This Privacy Policy (“Privacy Policy”) discloses the privacy practices that govern your access and use of the website of Comprehensive Hematology Oncology (the “Company”) website www.comphemonc.com, (the “Website” and also referred to as the “Site”), or other Company websites (each a “Site”) owned by Company, or any of its parent, subsidiaries, affiliates and related locations and entities (“Comprehensive Hematology Oncology”, “we”, “us”, and “our”) and the associated services (use of Sites and Services, collectively, “Use”) offered for Users in the United States. Company is committed to protecting your privacy and the associate privacy rights when you are using the Website and/or when submitting any information online by use of the Website and Services. Please read the information below to learn the following regarding your use of the Site and Services and is committed to protecting the privacy and security of our patients’ confidential health information. We are required by law to maintain the privacy of your health information and provide you with a Notice of Privacy Practices (set forth herein) concerning our legal duties and privacy practices regarding your health information.

You acknowledge that this Privacy Policy is part of and incorporated by reference to our Terms and Conditions, which are found at https://comphemon.com/privacy-policy/. By accessing or using our Website and Services, you agree to be bound by all of its Terms and Conditions. If you do not agree to this Privacy Policy and the Terms and Conditions, please do not access or use the Website and Services. Capitalized terms used in this Privacy Policy that are not defined herein, but are defined in the Terms and Conditions shall maintain the definition provided to them in the Terms and Conditions unless defined otherwise in this Privacy Policy.

Company and our divisions, parent company, subsidiaries, and affiliates, respect the privacy and the integrity of any information that you provide in the use of our Website and Services. This Privacy Policy explains our policy regarding the collection, use, and disclosure of your personal information submitted to us, and your PHI (“PHI” and also “personal information”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA” – as amended)). This Privacy Policy will be continuously assessed against new technologies, business practices, and our user’s needs. As the Website and Services become expanded and diversified, this Privacy Policy may evolve. Please check this Privacy Policy from time-to-time for updates. Any changes to this Privacy Policy will be reflected and notification will be designated here.

We reserve the right to change this Privacy Policy at any time without consent of any User. Such changes, modifications, additions or deletions shall be effective immediately upon being made and shall be considered duly qualified notice thereof, which may be given by means including, but not limited to issuing an email to the email address submitted by you to us in our offices, or by you through a submission through the Site, posting the revised Privacy Policy, or any posted date on this Privacy Policy reflecting the date it was last updated. You acknowledge and agree that where it is required, it is your responsibility to maintain a valid email address and review the Website, Terms and Conditions, and this Privacy Policy periodically and to be aware of any modifications. Your continued use of the Website and Services after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by the modified Privacy Policy.

We at the Company are committed to protecting the privacy of Users of our Website and Services. It is Company policy to comply with applicable privacy laws and to use any information submitted and provided to Company consistent with the parameters of providing the Website and Services, to enhance your experience with the Website and Services, and to improve the Website and Services.  Furthermore, by voluntarily providing your email address, you are subject to receive any email notifications and/or updates from Company. It is Your obligation to select the option to decline receipt of emails, news, or other emails from Company and any of its subsidiary and affiliated entities; otherwise, you can receive email notifications and other communication. If you as the user decide on your own accord to respond to an advertisement from a third-party company, any privacy interest you wish to protect may be at risk and outside the scope of the protections provided by this Website. Such action constitutes no affiliation with Company; instead, we will disclaim responsibility. Per this Privacy Policy, Company does not have responsibility for those terms and no recourse is found through Company. Otherwise, it is Company policy to only maintain and use information provided and submitted to Company as authorized and/or as required by applicable law.

It is the goal of this Privacy Policy to address questions about how the Company treats information gathered from visitors and users of the Website and Services; specifically, the collection, use, and disclosure of any personally identifiable information in connection with your use of the Website and Services, the Content, and more as all defined in the Terms and Conditions. In addition, if our Website and Services require the use of Google, Yahoo, Twitter, Facebook, Instagram, or any other social media platform, website, or service, you are subject to those policies found on their individual websites and services and are incorporated herein by reference. If you do not agree to those terms of service and use of those individual web and other services, please do not agree to use those sites and services or our Website and Services.

