CHIEFY PRIVACY POLICY

Last revised: March 2, 2021

 

Chiefy, Inc.  (“Chiefy”, “our”, “we” or “us”) offers to its customers, e.g. health services providers and other organizations (each, a “Customer”) a quality improvement SaaS web application for surgical teams, accessible through your electronic devices, including without limitation, mobile devices, tablets and/or PCs  (the “Chiefy App”). In addition, our Website located at www.chiefyteam.com offers its visitors (respectively “Website” and “Visitors”), information on our company, technology and information concerning our Chiefy App, as well as demos and trials of our Chiefy App (if such are made available). The Website together with the Chiefy App and related services, except if specifically designated otherwise, shall be referred to herein as the “Services”.

 

Chiefy respects the privacy of the users of our Services (“User”, “You” or “Your”) and the privacy of the patients of our Users (“Patient(s)”, which are not an entity in the Chiefly App). Users include: (I) the first user that we (Chiefy) add to a surgical team department in the Chiefy App (“Customer’s Admin” or “Department Owner”), (II) the end users invited by Customer’s Admin (namely the department members and any other Customer employees or personnel) who use or access the Services under Customer’s account (the “End User(s)”). Please note, that the Customer who invited you to join the Chiefy App (namely, your organization or the hospital where you work at etc.), may be able to control the settings of their instances in the Chiefy App (the “Department Dashboard”) and any associated Customer Data, as further described in our Terms of Use (the “Terms of Use”) and in Section 4 herein.

 

This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use or access our Service, the ways in which we may use such information, and the choices and rights available to you. This Privacy Policy supplements and shall be read in conjunction with our Terms of Use, and may be supplemented by additional privacy statements, terms or notices provided to you (collectively, the “Terms”). Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms of Use.

YOUR CONSENT

PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND/OR USING THE SERVICES. BY ACCESSING OR USING THE SERVICES, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE CHIEFY APP AND/OR THE WEBSITE.

Please note: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us with Personal Information as described in this Privacy Policy at your own free will. You hereby agree that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.

TO THE EXTENT THAT YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND/OR PHI (AS DEFINED BELOW) RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON OR ENTITY WHICH IS NOT YOU, INCLUDING INFORMATION RELATED TO ANY OF YOUR PERSONNEL, COLLEAGUES OR PATIENTS, YOU HEREBY REPRESENT THAT YOU ARE SOLELY RESPONSIBLE TO RECEIVE, AND UNDERTAKE THAT YOU SHALL OBTAIN AT ALL TIMES, THE CONSENT, AUTHORITY, PERMISSION AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW CHIEFY TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AND/OR PHI AS DETAILED HEREIN.

 

IN THIS PRIVACY POLICY YOU CAN READ ABOUT:

  1. WHAT TYPES OF INFORMATION DO WE COLLECT?

  2. WHEN DO WE COLLECT INFORMATION?

  3. WHY DO WE COLLECT AND PROCESS INFORMATION?

  4. WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?

  5. HOW DO WE STORE AND TRANSFER PERSONAL INFORMATION?

  6. YOUR USER RIGHTS

  7. PHI

  8. COOKIES OR SIMILAR TRACKING TECHNOLOGIES

  9. SECURITY

  10. DATA RETENTION

  11. PRIVACY OF CHILDREN

  12. JOB CANDIDATES

  13. UPDATES TO THIS PRIVACY POLICY

  14. GENERAL INFORMATION

  15. CONTACT US

 

1. WHAT TYPES OF INFORMATION DO WE COLLECT?

We divide the information we may access and collect into three categories: Personal Information, Protected Health Information (PHI) and Non-Personal Information. In this section, we describe each of the three categories of information which we may collect, and in the following section we describe the circumstances under which such collection is performed.

  • Non-Personal Information, means information that may be made available to us, or collected automatically via your use of the Services, that does not enable us to identify the person from whom it was collected, or to whom such data pertains. Non-Personal Information usually consists of either technical, analytical, or aggregated information which is not linked to a specific individual;

  • Personally Identifiable Information (PII) or Personal Information, means information that pertains or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information we have access to. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, a persistent cookie identifier etc., i.e. an identifier that does not expire at the end of your session in our Services.  Personal Information does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person;

  • Protected Health Information (PHI), as such term is defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), means information which may identify a specific individual or for which there is a reasonable basis to believe can be used to identify the individual, and which relates to the past, present, or future physical or mental health or condition of such individual, including the provision of health care products and services to such individual or payment for such health services. PHI does not include information that has been de-identified in accordance with the HIPAA Privacy Rule (Please refer to Section ‎7 “PHI”, for more information regarding our practices with respect to PHI).

