If your use of our Services is in connection with a school, employer, health institution or other organization (your “Institution”) who is a customer of MedHub, information about you may be shared with your Institution.
Commitment to Privacy
MedHub is dedicated to protecting the privacy of all personal information collected through this website and our Services. We may collect information from you (directly or through third party vendors we retain) or from a third party who is authorized by you or otherwise permitted by applicable law to share information with us (for example, your school or employer) in situations such as the following:
- Website visit. When you provide information during a login process, when you access certain portions of our website, when you ask us to provide more information, when you purchase online or in connection with any online employment applications.
- Registration. When you create an account on our Services, make a purchase, register or login to access or use functions or features.
- Communications. When you communicate with us.
- Learning and Assessment Activities. When you use our Services, information about faculty evaluations, your clinical activities, your procedures performed, your scheduling, your work hours, your student history, your personal learning behaviors, your competencies, and your milestones, and various metrics related to your learning of particular subject matters may be recorded.
- Background Information. When you use our Services, your educational and employment history, licensure and certifications information, immunization history, and citizenship, biographical and demographic information may be recorded.
- Surveys and Research. If you participate in our research studies about our products or the industries and professions we support or our market research surveys or programs.
- Subscriptions. If you subscribe to one of our newsletters or request text alerts.
- Social Media. If you use or interact with our Services on social media and networking pages and applications, such as Facebook, Instagram, LinkedIn and others.
We also may collect information about you from other sources. We work closely with third parties (for example, business partners, service providers, sub-contractors, educational institutions, analytics providers, search information providers, fraud protection services) and may receive information about you from them. We may also collect and process information about you that your school, employer, institution or other organization (such as a professional, governmental, oversight or other organization) (“Institution”) with which you are, or previously were, affiliated provides to us. We may also collect and process information about you that we receive from other sources including organizations that are our customers (which might be your Institution, for example), organizations that are integrated with our Services through our partner program, and organizations that sponsor surveys or programs in connection with our Services. If you use our Services through a third party (including your Institution), please contact that third party first if you have any questions about the data they collect from you and share with us. If they do not address your concerns, please contact us.
To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about users of our Services in order to provide or optimize the Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose. Our Services may collect certain information by automated means when you access or use our Services. This information may include, but is not limited to, usage details, Internet Protocol (“IP”) address, browser type, browser language, devices you use, access times, the sites linked from, pages visited, applications downloaded or accessed, links and features used, content viewed or requested, information collected through cookies and other such information. We generally collect this information to improve our Services for our users, to learn about our users’ interests and enhance the Services we provide, for security and analytics purposes, and for other lawful purposes. To learn more, please see our “Cookies and Similar Technologies” section below.
Educational Records (FERPA) and Medical Records (HIPAA). In providing our Services, we do not require the collection of personal information covered by the U.S. Health Insurance Portability and Accountability Act (“HIPAA”) and we ask that you do not use our systems to record or store identifying information about individual patients. That said, we understand that there may be a need to use a tag to allow follow-up encounters with a patient to be linked with records of prior observations or experiences concerning that patient. Such tagging may be personal health information (“PHI”), as that term is defined under HIPAA. Accordingly, we will adhere to the requirements of HIPAA with respect to this tagging data element. Individuals using our systems may voluntarily and knowingly provide personal health information about themselves, such as immunization status, to be shared with clinical sites they attend. This information is also protected pursuant to the requirements of HIPAA. Also, in providing our Services we may be provided personal information covered by the U.S. Federal Educational Rights and Privacy Act (“FERPA”) under the “school official” exception. We adhere to the requirements of FERPA and equivalent state laws and regulations.
How We May Use Your Information
We use your information to provide you, either directly or through a third party (including your Institution), with our Services. We also may use your information to support our business functions, such as fraud prevention, marketing, analytics and legal functions.
We may use your information:
- To fulfill your requests for Services and communicate with you about those requests.
- To set up your account and verify your identity when you register for our Services.
- To process your payments – but we do not retain your credit card data after a payment has been processed.
- To monitor, record, analyze and report on your activity, interactions and engagement with our Services.