1.) Types of Information Collected

In order to better provide you with our Website and Services, we collect different types of information about our Users: Personal Information and Non-Personal Information (collectively the “Information”). “Non-Personal Information” means a data element of collection of data elements that by itself cannot ordinarily be associated with a specific individual. Non-Personal Information may include but is not limited to: the Internet browser or computer operating system you are using, your navigation of the Website including the pages of the Website that you access, the amount of time spent on various portions of the Website, the length and dates of your visits to the Website, and certain Website data captured through your interactions with the Website and other connected Sites. Non-Personal Information may include information provided by you through the Website or otherwise (e.g., through a third-party site) that is not Personal Information or Protected Health Information. Certain Non-Personal Information may be collected on an aggregated, anonymous basis through web server logs, cookies, ad servers, tracking pixels, web beacons, and similar Internet tracking devices. Web servers automatically collect Non-Personal Information, with your IP address, when you request pages of the Website or other sites (An IP address is an identifier for a computer or device on a Transmission Control Protocol/Internet Protocol (“TCP/IP”) network, such as the World Wide Web. Our primary goal in collecting this form of information from you is to provide you with a smooth, efficient, and customized experience while using our Website and Services. Furthermore, it enables us to give you convenient access to our Website and Services and focus on categories of greatest need to you for an effective experience.

Personally Identifiable Information: This refers to information under the HIPAA that is PHI and that lets us know the specifics of who you are and to assist with rendering administration services to you for your medical treatment and care you need. When you engage in certain activities on this Website, such as submitting your information for an appointment, for questions, or sending us feedback, we may ask you to provide certain information about you by filling out and submitting an online form. It is completely optional for you to engage in these activities and elect to engage in these activities; however, we may ask that you provide us personal information, such as your first and last name, mailing address (including zip code), email address, telephone number, and other personal identifying you in order for your submission to be accepted. If you do not provide the mandatory data with respect to a particular activity, you will not be able to engage in that activity.

2.) How Company Handles Protected Health Information

Company operates a network to allow for the secure and reliable movement of electronic clinical health information between different health information systems while maintaining the meaning of the information being exchanged. Through the Company’s Website, users will submit information to Company to keep the information confidential, and only (i) to fulfill the purpose for which you provided such sensitive protected health information (such as disclosing the full name, address, and medical information to the Company for an appointment booking). This Privacy Policy explains how Company handles personal health information maintained, transmitted, and otherwise made available to Company by your via its Website. 

Company does not mine personal health information available via the Company Website and Services, either for Company’s own purposes or for the purposes of third parties. Company does not rent or sell personal health information available via the Company Website and Services.   The Company has, on limited occasion, at the request and with the authorization of connected Covered Entities (as defined under HIPAA), made data available to public health authorities and IRB authorized researchers in accordance with applicable law. We may disclose relevant parts of PHI to family members or other persons involved in your care and its payment. We may notify such persons or public or private entities involved in disaster relief efforts of your location, general condition or death. We may use or disclose PHI to bill and collect payment for the pharmaceutical products and Services we provide for you. We may also disclose PHI to health plans; healthcare clearinghouses; or other healthcare providers involved in patient care for their payment activities. Our privacy practice notice set forth in paragraph 5 (below) provides additional information on the use of your information and your rights with how that information is used.

Company safeguards personal health information. Maintaining the privacy and security of personal health information maintained, transmitted, or otherwise made available via the Company Website and Services is vitally important to us. Company has implemented appropriate privacy safeguards to prevent unlawful use or disclosure of personal health information. Company has implemented administrative, physical, and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic personal health information that it receives, maintains, or transmits. These safeguards promote our ability to receive supported electronic messages. 