 

2. WHEN DO WE COLLECT INFORMATION?

We collect Personal Information and/or PHI from you and any devices you use (e.g., mobile device and desktop) when you: use or access our Services, create an account for a team member (as a Department Owner), update or add information to your account, provide us information on a web form or other text field, or through correspondence you and we conduct with each other through any channel of communication. More specifically we collect and use the following categories and types of Personal Information at the following circumstances:

 

2.1. Personal Information you provide us actively and voluntarily when you use our Services:

Contact information, such as full name, nickname, email address, role (attending/resident), PGY (year in residency, if applicable), department name, role in the team (e.g. Attending, Resident, Physician Assistant), User avatar (optional), and any other information you actively input through forms and text fields in the Chiefy App, including your correspondence with other Users (your team members) through the Services, your feedbacks, or the content of your interaction with our customer support which may include text/video/audio recording and transcripts of such communications.

 

2.2. Personal Information we automatically obtain when you use or interact with our Services:

This is information we obtain through the Services when Users access or interact with the Services, which is derived, learned, or detected as a result of such access and/or interaction, such as:

Technical information, with respect to the devices and software you use to access our Services such as screen size, operating system, type of end user device, device ID, Carrier, Language, Library etc;

Geo-location, including the country, city and region.

Usability information and Impression information, with respect to your use of the Services and your engagement, such as User’s screen views and clicks, system notifications sent to user, literature/videos used by user, click stream, event and log data, page visits, and different segmentation we apply when we consider your engagement with our Services.

We perform such automatic collection through: (i) use of cookies and similar technologies; and (ii) unique identifiers that generally only identify a computer, device, browser or application. Most mobile devices, operating systems and browsers, allow their user to control or disable the use of certain collectable information including location services, by any application, in the device's settings menu.

 

2.3. Personal information collected from other sources:

We may also collect personal information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information, such as the Customer or Customer’s Admin when they invite you to their Customer’s account as an End User.

For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists. We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of this Privacy Policy.

 

3.WHY DO WE COLLECT AND PROCESS INFORMATION?

3.1.What are our legal grounds for collecting personal information?

With your consent: We ask for your agreement to process your information for the specific purposes stated herein and you have the right to withdraw your consent at any time. For example, we ask for your consent to connect your Business Applications accounts (which may contain Personal Information) to the Services and you may at any time withdraw such consent;

In the scope of providing the Services: We collect and process your Personal Information in order to provide you with the Services which are tailored to your needs and requirements.  

Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Services; protecting against harm to the rights, property or safety of our Services, our Users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfil our obligations under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request.

 

3.2. Purposes for Collecting Personal Information

We may use information that we collect and receive about you for the following purposes:

  • To provide, operate and improve our Services and related offers and to manage our business.

  • In order to anonymize/de-identify it, as part of the measures we use to protect your privacy and minimize risks of security breaches.

  • To provide our Users with a better user experience, more fitted to their specific needs.

  • To be able to contact Users who requested such contact to be made, for the purpose of providing them with further information on Chiefy and its Services;

  • To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities, whether suspected or actual;

  • To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.

  • To be able to send Users our newsletters and information in connection with the Services, where Users registered to receive such messages, or otherwise to provide important notices with respect to Services to which Users have registered;

  • To market our Services to Users or potential Users, and to be able to track and evaluate our marketing activities and their results and attribute different marketing achievements to the respective marketing efforts.

  • To act upon and comply with requests you may make pursuant to this Privacy Policy and the privacy laws that apply to you.

  • To perform functions or services as otherwise described to you at the time of collection;

4. WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?

We keep the information processed by us in strict confidence and we may only share information with third parties (or otherwise allow them access to it) in very limited circumstances and for very specific purposes, as described below:

Between Users - The following table is intended to describe which of Your User submissions will be visible within the Chiefy App to other Users or to the Customer’s Admin, depending on the type of information and location of submission.

User Submission

Visible in the Chiefy App to

Department’s case assignment information (date and time, care team, site, add-on).

Users within your Department.

Case brief and debrief information.

Users associated with a Care Team, which are assigned to the specific case. In addition, Users may be able to voluntarily share their cases information with Users outside their Care Team, and/or with their entire Department.

Anonymized “Lessons Learned” information that does not contain specific case or specific Care Team information

Users, under “pearls and pitfalls” section.

