Last revised: March 2, 2021
Chiefy, Inc. (“Chiefy”, “our”, “we” or “us”) offers to its customers, e.g. health services providers and other organizations (each, a “Customer”) a quality improvement SaaS web application for surgical teams, accessible through your electronic devices, including without limitation, mobile devices, tablets and/or PCs (the “Chiefy App”). In addition, our Website located at www.chiefyteam.com offers its visitors (respectively “Website” and “Visitors”), information on our company, technology and information concerning our Chiefy App, as well as demos and trials of our Chiefy App (if such are made available). The Website together with the Chiefy App and related services, except if specifically designated otherwise, shall be referred to herein as the “Services”.
TO THE EXTENT THAT YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND/OR PHI (AS DEFINED BELOW) RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON OR ENTITY WHICH IS NOT YOU, INCLUDING INFORMATION RELATED TO ANY OF YOUR PERSONNEL, COLLEAGUES OR PATIENTS, YOU HEREBY REPRESENT THAT YOU ARE SOLELY RESPONSIBLE TO RECEIVE, AND UNDERTAKE THAT YOU SHALL OBTAIN AT ALL TIMES, THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW CHIEFY TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AND/OR PHI AS DETAILED HEREIN.
WHAT TYPES OF INFORMATION DO WE COLLECT?
WHEN DO WE COLLECT INFORMATION?
WHY DO WE COLLECT AND PROCESS INFORMATION?
WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?
HOW DO WE STORE AND TRANSFER PERSONAL INFORMATION?
YOUR USER RIGHTS
COOKIES OR SIMILAR TRACKING TECHNOLOGIES
PRIVACY OF CHILDREN
1. WHAT TYPES OF INFORMATION DO WE COLLECT?
We divide the information we may access and collect into three categories: Personal Information, Protected Health Information (PHI) and Non-Personal Information. In this section, we describe each of the three categories of information which we may collect, and in the following section we describe the circumstances under which such collection is performed.
Non-Personal Information, means information that may be made available to us, or collected automatically via your use of the Services, that does not enable us to identify the person from whom it was collected, or to whom such data pertains. Non-Personal Information usually consists of either technical, analytical, or aggregated information which is not linked to a specific individual;
Personally Identifiable Information (PII) or Personal Information, means information that pertains or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information we have access to. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, a persistent cookie identifier etc., i.e. an identifier that does not expire at the end of your session in our Services. Personal Information does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person;
Protected Health Information (PHI), as such term is defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), means information which may identify a specific individual or for which there is a reasonable basis to believe can be used to identify the individual, and which relates to the past, present, or future physical or mental health or condition of such individual, including the provision of health care products and services to such individual or payment for such health services. PHI does not include information that has been de-identified in accordance with the HIPAA Privacy Rule (Please refer to Section 7 “PHI”, for more information regarding our practices with respect to PHI).
2. WHEN DO WE COLLECT INFORMATION?
We collect Personal Information and/or PHI from you and any devices you use (e.g., mobile device and desktop) when you: use or access our Services, create an account for a team member (as a Department Owner), update or add information to your account, provide us information on a web form or other text field, or through correspondence you and we conduct with each other through any channel of communication. More specifically we collect and use the following categories and types of Personal Information at the following circumstances:
2.1. Personal Information you provide us actively and voluntarily when you use our Services:
Contact information, such as full name, nickname, email address, role (attending/resident), PGY (year in residency, if applicable), department name, role in the team (e.g. Attending, Resident, Physician Assistant), User avatar (optional), and any other information you actively input through forms and text fields in the Chiefy App, including your correspondence with other Users (your team members) through the Services, your feedbacks, or the content of your interaction with our customer support which may include text/video/audio recording and transcripts of such communications.
2.2. Personal Information we automatically obtain when you use or interact with our Services:
This is information we obtain through the Services when Users access or interact with the Services, which is derived, learned, or detected as a result of such access and/or interaction, such as:
Technical information, with respect to the devices and software you use to access our Services such as screen size, operating system, type of end user device, device ID, Carrier, Language, Library etc;
Geo-location, including the country, city and region.
Usability information and Impression information, with respect to your use of the Services and your engagement, such as User’s screen views and clicks, system notifications sent to user, literature/videos used by user, click stream, event and log data, page visits, and different segmentation we apply when we consider your engagement with our Services.
2.3. Personal information collected from other sources:
We may also collect personal information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information, such as the Customer or Customer’s Admin when they invite you to their Customer’s account as an End User.
3.WHY DO WE COLLECT AND PROCESS INFORMATION?