To the extent Company it is a “covered entity” or a business associate” as defined under HIPAA, Company will comply with HIPAA and its own privacy and security obligations. You will secure and ensure any necessary agreements are in place with Company requiring us to only use and disclose PHI you provide to Company as Company is permitted to under HIPAA.

3.) Security Methods of Information

We maintain physical, electronic, and procedural safeguards designed to protect the sensitive Information. These safeguards include storing the Information on our secure servers behind firewalls and using encryption technology. Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of your submitted sensitive Information and you acknowledge and agree that you transmit it to us at your own risk. However, as noted above, we will alert you in accordance with the guidelines set forth under HIPAA if we are made aware of any unauthorized access to the PHI that we have collected from your submission to the Website. Please keep in mind that whenever you voluntarily disclose Information through any public-facing features of the Website and Services (for example, via public forums), that Information can be collected and used by others. The HIPAA security rule provides a flexible framework for implementation of security measures. Some requirements are mandatory, whereas others are “addressable,” meaning that they can be implemented by the organization in a manner that is consistent with the organization’s functionality, infrascture, and resources. You submit this information at your own risk.  We are not responsible for the security or privacy of any Information you choose to submit in connection with the Website and Services with public-facing capabilities. Further, the Security Rule under HIPAA places a heavy emphasis on risk analysis, especially as applicable to electronic systems. A common example of risk that is easily addressed involves the transmission of data over an open network, such as the Internet. In such instances, the data and Information should be encrypted to ensure privacy.

Additionally, the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) was enacted to promote the widespread adoption and meaningful use of electronic health records (EHRs) and related technologies. In support of this goal, the act introduced a number of provisions that greatly strengthen HIPAA. HITECH extends the reach of HIPAA to business associates of covered entities. Hence, any business associate that contracts with a pharmacy will now be held to the same privacy standards as a pharmacy. In order to maintain the security of these e-submissions, we have implemented stringent requirements accordingly.

4.) Release of Information

We do not sell, trade, or rent PHI to others. We may provide some of our Website and Services through contractual arrangements with affiliates, services providers, partners and other third parties.

Occasionally we may be required by law enforcement or judicial authorities to provide PHI to the appropriate governmental authorities. We will disclose PHI upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful. We may also provide Non-personally Identifiable Information for the same purpose, or related site information to third party advertisers, but these statistics do not include any PHI.

5.) Notice of Privacy Practices with Your Medical Information

This section describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record:

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
  • We will provide a copy or a summary of your health information, usually within thirty (30) days of your request. We may charge a reasonable, cost-based fee in order to timely meet you request.

Ask us to correct your medical record:

  • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, which may be for a legal reason, but we’ll tell you why in writing within sixty (60) days.

Request confidential communications:

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will say “yes” to all reasonable requests.

Ask us to limit what we use or share:

  • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information:

  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within twelve (12) months.

Get a copy of this privacy notice:

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you:

  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action. The appropriate legal paperwork and other proof of such standing will be required before such action or permission is granted. The Company has the right to refuse such permission in its discretion should the appropriate disclosures not be provided to warrant the permission.

File a complaint if you feel your rights are violated:

  • You can complain if you feel we have violated your rights by contacting us using the information set forth below.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints.
  • We will not retaliate against you for filing a complaint.

INFORMATION SHARED BY YOUR CHOICE

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please communicate this to us. By communicating your request to us clearly, it will help the Company follow your instructions and meet the needs of your request.

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care
  • Share information in a disaster relief situation
  • Include your information in a hospital directory

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. By using the Website and agreeing to the Terms and Conditions with this Privacy Policy, you consent to such practice.

In these cases we never share your information unless you give us written permission:

  • Marketing purposes
  • Sale of your information

OUR USES AND DISCLOSURES

How do we typically use or share your health information? We typically use or share your health information in the following ways.

Medical Treatement

We can use your health information and share it with other professionals who are treating you.

Example: A doctor treating you for an injury asks another doctor about your overall health condition.