Private comment in a case (“private notes” field).

Visible only to the User that entered the comment.

Information generated within the Care Team Personal Dashboard, which may include analytics and reports based on personal case data and statistics.

Users associated with a Care Team, for their assigned cases

Information generated within the Department Dashboard that includes reports on department cases’ brief/debrief compliance and feedback rate, aggregated case analytics and anonymized department case data.

The Customer’s Admin / Department Owner.

Data contributed by the User to the Chiefy community, with contributor name and department (“Public Contribution”).

A Public Contribution will be publicly available to Chiefy community Users, in order to help other community members better prepare for their cases.

Internally – We may share information with our family companies, as well as our employees, for the purposes described in this Privacy Policy and in accordance with Section 5 above. In addition, should Chiefy or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, either through prominent notice on our Services or by contacting you directly through contact details you have provided us;

Third Parties & Business Partners –We partner with certain third parties to provide selected services that are used to facilitate and enhance the Services and your use thereof (“Service Providers"). Such Service Providers may have access to, or process on our behalf personal information which we collect, hold, use, analyze, process and/or manage. Each Service Provider must sign a data processing agreement (DPA and/or BAA) with us prior to getting access to any User PII or PHI, and such 3rd party use of data is limited to supporting our internal procedures and the security, availability, performance, and integrity of the Services. We remain responsible for any personal information processing done by Service Providers on our behalf, except for events outside of our and/or their reasonable control.  These Service Providers may include among others, hosting, database, server services, data analytics services, user authentication and data security services e-mail and text message distribution and monitoring services (e.g., AWS), and our business, legal and financial advisors.;

Protecting Rights and Safety – We may share your information to enforce this Privacy Policy and/or the Terms of Use or any other agreement between Chiefy and you with respect to the Chiefy App, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of any of our users, or any member of the general public;

Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. We may therefore disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.

For avoidance of doubt, we may share anonymized/de-identified information with any other third party, at our sole discretion.

 

5. HOW DO WE STORE AND TRANSFER PERSONAL INFORMATION?

Information regarding the Users and Patients (if applicable) may be maintained, processed, and stored by us and our authorized affiliates and service providers in the United States and Israel. Our Third Party Service Providers which store or process your Personal Information either: (i) assured us that they provide adequate safeguards to protect your rights to privacy including where applicable, by undertaking to comply with the HIPAA Rules; (ii) perform such processing pursuant to your consent and acceptance of their privacy policy as further detailed in this Privacy Policy.

By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.

 

6. YOUR USER RIGHTS

If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out in Section ‎15 below. Those rights may include, but are not limited to, the following:

Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.

Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will use our best efforts to correct it as soon as we can.

Data deletion. In some circumstances , you may have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized/de-identified.

Data portability. In some circumstances and under certain laws and regulations, you may have the right to request that data which you have provided to us is provided to you, so you can transfer or port it elsewhere.

7. PHI

As a Business Associate (as defined under HIPAA), the health information collected by Chiefy is merely a “Limited Data Set”, which according to the HIPAA Privacy Rule may only include the following types of data: (i) dates such as admission, discharge, service, DOB, DOD; (ii) city, state, five digit or more zip code; and (iii) ages in years, months or days or hours.

 

The Chiefy Services are not intended to collect any direct Patient identifier, and we prohibit our User from uploading or give us access to: names; street addresses; telephone numbers; Social Security numbers; medical records numbers; health plan beneficiary numbers; account numbers; certificate license numbers; biometric identifiers; and full face photos (or comparable images). Consequently, Chiefy is not able and does not intend to identify a specific Patient from the Limited Data Set collected and stored by us.

 

To learn about your rights with respect to your PHI data please contact your respective health services provider and ask for their “notice of privacy practices”. You may also send us a written request to: hello@chiefyteam.com, and we will make our best efforts to forward your request to your health services provider. Please note that in order to authenticate you and verify your request we may need you to provide us with identifying information.

 

8. COOKIES OR SIMILAR TRACKING TECHNOLOGIES

When you access or use the Services, Chiefy may use industry-wide monitoring and tracking technologies such as "cookies" or “pixel tags” (or similar technologies), which store certain information on your computer ("Local Storage") and which will allow us to enable automatic activation of certain features, and make your service experience much more convenient and effortless. The Local Storage is created per session and may be deleted by you or otherwise your browser may be configured by you to not accept any such local storage items.

