Effective Date: October 4th, 2023
Last Updated: October 4th, 2023
We at AcuityMD, Inc. (“AcuityMD”, “us”, “our”, or “we”) are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, share and protect your personal information, as well as how you can manage the personal information we collect. This Privacy Notice applies to your interactions with us through your use of our website (www.acuitymd.com) (our “Website”). This Privacy Notice also applies to individuals who apply for a position with us.
This Website is primarily for informational purposes. For more information about how to become an enterprise customer, please contact us. This Privacy Notice does not apply to the login portal that is accessible via our Website. The collection and use of information on the portal is governed by the enterprise agreement with the respective customer.
By using our Website, you acknowledge the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not use our Website. If you do not understand, or if you have questions about, this Privacy Notice, please contact us before using, or continuing to use, our Website. We reserve the right to change our Privacy Notice from time to time by posting the changes here. If we choose to amend this Privacy Notice, we will revise the Last Updated date at the top of this Privacy Notice when we post the updated version. We may also provide you with notice by prominently posting on our Website, via email or both, if we make any significant changes to this Privacy Notice. We may also highlight those changes at the top of this Privacy Notice and provide a prominent link to it for a reasonable length of time following the change. Your use of our Website after we have informed you in one of these ways that we made changes to our Privacy Notice will mean that you have accepted those changes
We collect two basic types of information from you when you provide it to us or when you use or interact with our Website: personal information and non-personal information.
Personal information includes all information that relates to you or which are opinions about you personally and either identifies or may be used to identify you personally (collectively, “personal information”). We may collect the following type of personal information from you depending upon the device you are using and how you interact with us or use or interact with our Website, such as your:
We strive to uphold data minimization principles and only seek to collect personal information from you for the purposes described in this Privacy Notice. To see all of the categories of personal information we collect, please reference the California Privacy Law Appendix below.
Non-personal information includes information that does not personally identify you or information that has been anonymized (collectively, “non-personal information”). When we combine non-personal information with personal information, we treat the combined information as personal information.
You can always refuse to provide your personal information, but some personal information is necessary to provide our Website.
We need to collect personal information from you in order to provide you with our Website, as well as to improve your experience while using our Website. When you visit or use our Website, or apply for a position with us, you may provide us with personal information.
Cookies
Like many websites and apps, we use “cookies”, which are small text files that are stored on your computer or equipment when you visit certain online pages that record your preferences and actions, including how you use the website. We use this information for analytics purposes which allows us to improve your browsing experience. The information we collect through these technologies will also be used to manage your session. Out of these cookies, the cookies that are categorised as "necessary" are stored on your browser as they are essential for the working of basic functionalities of the website. These necessary cookies cannot be disabled.
You can set your browser or device to refuse all cookies or to indicate when a cookie is being sent. If you delete your cookies, if you opt-out from cookies, or if you set your browser or device to decline these technologies, the Website may not function properly. Our Website does not currently change the way they operate upon detection of a Do Not Track or similar signal.
We also permit third parties and service providers to use online tracking technologies on our Website for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests. The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Website or on third parties’ websites. To the extent these online tracking technologies are deemed to be a “sale” or “share” (which includes targeted advertising, as defined under the applicable laws) under applicable U.S. state laws, you can opt-out of these online tracking technologies by submitting a request via the Your Rights and Choices section, available below and at the bottom of our webpages. Some features of our Website may not be available to you as a result.
Online Analytics
We also use various types of online analytics including Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on our Website. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the Website, compile reports on the related activities, and provide other services related to website and app activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s services and to learn how to opt-out of tracking of analytics by Google click here.
Other Sources
We also may collect personal information from other sources, such as public sources, government databases, our partners, or third party service providers, for the purposes listed in the How We Use Personal Information section below, including to enable us to verify or update information contained in our records and to better customize the Website for you.
We primarily use personal information to support core business functions, including to provide, maintain, and improve our Website, products, and services, but we may also use personal information to do any or all of the following:
We may also combine your personal information collected through various sources, including information collected through our Website, and develop a customer profile that will be used for the purposes above.