Operational/Organization Purposes:

We can use and share your health information to run our practice, improve your care, and contact you when necessary.

Example: We use health information about you to manage your treatment and services.

Invoicing:

We can use and share your health information to bill and get payment from health plans or other entities.

Example: We give information about you to your health insurance plan so it will pay for your services.

HOW ELSE CAN WE USE OR SHARE YOUR HEALTH INFORMATION?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Help with Public Health and Safety Issues:

We can share health information about you for certain situations such as:

  • Preventing disease
  • Helping with product recalls
  • Reporting adverse reactions to medications
  • Reporting suspected abuse, neglect, or domestic violence
  • Preventing or reducing a serious threat to anyone’s health or safety

Health Research and Development:

We can use or share your information for health research.

Legal Compliance:

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Respond to Organ and Tissue Donation Requests:

We can share health information about you with organ procurement organizations.

Work with a Medical Examiner or Funeral Director:

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address Workers’ Compensation, Law Enforcement, and other Government Requests:

We can use or share health information about you:

  • For workers’ compensation claims
  • For law enforcement purposes or with a law enforcement official
  • With health oversight agencies for activities authorized by law
  • For special government functions such as military, national security, and presidential protective services

Respond to Lawsuits and Legal Actions:

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

OUR RESPONSIBILITIES

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this notice and give you a copy of it.
  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
  • If our information practices change, we will amend this notice of our privacy practices. You are entitled to receive a revised copy of the notice by calling and requesting a copy or by visiting any of our office locations and picking up a copy. We will always aim to update our Website timely to produce updated versions of this notice within our updated Privacy Policy.

6.) User Choices on Collection and Use of Information

We may, from time to time, send you email regarding our Website and Services. In addition, if you indicated upon registration of any User Account with Company that you are interested information from us and our partners, we may occasionally send you direct email about what we feel may be of interest to you or information about the Website and Services you need to know. Only Company (or agents working on behalf of Company (and under confidentiality agreements) will send you these direct email messages and only if you indicated that you do not object to receive them. If you do not want to receive such messages, we will allow you to opt-out of receiving email communication and messages, but in order to stop receiving any messages from us whatsoever (including administrative messages regarding the Website and Services), you will need to send us written notice of that request by emailing us at: [email protected].

You also have choices with respect to cookies, as described below. Depending on your browser, you may be able to remove and reject cookies from our Website by changing your browser settings. The default setting of many browsers is set to accept cookies until you change your settings. Please note that if you disable or refuse cookies, certain features of the Website may become inaccessible or may not function properly. This is covered more broadly in Section 7 herein.

7.) Security of Information

At any of our Website and Services, you can be assured that PHI and Personally Identifiable Information is secure, consistent with current industry standards. The importance of security for all Personally Identifiable Information and PHI associated with our Users is of utmost concern to us. PHI and Personally Identifiable Information is protected in several ways. Access by you to your User Account, any application or submission of PHI and Personally Identifiable Information is available through a password and unique customer ID selected by you when you establish your User Account. This password is encrypted. We recommend that you do not divulge your password to anyone. In addition, PHI and Personally Identifiable Information resides on a secure server that only selected Company personnel and contractors have access to via password. We encrypt all PHI and Personally Identifiable Information and thereby prevent unauthorized parties from viewing such information when it is transmitted to us. 

Unfortunately, no security system or data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of all PHI and Personal information and cannot assume liability for improper access to it. The internet is not a secure medium and you acknowledge and agree that the privacy of your e-mail communications, PHI, and Personally Identifiable Information can never be guaranteed as any email communication, order, submission, or posting may be lost, intercepted, altered, or hacked. As a result, while we strive to protect all PHI and Personally Identifiable Information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this Website cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Moreover, as indicated above, you are subject to the privacy and data security terms and conditions of third parties when you access those third party sites and engage in any transactions through the use of those third parties, even if there is a business relationship or business affiliation with Company.

