Supplemental EEA+ Privacy Statement
1. Legal Bases for the Processing.
We process your personal data on several different legal bases, as follows:
- Based on compliance with legal obligations (see Article 6(1)(c) of the EU GDPR): We may need to process your personal data to comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process.
- Based on our legitimate interests (see Article 6(1)(f) of the EU GDPR): We process your personal data to generally improve our products, services and business practices.
- Based on consent (see Article 6(1)(a) of the EU GDPR): We process your personal data on the basis of your consent in various instances, such as with respect to cookies that are not strictly necessary. You may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before such withdrawal.
2. Disclosures to affiliates.
In accordance with applicable law, PatientDirect may disclose your personal data to its affiliates who act as data controllers for the purposes of improving PatientDirect and their products, services and business practices. Please contact us at email@example.com for information about our affiliates and, if applicable, their GDPR-specific representative and data protection officer.
3. Personal Data Transfers outside of the EEA.
Some recipients of your personal data are located in the following country outside of the EEA for which the European Commission has issued adequacy decisions: Canada. In this case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective (pursuant to Article 45 of the EU GDPR).
Some recipients of your personal data are located in the following countries for which the European Commission has not issued an adequacy decision in respect of the level of data protection there: The U.S. (where the recipient is not Privacy Shield certified) and Mexico. By entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) of the EU GDPR or other adequate means, we have established that all such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. Any onward transfer (including to our affiliates outside the EEA) is subject to appropriate onward transfer requirements as required by the applicable contract or law.
You can ask for a copy of such appropriate data transfer agreements by contacting us as set out at the bottom of this notice.
4. Data Retention.
We will delete, erase or anonymize your personal data within one month after your personal data is no longer necessary for us to provide you with any information or services you have requested, pursue any of the legitimate interests specified herein where the legitimate interest is not overridden by your fundamental rights or privacy interests, comply with any legal obligations to which we are subject, or defend any legal claim against us or support any legal claim made by us, including any potential appeal.
5. Data Subject Rights.
Under the conditions set out under applicable law (i.e., the EU GDPR), you have the following rights:
- Right to withdraw your consent: If you have declared your consent regarding certain types of processing activities, you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
- Right of access: You have the right to obtain from us confirmation as to whether your personal data is being processed, and, where that is the case, to request access to the personal data. The access information includes, among other things, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. You have the right to obtain a copy of the personal data undergoing processing. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
- Right to rectification: You have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure: You have the right to ask us to erase your personal data to the extent it is not required for legally required purposes
- Right to restriction of processing: You have the right to request restriction of processing of your personal data, in which case, it would be marked and processed by us only for certain purposes.
- Right to data portability: You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal data to another entity without hindrance from us.
- Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to Submit Complaints: You have a right to lodge a complaint with a supervisory authority.
Please note that these rights may be limited under the applicable national data protection law. To exercise your rights please contact us as stated below.6. Your Choices.
You are not required to provide any personal data to PatientDirect, but if you do not provide any personal data to us, you may not be able to use or receive the Site. You can use the Site without consenting to cookies that are not strictly necessary; the only consequence is that the Site will be less tailored to you.
7. Contact Us.
For more information or to exercise your rights as described herein, please contact us at firstname.lastname@example.org