If you apply for a position with us, we will use your personal information as necessary to determine your fitness for the position applied for, to make any relevant adjustments during the recruitment process and for equal opportunities monitoring, as well as the purposes listed above.
We retain personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required or permitted by law. In many situations, we must retain some or all of your personal information to comply with our legal obligations; resolve disputes; enforce our agreements; protect against fraudulent, deceptive, or illegal activities; or for other legitimate business purposes, such as for auditing, accounting, or tax purposes.
We may use personal information to create non-personal information. We may use non-personal information for any legitimate business purpose.
We only share personal information in limited circumstances as described in this Privacy Notice. For example, we may share personal information with our third party service providers, suppliers, vendors, professional advisors and business partners, which may include IT service providers, financial institutions and payment providers, customer relationship management vendors, other cloud-based solutions providers, lawyers, accountants, auditors and other professional advisors. We contract with such vendors and advisers to ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information. We share personal information with these third parties to help us:
We may share personal information with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of:
In accordance with applicable law, we may also transfer or assign personal information to third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation. If we are involved in defending a legal claim, we may disclose personal information about you that is relevant to the claim to third parties as a result of, or in connection with, the associated legal proceedings.
To see all of the categories of personal information we share, please reference the California Privacy Law Appendix below.
We share non-personal information with third parties as reasonably necessary to meet our business needs.
We are dedicated to ensuring the security of your personal information. We use physical, electronic, and administrative security measures appropriate to the risks and sensitivity of the personal information we collect. We aim to provide secure transmission of your personal information from your devices to our servers. We have processes to store personal information that we have collected in secure operating environments. Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information to you. We try our best to safeguard personal information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your personal information, please contact us immediately.
We are a global business. As such, information we collect may be transferred to, stored, and processed in any country or territory where one or more of our business partners or service providers are based or have facilities which may be a different to your home country. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws that country. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal information that we transfer in line with this Privacy Notice by requiring that our business partners or service providers adhere to this Privacy Notice and the applicable privacy regulations in your home country.
Our Website is not for children or those under the age of 13. We do not knowingly collect personal information from children or other persons who are under 13 years of age. Individuals who are children or those under the age of 13 should not attempt to provide us with any personal information. If you think we have received personal information from children or those under the age of 13, please contact us immediately.
We do not share personal information with third parties for their own direct marketing purposes without your consent. California residents under 18 years old, in certain circumstances, may request and obtain removal of personal information or content that you have posted on our Website. Please be mindful that this would not ensure complete removal of the content posted by you on our Website. To make any request pursuant to California privacy law, please contact us.
We offer you certain choices in connection with our Website.
Access to your personal information
You have the right to request access to the personal information that we collect, use, and disclose about you. You also have the right to not receive discriminatory treatment for exercising your access right. To submit a request or designate an authorized agent to make a request, please contact us using the information below.
Deleting your personal information
You have the right to request that we delete your personal information, subject to some exceptions under applicable law. Once we have received and confirmed your request, we will delete (and direct our partners and service providers to delete) your personal information, unless an exception under applicable law applies. You have the right to not receive discriminatory treatment for exercising your deletion right. To submit a request or designate an authorized agent to make a request, please contact us using the information below.
Correcting your personal information
You have the right to request that we update or correct the personal information we collect. You also have the right to not receive discriminatory treatment for exercising your correction right. To submit a request to update or correct your information, please contact us using the information below.
Opting out of sale/share of personal information
We do not sell personal information collected through our website or personal information relating to our customers. However based on California law’s broad definition of the term “sale”, our disclosure of specific health care providers’ personal information to our customers regarding their professional background (e.g., medical school, residency, etc.), occupational history (e.g., surgeries/procedures performed, medical devices utilized, etc.), and place of employment meets the definition of “sale” under the CCPA. You have the right to opt out of the sale of your personal information to third parties. You also have the right to not receive discriminatory treatment for exercising your opt out right. To opt out, please follow the instructions outlined below or follow the instructions provided when you click on the “Do Not Sell or Share My Personal Information” hyperlink at the bottom of our website. If you do not have an account or if you are not logged into your account, your request to opt out of “sale” will be linked to your browser identifier only and not linked to any account information because the connection between your browser and the account is not known to us.