Further, in the event any of our Website and Services are connected in any way to “hyperlinks” to other websites, you acknowledge and agree that Company makes no representation, warranty, covenant, or claim regarding Company, and Company expressly disclaims and denies any responsibility or liability for, directly or indirectly, the privacy practices on any third-party website or resources accessible by hyperlink form from any of our Website and Services. You agree that the inclusion of any such hyperlink does not suggest, represent, warrant, covenant or imply that Company monitors, endorses, or exerts any control over the same whatsoever. You agree that Company provides these hyperlinks to you, if any, only as a convenience, and the inclusion of any hyperlink does not suggest, represent, warrant, covenant or imply affiliation, endorsement, ownership, or adoption by Company of any such website or linked resource whatsoever.

8.) Cookies

When you access and use our Website we will store cookies on your computer in order to facilitate and customize your use of our Website. A cookie is a small data text file, which any website stores on your computer’s hard drive (if your Web browser permits) that can later be retrieved to identify you to us. Our cookies store randomly assigned user identification numbers, where you are located, and your name to welcome you back to our Website. The cookies make your use of the Website easier, make the Website run more smoothly and help us to maintain a secure Website. You are always free to decline our cookie tracking if your browser permits, but some parts of our Website may not work properly in that case. You have the right to decline to have cookies store and track your computer upon logging onto the Website.

As part of their service, they will place a separate cookie on your computer. We will not provide any third-party ad server with any PHI or Personally Identifiable Information. We and our third party ad server will collect and use Non-personally Identifiable Information about you, such as your IP address, browser type, the server your computer is logged onto, the area code and zip code associated with your server and whether you responded to a particular ad.

9.) Privacy Policies of Third Party Sites

Except as otherwise discussed in this Privacy Policy, this Privacy Policy only addresses the use and disclosure of information we collect from you. Any third party website that is accessible through our Website have their own privacy policies and data collection, use and disclosure practices. Please consult each website’s privacy policy. As already indicated in several portions of this Privacy Policy, we are not responsible for the policies or practices of third parties. Additionally, other companies, which place advertising on our Website, may collect information about you when you view or click on their advertising through the use of cookies. We cannot control this collection of information. You should contact those advertisers directly if you have any questions about their use of the information that they collect.

10.) Miscellaneous Privacy Issues

You should also be aware that when Personally Identifiable Information is voluntarily disclosed (i.e. name, email address, etc.) in any forum or other public areas on this Website, you relinquish privacy protections while the information is released by you into the public domain; therefore, that information, along with any information disclosed in your communication, can be collected and used by third parties and may result in unsolicited messages from third parties. Such activities are beyond our control and this Privacy Policy does not apply to such information. If you do not want your comments to be viewed by third parties, you are advised not to make any submissions in public domain areas. Ultimately, you are solely responsible for maintaining the secrecy of your information. Please be careful and responsible whenever you’re online.

Children’s and Dependent’s Privacy

While the Website and Services are not intended for use by children or anyone under the age of 13, certain care givers may use the Website for the care of children under the age of 13 if so necessary and as allowable on the Website. We apply the same rigorous privacy policies set forth in the HIPAA to children’s information.  If you are aware of information that has been submitted through the Website and Services on behalf of a child under the age of 13 and believe this submission was made in error or with malice intent, please report immediately to [email protected].  Additionally, when you submit sensitive information, on behalf of your dependents or patients, you warrant that you have the express permission of such person to do so. If you do not have permission to do so, you should not submit such sensitive information as you may be violating HIPAA and its requisite protections of PHI.

Data From Users Outside of the United States

Although the Website is accessible over the internet and therefore worldwide, the Website, Services, and the Content are intended for residents of the United States only. If you choose to access any of our Website and Services from locations outside the United States, such conduct is at your own risk and subject to the laws of the United States of America, which may differ from privacy laws in your state or home country, and you are responsible for compliance with any local laws. PHI and Personally Identifiable Information collected through or on Website may be stored and processed in the United States or any other country in which Company or its affiliates, subsidiaries, or agents maintain facilities, and by using the Website you consent to any such transfer of information outside of your country. Users from outside the United States should not use or access the Website or disclose any information, including PHI through the Website.  Individuals outside the United States who disclose any data, including PHI and Personally Identifiable Information, through our Website hereby acknowledge and consent to such data being stored in the United States or any other country, and transferred outside your country. 

