warrant that such address is your private address and is not accessible or viewable by any other person.
We recognize the importance of protecting the privacy and safety of children. Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the Services and do not send any information about yourself to us. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us as set forth below
California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our Notice for California Residents. The Notice supplements and is incorporated in this Policy.
The California Consumer Privacy Act (“CCPA”) provides consumers with certain rights, including the right to access your “personal information” (a term defined by the law) we may have about you and to know how we use and disclose this data, the right to have your data deleted under certain conditions and the right not to be discriminated against for having exercised your other rights. One of the main objectives of CCPA is to give consumers control over the sale of their data. MedHub does not sell, rent, lease or otherwise provide personal information to others for monetary or other valuable consideration. Your rights and other CCPA concepts are more fully described in our Notice for California Residents.
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use may be entitled to request and obtain from us, once per calendar year, information about customer information we have shared, if any, with other businesses for such other businesses’ own direct marketing uses. If applicable, this information would include the categories of resident information and the names and addresses of those businesses with which we shared such resident information for the immediately prior calendar year. To obtain this information, please email us at firstname.lastname@example.org with “Request for California Privacy Information” in the subject line of your message. Please include sufficient personal identification information so that we can process your request, including name, mailing address, and email address if you want to receive a response by email.
If you are a California resident under age 18 and are a registered user of any of our Services, then you may request that we remove any content or information that you posted on our websites, online services, online applications, or mobile applications (“User Content”). To request removal of your User Content, please send a detailed description of the specific User Content you want us to remove to the email or regular mail address set forth above. We reserve the right to request that you provide information that will enable us to confirm that the User Content that you want removed was posted by you.
We will make a good faith effort to delete or remove your User Content from public view as soon as reasonably practicable. Please note, however, that your request that we delete your User Content does not ensure complete or comprehensive removal of your User Content. Your User Content may remain on backup media, cached or otherwise retained by us for administrative or legal purposes or your User Content may remain publicly available if you or someone else has forwarded or re-posted your User Content on another website, online service, online application or mobile application prior to its deletion. We may also be required by law to not remove (or allow removal) of your User Content.
Class Action Waiver
YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
Employees and Contractors; Job Applicants
Job Applicants: In connection with a job application or inquiry, you may provide us with data about yourself, including your educational background or résumé and other information, including your ethnicity where required or permitted by law. We may share this information with our parent corporations and their affiliates for the purpose of employment consideration. We may keep the information for future consideration unless you direct us not to do so.
FOR EUROPEAN VISITORS AND CUSTOMERS:
EU-U.S. and SWISS-U.S. Privacy Shield Additional Notice
We are in the process of submitting our certification of compliance with the EU-U.S. and Swiss-U.S. Privacy Shield with respect to the personal data of users of our Services who are residents of the European Union (“EU”), European Economic Area (“EEA”) and Switzerland that we receive and process through the Services. We certify that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (hereinafter, “Privacy Shield Principles”) for personal data of users of our Services in participating European countries. Once complete, our Privacy Shield certification will be available here. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses.
Processing of Personal Data, Purposes and Legal Basis
“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Data” means data indicating racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life, or sexual orientation, or for any genetic data or biometric data.
Please note that, in certain circumstances, you may be required to provide the requested Personal Data by contract or law, and your failure to provide such Personal Data may mean we are unable to provide you with our Services.
Our legal basis for the Processing of Personal Data are: 1) consent and/or 2) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to users of our Services, preventing fraud, ensuring information and network security, direct marketing, processing Personal Data for internal administrative purposes, and complying with industry practices.
Your Additional Rights as an European Resident
As a resident of the European Union or a country that follows similar regulations for the protection of Personal Data, you may have the following additional rights:
Consent: We may be required to obtain your consent for certain Processing of your Personal Data, such as Processing of Sensitive Data.