You have the right to opt out of the sharing of your personal information to third parties for targeted advertising purposes. You also have the right to not receive discriminatory treatment for exercising your opt our right. To opt out, please follow the instructions provided when you click on the “Do Not Sell or Share My Personal Information” hyperlink at the bottom of our website. If you do not have an account or if you are not logged into your account, your request to opt out of “sharing” will be linked to your browser identifier only and not linked to any account information because the connection between your browser and the account is not known to us.
You may opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use. If you would like us to make the connection between your browser and your account when you send the opt-out of “sale” / “sharing” of your personal information request or GPC signal, and you have not yet opted out of “sale” / “sharing” your personal information, we recommend you submit the Do Not Sell or Share My Personal Information form that is in the hyperlink at the bottom of our website.
Email Communications / Direct Marketing
You may have the opportunity to receive certain communications from us related to our business. You can opt-out of marketing emails at any time by following the instructions at the bottom of our emails and adjusting your email preferences. Certain emails may be necessary for the operation of our business. You will continue to receive these necessary emails, if lawful and appropriate, even if you unsubscribe from our optional marketing communications.
Cookies / Beacons
If you wish to minimize information collected by cookies or beacons, you can adjust the settings of your device or browser. You can also set your device or browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that the website may not work properly if you reject cookies. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests. For more information about how our Website use cookies, please see our Cookie section above.
Do Not Track
Some devices and browsers support a “Do Not Track” (or, DNT) feature, a privacy preference that you can set in certain browsers, which is intended to be a signal to websites that you do not wish to be tracked across different websites or online services you visit. We cannot control how third party websites or online services you visit through our Website respond to Do Not Track signals. Check the privacy policies of those third parties for information on their privacy practices. Our Website does not currently change the way they operate upon detection of a Do Not Track or similar signal.
Our Website may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.
We welcome requests, questions, comments, and feedback on this Privacy Notice and our management of personal information. If you have requests, questions, concerns, or feedback, you can always contact us in the following ways. For your protection, we may need to verify your identity before assisting with your request (including access and deletion requests), such as verifying that you are the individual whose information we have collected and the information used to contact us matches the information that we have on file. Requests must include sufficient detail that allows us to properly understand, evaluate, and respond to the request. If we need more information to process your request, we will contact you via email or in writing.
Submitting a Privacy Request
You can submit a request under the Your Rights and Choices section by:
Verification Process and Required Information
Some of the requests under Your Rights and Choices must be verified to confirm the request came from you. We may contact you by phone or e-mail to verify your request. This process may require us to request additional personal information from you, including, but not limited to, your email address, mailing address, account name, and/or date of last interaction with us. In certain circumstances, we may decline a request to exercise a privacy right, particularly where we are unable to verify your identity.
Responding to Requests
Once you have submitted your request, we will respond within the time frame permitted by the applicable law. We may charge a reasonable fee for multiple requests in the same 12-month period, as permitted by law.
Appealing Requests
You may appeal our decision to your request regarding your personal information. To do so, please contact us in any of the ways listed above. We respond to all appeal requests as soon as we reasonably can, and no later than legally required. For more information, please see our Privacy Rights Appeal Process.
Authorized Agent
You may designate an authorized agent to submit a request on your behalf. To do so, you must (1) verify your own identity directly with us; and (2) provide the authorized agent with written documentation of their authority to act on your behalf, such as: (a) a power of attorney; or (b) sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf and directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
California Privacy Law Appendix
This appendix seeks to provide additional information to residents of California and supplements the information provided in the Privacy Notice. As described in further detail below, we sell and/or share personal information in limited circumstances as such terms are defined under California privacy law.