CALIFORNIA PRIVACY RIGHTS; NEVADA RESIDENTS; RESIDENTS OF THE EUROPEAN UNION; AND ONLINE TRACKING

California Civil Code Section 1798.83 permits Users that are residents of California to request and obtain from us once a year, free of charge, a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law for such third parties’ direct marketing purposes in the preceding calendar year.  If you are a California resident and would like to make such a request, please email us or write us at the address noted below. The California Online Privacy Protection Act (“CalOPPA”) requires the Company to disclose how it responds to ‘Do Not Track’ signals set in a user’s browser. The Company supports Do No Track browser settings.  If you enable Do Not Track privacy settings in the browser you are using, we will use commercially reasonable efforts to stop collecting the information that allows us to tailor the website to user preferences based on users recent use of this website and its services.  Consequently, we will not store or use information about any other websites you visit, other than our website.

However, please note that we are not required to erase or otherwise eliminate content or information if (i) other state or federal laws require us or a third party to maintain the content or information; (ii) the content or information was posted, stored, or republished by another user; (iii) the content or information is anonymized so that you cannot be individually identified; (iv) you do not follow the instructions posted in this Privacy Policy on how to request removal of your content or information; (v) you have received compensation or other consideration for providing the content. Further, nothing in this provision shall be construed to limit the authority of a law enforcement agency to obtain the applicable content or information.

Further, effective January 2020, for the purposes of the California Consumer Privacy Act of 2018 (“CCPA”), this statute was put into legal effect. The Company shall not be considered a Business and/or Third Party, as applicable under the CCPA at this time. Where this status changes and the Company acts as a Business and/or Third Party, you represent, warrant and covenant that all Personal Information provided or otherwise made available to the Company is done so in compliance with applicable law, and that it has provided all necessary and appropriate notices and opt-outs, and otherwise has all necessary and appropriate rights, to enable the Company to (i) share any and all Personal Information you provided with the Company and any parent, subsidiary, affiliate, or related company of the Company Group Companies, and (ii) use any such Personal Information in connection with the Company’s internal operations and functions, including, but not limited to, improving the Company’s services, operational analytics and reporting, internal financial reporting and analysis, audit functions and archival purposes. Notwithstanding the foregoing, the parties agree that the sharing of Personal Information between the Company and any of its subsidiary and affiliate entities does not constitute a “sale” of such Personal Information under the CCPA. Capitalized terms in this paragraph have the meanings given those terms under the CCPA. 

11.) Personal Information Collected

Below is a summary of the Personally Identifiable Information the Company has collected in the preceding twelve months, the source of the information, the purpose of information collection, and how we share it as defined and outlined in California Law.

Categories of Information Collected and Examples

Identifiers 

Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name or other similar identifiers 

Personal information under 
California Civil Code section 1798.80 

Name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, bank account number, credit or debit card number or other financial information 

Protected classifications under California and Federal Law 

Race, religion, sexual orientation, gender identity, gender expression, age 

Commercial information 

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies 

Internet or other 
similar network activity 

Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement 

Geolocation data 

Physical location or movements 

Inferences 

Preferences, characteristics, psychological trends, predispositions, behavior, attitudes 

How We Collect Information

Information You 
Provide to Us 

For example, user information, financial information or self-reported information that you choose to submit or provide to us, as described in Section I above. 

Information We Collect 
From Your Use of the Site 

For example, data, device and log-in information, geolocation Information, or cookie information, as described in Section I above. 

Information from 
Vendors or Third-Parties 

For example, companies that work with us to market our products to you. 