Access: You may request a copy of the Personal Data we have collected from and about you by contacting us. Please be advised that our personnel may have a limited ability to identify and access an individual user’s Personal Data if such information was submitted to us by their school, employer or another organization with whom they are affiliated. Thus, if you wish to request access, to limit use, or to limit disclosure of your Personal Data, we may first refer your request to the school, employer or other organization that submitted your Personal Data to us, and we will support them as appropriate in responding to your request.
Rectification & Erasure: You may request that we rectify or delete any of your Personal Data that is incomplete, incorrect, unnecessary or outdated.
Objection: You may object, at any time, to your Personal Data being Processed for direct marketing purposes.
Restriction of Processing: You may request restriction of Processing of your Personal Data for certain reasons, such as, for example, if you consider your Personal Data collected by us to be inaccurate or you have objected to the Processing and the existence of legitimate grounds for Processing is still under consideration.
Data Portability: You may request and receive the Personal Data we have collected on you in a commonly used and machine-readable form.
Right to Withdraw Consent: Where your Personal Data is Processed solely based on your consent and not for any other legitimate interest, you have the right to withdraw your consent at any time, without affecting the lawfulness of our Processing based on such consent before it was withdrawn, including Processing related to existing contracts for our products and services.
Swiss users whose Personal Data is within the scope of the Privacy Shield certification may also have rights to access certain Personal Data we hold about them and to obtain its correction, amendment or deletion.
To exercise any of the rights listed above, please contact us as set forth below. We will process any requests in accordance with applicable law and within a reasonable period of time. We may require that you establish your identity and provide a clear and precise description of your request. Please note that in some cases, especially if you wish us to delete or cease the Processing of your Personal Data, we may no longer be able to continue to provide our Services to you.
Third Parties with Whom We May Share Data
We may use third-party providers to assist us in providing the Services to our users. Such third-party providers may perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. Such third parties may access, process or store Personal Data in the course of providing these services.
To the extent permitted under applicable law, we may share information about your enrollment and participation in our Services, including your Personal Data, with your employer, governmental agencies, oversight organizations, professional organizations, certification or accreditation organizations, educational institutions, and industry self-regulatory organizations.
We may also share information, including your Personal Data, with third parties for marketing, advertising, promotions, contests, or other similar purposes, with your consent or to the extent permitted under applicable law.
If we receive Personal Data that is subject to our certification under the Privacy Shield and then transfer it to a third-party, we may have certain liability under the Privacy Shield if (i) the third-party Processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage, or to the extent we are otherwise liable under applicable law or the Privacy Shield Principles.
International Data Transfers
Our Services may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, your Personal Data may be transferred and Processed outside the country where you use our Services, including to countries outside the EU, EEA or Switzerland, where the level of data protection may not be deemed adequate by the European Commission.
To the extent permitted by applicable law, your use of our Services is your consent to the transfer of your information outside of your country or geographic region, including transfer to the United States, and to processing of your information in the United States by us or by a third party acting on our behalf.
If you wish to know more about international transfers of your Personal Data, please contact us.
Questions or Complaints – Europe
If you are a resident of a European country participating in the Privacy Shield, you may direct any questions or complaints concerning our Privacy Shield compliance to our Privacy Shield and Data Protection Contact. We will work with you to resolve your issue.
If you consider our Processing of your Personal Data to be inconsistent with the applicable data protection laws, you may lodge a complaint with your local supervisory Data Protection Authority responsible for data protection matters.
Dispute Resolution and Arbitration
If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States. For information about JAMS, please see https://www.jamsadr.com/eu-us-privacy-shield.
We also will cooperate with competent EU data protection authorities (DPAs) with regard to human resources data transferred from a European country participating in the Privacy Shield in the context of the employment relationship.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
US Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). For information about Privacy Shield, please see https://www.privacyshield.gov/welcome.
Privacy Shield and Data Protection Contact
Your Privacy Shield and Data Protection Contact for the personal information you provide in connection with our Services is:
ATTN: Legal Department – MedHub European Privacy Contact
Ascend Learning, LLC
5 Wall Street, 4th floor, Burlington, MA 01803, USA
Please provide your identification information, a detailed description of the nature of your request, the name of or Services you use, and your country of residence.