To learn more about the categories of personal information we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it, please see the chart below. To submit a privacy right request please see the instructions in Section 11 above.
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), may permit you or your authorized agent to opt-out of the “sale” and “sharing” of personal information. As the term “sale” / “share” is defined by the CCPA, we sold and/or shared the following categories of personal information in the last 12 months: identifiers, professional or employment-related information, internet or other network activity, geolocation data, commercial information, and inferences drawn from the above. We sold / shared each category to advertisers and marketing partners, data analytics providers, social media networks, and our customers, which includes hospitals, insurance providers, and health care providers. The business or commercial purposes of “selling” / “sharing” personal information is for third party companies to perform services on our behalf, such as marketing, advertising, and audience measurement. We do not sell or share personal information of known minors under 16 years of age.
We do not sell or share personal information collected through our website or personal information relating to our customers. However based on the CCPA’s broad definition of the term “sale” and “share,” our disclosure of specific health care providers’ personal information to our customers regarding their professional background (e.g., medical school, residency, etc.), occupational history (e.g., surgeries/procedures performed, medical devices utilized, etc.), and current place of employment is a sale / share under the CCPA.
For reference, we only sell / share the following types of personal information:
To exercise your opt out right (or if you are an authorized agent for a California resident), please contact us by:
You may designate an authorized agent to submit a request on your behalf. To do so, you must provide the authorized agent with written documentation of their authority to act on your behalf, such as: (a) a power of attorney; or (b) sufficient evidence to show that you have provided the authorized agent signed permission to act on your behalf and directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
There may be times when an individual disagrees with a decision made by our organization in the application and/or interpretation of data privacy law with regard to honoring a privacy right request. This appeal process is designed to provide a way for the individual to appeal decisions and allow our organization an opportunity to reevaluate past decisions.
Informal Resolution
If we make a decision on a privacy right request with which an individual disagrees, that individual is encouraged to discuss the issue with our Risk Committee in order to resolve the matter. The Risk Committee will consider the individual’s perspective and make efforts to resolve any issues informally while abiding by our company policies and applicable law.
Initiating the Appeal Process
If the matter cannot be resolved informally, or if the individual chooses to appeal without discussing the issue informally with us, then the appeal procedure may be initiated by giving written notice to [dataprotection@manoloblahnik.com] outlining the dispute and the reasons for it. The notice should include any accompanying documentation necessary to evidence the claims being made.
Acknowledgement
We will acknowledge receipt of the appeal within ten (10) business days. This acknowledgement may contain requests for additional information as necessary to help us properly investigate or adjudicate the appeal. Your failure to provide substantive responses to our requests may materially impact our ability to investigate or adjudicate the relevant issue.
Investigation and Determination
We will reasonably investigate the appeal based on the information and documentation provided. Following the investigation, we will make a determination of the appeal, which may include modifying or upholding the original decision. We will notify the individual of our determination in writing within sixty (60) days of receipt of any appeal. Such notice will include an explanation of the reasoning for the decision. If we deny the appeal, the individual may file an appeal with the applicable regulator based on their residency.
Scope of Appeal
The appeal is intended to review whether or not a decision made by the [privacy team] regarding data privacy rights was fair and consistent with applicable privacy law. Individuals may only appeal a decision that applies to him/her personally unless the person is otherwise authorized to act on the individual’s behalf.
The appeal will focus exclusively on the decision under appeal. Broader issues related to our company policies, management style, or any other such issues will not be considered as part of the appeal.
Remedy
The remedy that an individual seeks is an important part of the appeal. The initial written appeal must address what the individual seeks as an outcome (for example, access to data, correction of data, deletion of data, etc.).
Withdrawal of Appeal
Per written notice, the appeal may be withdrawn or ended by the individual at any time.
Discrimination
Discrimination is strictly prohibited against any person who in good faith initiates an appeal.
Appeal Records
A record of the appeal, including the final determination, will be maintained by us in accordance with our record retention policies and procedures.