3.1.What are our legal grounds for collecting personal information?
With your consent: We ask for your agreement to process your information for the specific purposes stated herein and you have the right to withdraw your consent at any time. For example, we ask for your consent to connect your Business Applications accounts (which may contain Personal Information) to the Services and you may at any time withdraw such consent;
In the scope of providing the Services: We collect and process your Personal Information in order to provide you with the Services which are tailored to your needs and requirements.
3.2. Purposes for Collecting Personal Information
We may use information that we collect and receive about you for the following purposes:
To provide, operate and improve our Services and related offers and to manage our business.
In order to anonymize/de-identify it, as part of the measures we use to protect your privacy and minimize risks of security breaches.
To provide our Users with a better user experience, more fitted to their specific needs.
To be able to contact Users who requested such contact to be made, for the purpose of providing them with further information on Chiefy and its Services;
To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities, whether suspected or actual;
To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
To be able to send Users our newsletters and information in connection with the Services, where Users registered to receive such messages, or otherwise to provide important notices with respect to Services to which Users have registered;
To market our Services to Users or potential Users, and to be able to track and evaluate our marketing activities and their results and attribute different marketing achievements to the respective marketing efforts.
To perform functions or services as otherwise described to you at the time of collection;
4. WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?
We keep the information processed by us in strict confidence and we may only share information with third parties (or otherwise allow them access to it) in very limited circumstances and for very specific purposes, as described below:
Between Users - The following table is intended to describe which of Your User submissions will be visible within the Chiefy App to other Users or to the Customer’s Admin, depending on the type of information and location of submission.
Visible in the Chiefy App to
Department’s case assignment information (date and time, care team, site, add-on).
Users within your Department.
Case brief and debrief information.
Users associated with a Care Team, which are assigned to the specific case. In addition, Users may be able to voluntarily share their cases information with Users outside their Care Team, and/or with their entire Department.
Anonymized “Lessons Learned” information that does not contain specific case or specific Care Team information
Users, under “pearls and pitfalls” section.
Private comment in a case (“private notes” field).
Visible only to the User that entered the comment.
Information generated within the Care Team Personal Dashboard, which may include analytics and reports based on personal case data and statistics.
Users associated with a Care Team, for their assigned cases
Information generated within the Department Dashboard that includes reports on department cases’ brief/debrief compliance and feedback rate, aggregated case analytics and anonymized department case data.
The Customer’s Admin / Department Owner.
Data contributed by the User to the Chiefy community, with contributor name and department (“Public Contribution”).
A Public Contribution will be publicly available to Chiefy community Users, in order to help other community members better prepare for their cases.
Third Parties & Business Partners –We partner with certain third parties to provide selected services that are used to facilitate and enhance the Services and your use thereof (“Service Providers"). Such Service Providers may have access to, or process on our behalf personal information which we collect, hold, use, analyze, process and/or manage. Each Service Provider must sign a data processing agreement (DPA and/or BAA) with us prior to getting access to any User PII or PHI, and such 3rd party use of data is limited to supporting our internal procedures and the security, availability, performance, and integrity of the Services. We remain responsible for any personal information processing done by Service Providers on our behalf, except for events outside of our and/or their reasonable control. These Service Providers may include among others, hosting, database, server services, data analytics services, user authentication and data security services e-mail and text message distribution and monitoring services (e.g., AWS), and our business, legal and financial advisors.;
Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
For avoidance of doubt, we may share anonymized/de-identified information with any other third party, at our sole discretion.
5. HOW DO WE STORE AND TRANSFER PERSONAL INFORMATION?
By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.
6. YOUR USER RIGHTS
If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out in Section 15 below. Those rights may include, but are not limited to, the following:
Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will use our best efforts to correct it as soon as we can.
Data deletion. In some circumstances , you may have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized/de-identified.
Data portability. In some circumstances and under certain laws and regulations, you may have the right to request that data which you have provided to us is provided to you, so you can transfer or port it elsewhere.
As a Business Associate (as defined under HIPAA), the health information collected by Chiefy is merely a “Limited Data Set”, which according to the HIPAA Privacy Rule may only include the following types of data: (i) dates such as admission, discharge, service, DOB, DOD; (ii) city, state, five digit or more zip code; and (iii) ages in years, months or days or hours.
The Chiefy Services are not intended to collect any direct Patient identifier, and we prohibit our User from uploading or give us access to: names; street addresses; telephone numbers; Social Security numbers; medical records numbers; health plan beneficiary numbers; account numbers; certificate license numbers; biometric identifiers; and full face photos (or comparable images). Consequently, Chiefy is not able and does not intend to identify a specific Patient from the Limited Data Set collected and stored by us.