- To track and analyze and report on your onboarding, scheduling, progress, success, performance, evaluations, work hours, clinical activities, procedures performed, assessments, competencies, milestones and study history in connection with our Services. If your use of our Services is in connection with an Institution, we may share your data with your Institution, its faculty and staff, and other parties associated with or required by your Institution.
- To record the time you enter or leave your clinical site campus to assist your completion of timecards, if you are using certain of our products. The “clinical site campus” is one or more buildings, as defined by your school, in which your clinical activities may occur.
- To perform research and analysis for our Services and to further develop and improve our Services or to perform research concerning the industries and professions we serve.
- To perform benchmarking analytics and general metrics about your performance or, after anonymizing, de-identifying or aggregating the data, your Institution’s or program’s performance as compared to other Institutions or programs.
- To analyze technical data such as cookies, content viewed, IP address, device use, site volume and load.
- To verify compliance with license terms.
- To support and personalize our Services, websites, mobile services and, if you have opted-in to receive marketing materials, our advertising.
- To inform you of new products, services or, if you have opted-in to receive marketing materials, promotions we may offer.
- For research, analysis, benchmarking or surveys.
- To engage you in our social media platforms.
- To protect the security and integrity of our Services, content, and our business.
- To respond to reviews, comments, or other feedback you provide us.
- To comply with applicable legal or regulatory requirements and our policies, protect against criminal activity, claims and other liabilities.
- For any other lawful purpose for which the information is provided.
We also may use, process, transfer, and store any data about you in an anonymous, aggregated manner. We may combine personal information with other information, collected online and offline, including information from third party sources.
We may also use information in other ways with your consent or as permitted by applicable law.
- Affiliates, Agents and Partners. We may share information with our parent corporation and affiliates (or any business partner or agent acting on our behalf) worldwide as necessary to provide you with the Services, each such parent corporation, affiliate, business partner, and agent will be under the same obligations as is MedHub to protect the confidentiality of your information and protect your privacy.
- Analytics and Reporting. We may share your information to (i) analyze and provide certain information about your performance to you, your Institution, including other parties associated with and required by your Institution and faculty; (ii) generate reports and analytics for use by you, your Institution, other parties associated with and required by your Institution, and your faculty regarding the performance of an entire program at your Institution and (iii) generate reports and analytics to be used by researchers or third parties in the industries or fields that we support to better understand changes and trends in such industries or fields.
- Service providers. We may share information with agents, contractors, service providers, vendors, business partners, and other third parties we use to support our business and Services. We may share information to provide technical support to you and your Institution, its instructor(s) or staff. Some examples of third parties we work with are shippers, payment servicers, information processors, financial institutions, data centers, undergraduate and graduate educational institutions you attend, other organizations you are affiliated with, or their support service providers. Such third-party providers may perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. Such third parties may access, process or store personal data in the course of providing these services.
- Your Institution and other Organizations. We may share information about your use of our Services with your Institution and its faculty or staff, and other parties associated with or required by your Institution. We also may share information with governmental agencies, oversight organizations, professional organizations, accreditation organizations, and industry self-regulatory organizations.
- Fraud Prevention. We may share your information to confirm your identity to ensure only authorized users are accessing our Services and for general security.
- Advertising and Marketing. If you have opted-in to receive marketing information from MedHub, to the extent permitted by applicable law, we may share information with third parties for marketing, advertising, promotions, contests, or other similar If required by applicable law, we will share such data for advertising and marketing purposes only in an aggregate, anonymous, and de-identified manner.
- Mergers, Acquisitions, Divestitures. We may share, disclose or transfer information about you to an acquirer, investor, new affiliate, or other successor in the event MedHub, its parent company or affiliates, or any portion, group or business unit thereof, undergoes a business transition, such as a merger, acquisition, consolidation, reorganization, change of control, divestiture, liquidation or dissolution (including bankruptcy), or a sale or other transfer of all or a portion of any assets or during steps in contemplation of such activities (e.g., negotiations and due diligence).
- Law Enforcement and National Security. We may share information to comply with any law or directive, judicial or administrative order, legal process or investigation, warrant, subpoena, government request, regulatory request, law enforcement or national security investigation, or as otherwise required or authorized by law.
- Protection of Rights, Property or Safety: We may also share information if, in our sole discretion, we believe disclosure is necessary or appropriate to protect the rights, property or safety of any person, or if we suspect fraud, illegal activity, abuse or testing misconduct has taken place.