For example, these technologies enable us to: (i) provide you with the Services, (ii) keep track of our users’ preferences and authenticated sessions, (iii) secure our website by detecting abnormal behaviors, (iv) identify technical issues and improve the overall performance of the Services, and (v) deliver targeted advertisements that are more tailored to their audience and track ad performance (For more information about this practice, click here: http://www.aboutads.info/choices/).

Such tracking technologies may include Pixel tags (also commonly known as web beacons), transparent images, iFrames, cookies, or Java script placed on our Website or our emails, that is used to understand how you interact with the Website and emails. It is important to note that some of these tracking technologies are provided to us by our Services Providers who collect and process personal information in the scope of the services that they provide us. To learn more, please refer to the policy of our Services Provider, Amplitude, which generates usage analytics for Us, at: https://help.amplitude.com/hc/en-us/articles/115003135607-Tracking-Unique-Users.

Learn more about your choices and how to opt-out of tracking technologies:

In order to delete or block any tracking technologies, please refer to the “Help” area on your internet browser for further instructions, or You may also opt out of third party tracking technologies by following the instructions provided by each third party service provider in its privacy policy listed above or visiting www.youronlinechoices.eu  or http://www.aboutads.info/choices/.

Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Services or Website, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser as the protocol and form for such setting has not yet been generally accepted.

 

9. TEXT MESSAGES AND OTHER NOTIFICATIONS

The Chiefy Services include notifications to the Users with important information regarding your use and interaction with our Services. For example, we may send you SMS text notification regarding your case status, case changes, reminders on incomplete the User briefs/debriefs, different kinds of reports, service information and updates (“Text Notifications”). By obtaining a User Account in the Chiefy App and/or providing us with your phone number, e-mail address or any other contact information, you hereby agree that we may send you such Text Notifications and contact you for the purpose of informing you regarding our products and services.

By providing us with your phone number and email you also represent that you are the owner or authorized user of the mobile device that you used to subscribe for our mobile communications and that you are authorized to approve the applicable charges, if applicable.

If you wish to withdraw your consent to receive Text Notifications (i.e., opt-out), or wish to receive additional help, you may contact us by sending an email to: hello@chiefyteam.com.

 

10. SECURITY

As we take the confidentiality of your Personal Information and your Patient’s health information very seriously, we have adopted the strict administrative, technical and physical safeguards of HIPAA, to help prevent unauthorized access, use or disclosure of PII and PHI. Among other, Chiefy implements security measures and procedures such as data encryption, multi-factor-authentication (MFA) and periodical audits by a reputable third-party auditor.

We limit access of your information only to those employees, third party service providers or partners on a “need to know” basis, and strictly in order to enable us to perform the Services.

Despite these measures, Chiefy cannot provide absolute information security or eliminate all risks associated with Personal Information and PHI, and security breaches may happen. If there are any questions about security, please contact us at hello@chiefyteam.com.

 

11. DATA RETENTION

We will retain your Personal Information only for as long as necessary to achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing of your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).

 

12. PRIVACY OF CHILDREN

To use our Services, Users must be over the age of twenty-one (21). Therefore, we do not knowingly collect Personal Information from individuals under the age of twenty-one (21) and we do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of twenty-one (21) are not using the Services. If you believe that we might have any information from or about an individual under the age of twenty-one (21), please contact us at: hello@chiefyteam.com. In the event that it comes to our attention that a person under the age of twenty-one (21) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.

If you are submitting to the Services any Personal Information pertaining to any minor child, you hereby represent and warrant that you have received all the necessary legal consents or approvals or that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share such Personal Information and/or any other form of sensitive information, on the minor’s behalf.

 

13. JOB CANDIDATES

We welcome qualified candidates to apply to any of the open positions posted on our Services by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreetness are very important to our candidates, we are committed to keep Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing).

 

Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider candidates for other suitable positions and opportunities at Chiefy; so we could use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional employment and business purposes related to their employment with us.

 

If you previously submitted your Candidate Information to us, and now wish to access it, update it or have it deleted from our systems, please contact us at join@chiefyteam.com.

 

14. UPDATES TO THIS PRIVACY POLICY

This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. We will provide notice of substantial changes of this Privacy Policy on the homepage of the Services and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Services or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Services after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

 

15. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of New York, without respect to its conflict of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Manhattan, New York.

 

16. CONTACT US

If you wish to exercise any of the aforementioned rights, or receive more information, please contact us using the details provided below:

 

Chiefy, Inc.

Email: hello@chiefyteam.com.

Address: 370 First Avenue, apt 11F, New York NY 10010