To learn about your rights with respect to your PHI data please contact your respective health services provider and ask for their “notice of privacy practices”. You may also send us a written request to: email@example.com, and we will make our best efforts to forward your request to your health services provider. Please note that in order to authenticate you and verify your request we may need you to provide us with identifying information.
8. COOKIES OR SIMILAR TRACKING TECHNOLOGIES
When you access or use the Services, Chiefy may use industry-wide monitoring and tracking technologies such as "cookies" or “pixel tags” (or similar technologies), which store certain information on your computer ("Local Storage") and which will allow us to enable automatic activation of certain features, and make your service experience much more convenient and effortless. The Local Storage is created per session and may be deleted by you or otherwise your browser may be configured by you to not accept any such local storage items.
For example, these technologies enable us to: (i) provide you with the Services, (ii) keep track of our users’ preferences and authenticated sessions, (iii) secure our website by detecting abnormal behaviors, (iv) identify technical issues and improve the overall performance of the Services, and (v) deliver targeted advertisements that are more tailored to their audience and track ad performance (For more information about this practice, click here: http://www.aboutads.info/choices/).
Such tracking technologies may include Pixel tags (also commonly known as web beacons), transparent images, iFrames, cookies, or Java script placed on our Website or our emails, that is used to understand how you interact with the Website and emails. It is important to note that some of these tracking technologies are provided to us by our Services Providers who collect and process personal information in the scope of the services that they provide us. To learn more, please refer to the policy of our Services Provider, Amplitude, which generates usage analytics for Us, at: https://help.amplitude.com/hc/en-us/articles/115003135607-Tracking-Unique-Users.
Learn more about your choices and how to opt-out of tracking technologies:
Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Services or Website, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser as the protocol and form for such setting has not yet been generally accepted.
9. TEXT MESSAGES AND OTHER NOTIFICATIONS
The Chiefy Services include notifications to the Users with important information regarding your use and interaction with our Services. For example, we may send you SMS text notification regarding your case status, case changes, reminders on incomplete the User briefs/debriefs, different kinds of reports, service information and updates (“Text Notifications”). By obtaining a User Account in the Chiefy App and/or providing us with your phone number, e-mail address or any other contact information, you hereby agree that we may send you such Text Notifications and contact you for the purpose of informing you regarding our products and services.
By providing us with your phone number and email you also represent that you are the owner or authorized user of the mobile device that you used to subscribe for our mobile communications and that you are authorized to approve the applicable charges, if applicable.
If you wish to withdraw your consent to receive Text Notifications (i.e., opt-out), or wish to receive additional help, you may contact us by sending an email to: firstname.lastname@example.org.
As we take the confidentiality of your Personal Information and your Patient’s health information very seriously, we have adopted the strict administrative, technical and physical safeguards of HIPAA, to help prevent unauthorized access, use or disclosure of PII and PHI. Among other, Chiefy implements security measures and procedures such as data encryption, multi-factor-authentication (MFA) and periodical audits by a reputable third-party auditor.
We limit access of your information only to those employees, third party service providers or partners on a “need to know” basis, and strictly in order to enable us to perform the Services.
Despite these measures, Chiefy cannot provide absolute information security or eliminate all risks associated with Personal Information and PHI, and security breaches may happen. If there are any questions about security, please contact us at email@example.com.
11. DATA RETENTION
We will retain your Personal Information only for as long as necessary to achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing of your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).
12. PRIVACY OF CHILDREN
To use our Services, Users must be over the age of twenty-one (21). Therefore, we do not knowingly collect Personal Information from individuals under the age of twenty-one (21) and we do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of twenty-one (21) are not using the Services. If you believe that we might have any information from or about an individual under the age of twenty-one (21), please contact us at: firstname.lastname@example.org. In the event that it comes to our attention that a person under the age of twenty-one (21) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.
If you are submitting to the Services any Personal Information pertaining to any minor child, you hereby represent and warrant that you have received all the necessary legal consents or approvals or that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share such Personal Information and/or any other form of sensitive information, on the minor’s behalf.
13. JOB CANDIDATES
We welcome qualified candidates to apply to any of the open positions posted on our Services by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing).
Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider candidates for other suitable positions and opportunities at Chiefy; so we could use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional employment and business purposes related to their employment with us.
If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at email@example.com.
15. GENERAL INFORMATION
16. CONTACT US
If you wish to exercise any of the aforementioned rights, or receive more information, please contact us using the details provided below:
Address: 370 First Avenue, apt 11F, New York NY 10010