We also may share information to fulfill any other purpose for which you have provided information to us; for any other purpose disclosed by us or the third party with whom you are interacting when you provide the information; to enforce our rights arising from any contracts; for billing and collection; or as otherwise permitted under applicable law.
Security of your personal information is of the utmost importance to us. We use administrative, technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We take reasonable security measures to secure your personal information against unauthorized access, loss, use, disclosure, or alteration by third parties and unauthorized employees. We use Secure Sockets Layer (SSL) encryption, the industry standard for secure online transmissions.
If information is transmitted to us using a means that is outside our systems, or if you transmit information to a third party, we cannot guarantee the security of information during transmission. Any such unsecured transmission is at your own risk. We recommend that you use appropriate security measures to protect your information.
Correction of Your Personal Information
Accuracy is a top priority for us. You can ensure that any contact data is up-to-date and can correct, update or delete inaccuracies to that information by either logging into your account to review and maintain your information or by contacting customer service. Other corrections or updates to inputted data may depend on the privileges assigned by your Institutions or may require assistance from customer service in making a change. We will respond to your request to make changes to your information as soon as reasonably possible.
We will attempt to answer all requests that we correct your data if it is inaccurate or, where required by law, to delete it. Please note that we are not able to delete your data if we are required to retain it by law, contract or other legitimate business purposes.
In addition, to protect your privacy, we may require you to prove your identity before granting access to, or agreeing to update, correct or delete your personal information.
Not all information about you can be changed by us. For example, we may have records tracking how much time you spent working in a training module or your clinical rotation hours. We may also have faculty evaluations and procedures logs relating to your clinical performance in our system. Although this information is linked to you, it may not be changed and, in certain instances, it may be subject to government or regulatory oversight. You should contact your Institution if you believe such information is not accurate.
Cookies and other Tracking Devices
We may use the following types of cookies and similar technologies:
- Strictly necessary cookies required for the operation of our They include, for example, cookies that enable you to log into secure areas.
- Analytical/performance cookies that collect information about how you use our Services. They allow us to recognize and count the number of visitors and to see how visitors move around our This helps us to improve the way our website works. These cookies are sometimes placed by third party providers of web traffic analysis services.
- Functionality cookies that remember choices you make and recognize you when you return. This enables us to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed. We use this information to make our website more relevant to your interests, and, if we enable advertising, to make advertising more relevant to you, as well as to limit the number of times you see an ad. These cookies are usually placed by third-party advertising networks. They remember the other websites that you visit and this information is shared with third-party organizations, for example advertisers.
Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all of the features available through our Services, such as tests, trainings or other activities.
For more information, visit the help page for your web browser or see https://www.allaboutcookies.org or visit www.youronlinechoices.com which has further information about behavioral advertising and online privacy.
We may use third party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects your information regarding Google Analytics and how you can opt-out, please see https://tools.google.com/dlpage/gaoptout.
Cross Device Tracking. When you use your mobile device to interact with us or our Services, we may receive information about your mobile device, including a unique identifier for your device. We and our service providers and third parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
We do not acknowledge browser “do-not-track” indicators.
Time Tracking. If you use certain of our products and have enabled the time tracking app on your mobile device, we will collect the time you enter and the time you leave your clinical site campus in order to assist you in completing your timecard. The time tracking does not track your location once you have entered the campus or at any time you are off campus.
Our Sites or Services may contain links or other connections to other third-party websites, platforms, products, services or applications that are independent of our Services. The information collection practices and privacy policies of these third parties may differ from ours. MedHub provides links to you only as a convenience, and the inclusion of any link does not imply affiliation, endorsement or adoption by MedHub of any site or any information contained therein.
To the extent permitted by applicable law, we may retain your information for as long as your account is active, for at least twenty-four (24) months thereafter, or as long as is reasonably necessary to provide you with our Services or as needed for other lawful purposes. We may retain cached or archived copies of your information. We may be required to retain some of your data for a longer period of time (including indefinitely) because of various laws and regulations or because of contractual obligations. We also will retain your information as long as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
Telephone Consumer Protection Act Notice
We may use your information to make business, informational and collections calls relating to our Services to all telephone numbers, including cellular numbers or mobile devices, you choose to provide on your account or in registering for any of our Services. You agree such calls may be pre-recorded messages or placed with an automatic telephone dialing system. In addition, you agree that we may send service or account related text messages to cellular phone numbers you provide to us, and you agree to accept and pay all carrier message and data rates that apply to such text messages. If you choose to provide an email or other electronic address on your account, you acknowledge and consent to receive business and informational messages relating to our Services at such address, including collections messages, and you represent and warrant that such address is your private address and is not accessible or viewable by any other person.