Purpose of Information Collection

We collect Personal Information to provide you with the Site, to communicate with you, to fulfill your order, to answer queries, to gain insight into consume preferences, and to improve our Site, as described in Section I above.

How We Share Personal Information

We share Personal Information to perform services for you, in connection with corporate transactions or events, and to comply with applicable law, as outlined in Section IV above. The Company does not sell personal information.

 

12.) California Residents’ Privacy Rights

Under California Laws, California residents have the following rights (“Rights”) listed below. Your Right to Access and Right to Deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personally Identifiable Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personally Identifiable Information, your account with us, or the security of the business’s systems of networks. 

(I). Disclosure & Access Rights

California residents have the right to request that the Company disclose to them (i) the categories of Personally Identifiable Information we have collected about them, (ii) the categories of sources from which personal information is collected, (iii) the business or commercial purpose for the information collection, (iv) the categories of third parties with whom we have shared personal information, and (v) the specific pieces of personal information we hold about an individual. 

(II). Deletion Rights

California consumers have the right to have their Personally Identifiable Information deleted, unless the Personal Information is necessary for the business or service provider to:

  • complete a transaction for which the Personal Information was collected, provide a good or service requested by the consumer or otherwise perform a contract between the business and the consumer;
  • detect security incidents;
  • protect against malicious, deceptive, fraudulent or illegal activity (or prosecute those responsible);
  • debug to identify and repair functionality errors;
  • exercise or ensure the right of another to exercise free speech or another legal right;
  • comply with the California Electronic Communications Privacy Act, which compels the production of or access to electronic communication information or electronic device information with a search warrant;
  • engage in research in the public interest (if the consumer has provided informed consent);
  • to enable solely internal uses aligned with the consumer’s expectations given their relationship with the business; comply with a legal obligation;
  • otherwise use the information internally in a lawful manner compatible with the context in which the consumer provided it. 

(III). Opt-Out of Selling Your Personal Information to Third Parties

Californian consumers have the right to opt-out of having their personal information sold to third parties. The Company does not engage in such sales of personal information.

(IV). Exercising Access, Data Portability, and Deletion Rights

Californian consumers have the right to opt-out of having their personal information sold to third parties or to be retained by the Company. The Company does not engage in such sales of personal information. To exercise the access, data portability, and deletion rights described above of your personal information (Personally Identifiable Information), please submit a verifiable consumer request to us by submitting a request to: [email protected] and completing the online request form located here: comphemonc.com/contact. Alternatively, you can contact the Legal department at [email protected]. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

If you use an authorized agent to exercise your rights, we will require you to provide your authorized agent with either: (1) your power of attorney authorizing the authorized agent to act on your behalf or (2) your written authorization permitting the authorized agent to request access to your personal information on your behalf together with the identity verification information for you described above and confirmation that you have provided the authorized agent permission to submit the request. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include describing your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

 (V). Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless the request would exceed one (1) hour to complete. In the event the request will exceed an hour to complete, we will notify you before continuing with the request with the estimated time it will take to complete and the total estimated fee. The fees may be less than the estimated amount but may not exceed the estimated amount. No fees will be assessed without prior acknowledgment and consent. This acknowledgment or consent may include verbal or written authorization. The acknowledgment and consent will be documented on the summary of fees when the request has been completed. 

(VI). Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  • If you have any questions or would like further information regarding this California privacy policy, please contact: [email protected],

(VIII). Other California Privacy Rights

Under California Civil Code sections 1798.83-1798.84, also known as the “Shine the Light Law,” any of our users who are California residents are entitled to request and receive one (1) time per calendar year, free of charge, a notice from us describing what categories of personal customer information (if any) we shared with third parties or corporate affiliates for their direct marketing purposes during the preceding calendar year. If applicable, the notice will identify the categories of information shared, the names and addresses of the third parties and affiliates with which information was shared. If you are a California resident and would like to request a copy of this notice, please submit a written request to the following address: Comprehensive Hematology and Oncology 5000 Park Street North, Suite 1017 St. Petersburg, FL 33709. In your request, please specify that you want a “California Privacy Rights Notice.” Please allow at least thirty (30) to forty-five (45) days for a response.