We recognize the importance of protecting the privacy and safety of children. Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the Services and do not send any information about yourself to us. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us as set forth below.
California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our Notice for California Residents. The Notice supplements and is incorporated in this Policy.
The California Consumer Privacy Act (“CCPA”) provides consumers with certain rights, including the right to access your “personal information” (a term defined by the law) we may have about you and to know how we use and disclose this data, the right to have your data deleted under certain conditions and the right not to be discriminated against for having exercised your other rights. One of the main objectives of CCPA is to give consumers control over the sale of their data. MedHub does not sell, rent, lease or otherwise provide personal information to others for monetary or other valuable consideration. Your rights and other CCPA concepts are more fully described in our Notice for California Residents.
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use may be entitled to request and obtain from us, once per calendar year, information about customer information we have shared, if any, with other businesses for such other businesses’ own direct marketing uses. If applicable, this information would include the categories of resident information and the names and addresses of those businesses with which we shared such resident information for the immediately prior calendar year. To obtain this information, please email us at email@example.com with “Request for California Privacy Information” in the subject line of your message. Please include sufficient personal identification information so that we can process your request, including name, mailing address, and email address if you want to receive a response by email.
If you are a California resident under age 18 and are a registered user of any of our Services, then you may request that we remove any content or information that you posted on our websites, online services, online applications, or mobile applications (“User Content”). To request removal of your User Content, please send a detailed description of the specific User Content you want us to remove to the email or regular mail address set forth above. We reserve the right to request that you provide information that will enable us to confirm that the User Content that you want removed was posted by you.
We will make a good faith effort to delete or remove your User Content from public view as soon as reasonably practicable. Please note, however, that your request that we delete your User Content does not ensure complete or comprehensive removal of your User Content. Your User Content may remain on backup media, cached or otherwise retained by us for administrative or legal purposes or your User Content may remain publicly available if you or someone else has forwarded or re-posted your User Content on another website, online service, online application or mobile application prior to its deletion. We may also be required by law to not remove (or allow removal) of your User Content.
Class Action Waiver
YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
In connection with a job application or inquiry, you may provide us with data about yourself, including your educational background or résumé and other information, including your ethnicity where required or permitted by law. We may share this information with our parent corporations and their affiliates for the purpose of employment consideration. We may keep the information for future consideration unless you direct us not to do so.
FOR EUROPEAN VISITORS AND CUSTOMERS:
EU-U.S. and SWISS-U.S. Privacy Shield Additional Notice
We acknowledge the July 2020 ruling by the European Court of Justice, striking down the EU-U.S. and Swiss-U.S. Privacy Shield as a mechanism for transferring the personal data of users of our Services who are residents of the European Union (“EU”), European Economic Area (“EEA”) and Switzerland. The U.S. Department of Commerce continues to administer the Privacy Shield Program and as such, Ascend will continue to adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (hereinafter, “Privacy Shield Principles”) for personal data of users of our Services in European countries. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses.
Processing of Personal Data, Purposes and Legal Basis
“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Sensitive Data” means data indicating racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life, or sexual orientation, or for any genetic data or biometric data.
Please note that, in certain circumstances, you may be required to provide the requested Personal Data by contract or law, and your failure to provide such Personal Data may mean we are unable to provide you with our Services.
Our legal basis for the Processing of Personal Data are: 1) consent and/or 2) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to users of our Services, preventing fraud, ensuring information and network security, direct marketing, processing Personal Data for internal administrative purposes, and complying with industry practices.
Your Additional Rights as an European Resident
As a resident of the European Union or a country that follows similar regulations for the protection of Personal Data, you may have the following additional rights:
Consent: We may be required to obtain your consent for certain Processing of your Personal Data, such as Processing of Sensitive Data.