NEVADA RESIDENTS

Nevada law entitles you to request that we refrain from sale of your personal information to other entities, for purposes of resale. We do not engage in such sales of personal information.

RESIDENTS OF THE EUROPEAN UNION

Privacy and Electronic Communication (EC Directive) Regulations 2003, the General Data Protection Regulation 2016 (“GDPR”), the UK Data Protection Act of 2018 (“UK GDPR”) and all applicable laws and regulations that relate to the protection and processing of personal data and privacy including any guidance and code of practice issued by the United Kingdom’s Information Commissioner, all as amended, replaced or superseded from time to time, shall be the controlling legal authorities for residents in the European Union that access the Site and Services and Personally Identifiable Information is submitted and received by the Company in accordance with this Privacy Policy triggering obligations under the GDPR, et. seq.

Where the processor is processing in order to deliver the Site and Services, it is acknowledged and agreed that in respect of the Personally Identifiable Information that is being processed by the Company, as Processor, You are the Controller (as the user of this Website submitting your data). Any third-party processing information hereunder is a SubProcessor.

The Company shall comply with all applicable requirements under GDPR and the UK GDPR (as each is applicable), and shall process the Personally Identifiable Information only to the extent necessary for the purposes of performing it’s obligations under the Terms and Conditions and otherwise in accordance with the Site and Services’ documented instructions (including those set out in the herein) and, if the Company considers that any of your instructions infringe the applicable laws, the Company shall notify you promptly.

When the Company collects Personally Identifiable Information (Personal Data) under the GDPR from citizens of the European Union (Data Subjects) in connection with the provision of the Services it shall provide notice to the Data Subjects, compliant to legal transparency principles. The Company will only process data on an approved legal basis in accordance with the GDPR for citizens of the European Union and the UK GDPR for citizens of the United Kingdom. When consent is used as a legal basis it will be collected in such form as reasonably specified by the Company and acceptable to Data Subjects. The Company shall retain Personal Data for a minimum of 2 (two) years; provided, however, Data Subjects have the right to opt-out of having their personal information sold to third parties or to be retained by the Company. Written notice provided to, and the written, electronic consent obtained from, each individual Data Subject to opt out shall be tendered to the Company.  Please submit a written request to the following address: Comprehensive Hematology Oncology, 5000 Park Street North, Suite 1017 St. Petersburg, FL 33709.

In cooperation with a Data Subject’s rights, Contractor shall, taking into account the nature of the processing, provide reasonable assistance to Data Subjects insofar as this is possible, to respond to requests from a Data Subject seeking to exercise their rights under the GDPR and the UK GDPR (as applicable) and the related data protection laws.  In the event that such request is made directly to the Company, the Company shall notify Data Subject as soon as reasonably practicable, and in any event within 1 (one) to thirty (30) business days, of receiving any such request from a Data Subject.

13.) Interpretation of this Privacy Policy

We do not intend and are firm this Privacy Policy does not create or confer upon any individual any rights, or impose upon Company any obligations, in addition to any rights or obligations imposed by the United State’s of America’s applicable federal and state privacy laws.  Should there be any inconsistency between this Privacy Policy and U.S. applicable federal and state privacy laws, this Privacy Policy will be interpreted to comply with the applicable privacy laws. Any services provided by Company is controlled and operated by us from the state of Florida, and we do not intend that our Services subject us to the laws or jurisdiction of any country or territory other than that of the state of Florida and the United States of America. We do not represent or warrant that the Services, or any part of the Services, are appropriate or available for use in any particular jurisdiction. Those who choose to access the Website and Services do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. We may limit the Services’ availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion.

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us by sending a letter to:

Comprehensive Hematology Oncology
5000 Park Street North, Suite 1017
St. Petersburg, FL 33709

You may also contact us by email at: [email protected].

This Privacy Policy was last updated on June 14, 2022.