Access: You may request a copy of the Personal Data we have collected from and about you by contacting us. Please be advised that our personnel may have a limited ability to identify and access an individual user’s Personal Data if such information was submitted to us by their school, employer or another organization with whom they are affiliated. Thus, if you wish to request access, to limit use, or to limit disclosure of your Personal Data, we may first refer your request to the school, employer or other organization that submitted your Personal Data to us, and we will support them as appropriate in responding to your request.
Rectification & Erasure: You may request that we rectify or delete any of your Personal Data that is incomplete, incorrect, unnecessary or outdated.
Objection: You may object, at any time, to your Personal Data being Processed for direct marketing purposes.
Restriction of Processing: You may request restriction of Processing of your Personal Data for certain reasons, such as, for example, if you consider your Personal Data collected by us to be inaccurate or you have objected to the Processing and the existence of legitimate grounds for Processing is still under consideration.
Data Portability: You may request and receive the Personal Data we have collected on you in a commonly used and machine-readable form.
Right to Withdraw Consent: Where your Personal Data is Processed solely based on your consent and not for any other legitimate interest, you have the right to withdraw your consent at any time, without affecting the lawfulness of our Processing based on such consent before it was withdrawn, including Processing related to existing contracts for our products and services.
Swiss users whose Personal Data is within the scope of the Privacy Shield certification may also have rights to access certain Personal Data we hold about them and to obtain its correction, amendment or deletion.
To exercise any of the rights listed above, please contact us as set forth below. We will process any requests in accordance with applicable law and within a reasonable period of time. We may require that you establish your identity and provide a clear and precise description of your request. Please note that in some cases, especially if you wish us to delete or cease the Processing of your Personal Data, we may no longer be able to continue to provide our Services to you.
Third Parties with Whom We May Share Data
We may use third-party providers to assist us in providing the Services to our users. Such third- party providers may perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. Such third parties may access, process or store Personal Data in the course of providing these services.
To the extent permitted under applicable law, we may share information about your enrollment and participation in our Services, including your Personal Data, with your employer, governmental agencies, oversight organizations, professional organizations, certification or accreditation organizations, educational institutions, and industry self-regulatory organizations.
We may also share information, including your Personal Data, with third parties for marketing, advertising, promotions, contests, or other similar purposes, with your consent or to the extent permitted under applicable law.
If we receive Personal Data that is subject to our certification under the Privacy Shield and then transfer it to a third-party, we may have certain liability under the Privacy Shield if (i) the third- party Processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage, or to the extent we are otherwise liable under applicable law or the Privacy Shield Principles.
International Data Transfers
Our Services may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, your Personal Data may be transferred and Processed outside the country where you use our Services, including to countries outside the EU, EEA or Switzerland, where the level of data protection may not be deemed adequate by the European Commission.
To the extent permitted by applicable law, your use of our Services is your consent to the transfer of your information outside of your country or geographic region, including transfer to the United States, and to processing of your information in the United States by us or by a third party acting on our behalf.
If you wish to know more about international transfers of your Personal Data, please contact us.
Questions or Complaints – Europe
If you are a resident of a European country participating in the Privacy Shield, you may direct any questions or complaints concerning our Privacy Shield compliance to our Privacy Shield and Data Protection Contact. We will work with you to resolve your issue.
If you consider our Processing of your Personal Data to be inconsistent with the applicable data protection laws, you may lodge a complaint with your local supervisory Data Protection Authority responsible for data protection matters.
Dispute Resolution and Arbitration
If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States. For information about JAMS, please see https://www.jamsadr.com/eu-us-privacy-shield.
We also will cooperate with competent EU data protection authorities (DPAs) with regard to human resources data transferred from a European country participating in the Privacy Shield in the context of the employment relationship.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees.
US Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). For information about Privacy Shield, please see https://www.privacyshield.gov/welcome.
Privacy Shield and Data Protection Contact
Your Privacy Shield and Data Protection Contact for the personal information you provide in connection with our Services is:
ATTN: Chief Compliance Officer/Data Privacy Officer
Ascend Learning, LLC
5 Wall Street, Burlington, MA 01803, USA
Please provide your identification information, a detailed description of the nature of your request, the name of or Services you use, and your country of residence.
Revised January 2022