Privacy Policy
Last Revised: February 26, 2024
Chiefy, Inc. (“Chiefy”, “our”, “we” or “us”) offers to its customers, e.g. healthcare clinicians and other organizations (each, a “Customer”) a quality improvement SaaS web application for surgical teams, accessible through Your electronic devices, including without limitation, mobile devices, tablets, and/or PCs (the “Chiefy App”). In addition, our website located at www.chiefyteam.com (or any other website that we may maintain) offers its visitors (respectively “Website” and “Visitors”) information on our company, technology, and the Chiefy App, as well as demonstrations and trials of our Chiefy App (if such are made available). The Website together with the Chiefy App and related services, except if specifically designated otherwise, shall be collectively referred to in this Privacy Policy as the “Services.”
Chiefy respects the privacy of the end users of our Services (“User”, “you” or “your”) and the privacy of the patients of our Users (“Patient(s)”). Users include: (I) an administrative user identified by Customer (“Customer’s Admin” or “Account Owner”), and (II) the end users invited by Customer’s Admin (which can include team members, other Customer employees or personnel, or other stakeholders) who use or access the Services under Customer’s account (the “End User(s)”). Please note, that the ultimate Account Owner associated with the instance of the Chiefy App that you are using may be able to control the settings of its instances in the Chiefy App and any associated Customer Data, as further described in Section 4 and our Terms of Use (the “Terms of Use”).
This Privacy Policy (the “Privacy Policy”) describes our practices regarding the information we may collect from you when you use or access our Service, the ways in which we may use such information, and the choices and rights available to you. This Privacy Policy supplements and shall be read in conjunction with our Terms of Use, and may be supplemented by additional privacy statements, terms, or notices provided to you (collectively, the “Terms”). Capitalized terms which are not defined in this Privacy Policy, shall have the meaning given to them in our Terms of Use.
​
YOUR CONSENT
​
PLEASE READ THIS PRIVACY POLICY BEFORE ACCESSING AND/OR USING THE SERVICES. BY ACCESSING OR USING THE SERVICES, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE WITH ANY TERM OF THIS PRIVACY POLICY, YOU MAY NOT ACCESS OR USE THE SERVICES.
Please note: you are not obligated by law to provide us with any Personal Information. You hereby acknowledge and agree that you are providing us with Personal Information as described in this Privacy Policy at your own free will. You hereby agree that we may collect and use such Personal Information pursuant to this Privacy Policy and any applicable laws and regulations.
TO THE EXTENT THAT YOU PROVIDE US WITH ANY PERSONAL INFORMATION AND/OR PHI (AS DEFINED BELOW) RELATED TO ANY THIRD PARTY OR ANY OTHER PERSON OR ENTITY THAT IS NOT YOU, INCLUDING INFORMATION RELATED TO ANY OF YOUR PERSONNEL, COLLEAGUES, OR PATIENTS, YOU HEREBY REPRESENT THAT YOU ARE SOLELY RESPONSIBLE TO RECEIVE, AND UNDERTAKE THAT YOU SHALL OBTAIN AT ALL TIMES, THE CONSENT, AUTHORITY, PERMISSION, AND APPROVAL OF SUCH PERSONS AND PROVIDED THEM WITH SUFFICIENT DISCLOSURES, TO ALLOW CHIEFY TO ACCESS, STORE, COLLECT, ANALYZE AND PROCESS SUCH PERSONAL INFORMATION AND/OR PHI AS DETAILED IN THIS PRIVACY POLICY.
IN THIS PRIVACY POLICY YOU CAN READ ABOUT:
​
1. WHAT TYPES OF INFORMATION DO WE COLLECT?
2. WHEN DO WE COLLECT INFORMATION?
3. WHY DO WE COLLECT AND PROCESS INFORMATION?
4. WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?
5. HOW DO WE STORE AND TRANSFER PERSONAL INFORMATION?
6. YOUR USER RIGHTS
7. PHI
8. COOKIES OR SIMILAR TRACKING TECHNOLOGIES
9. TEXT MESSAGES AND OTHER NOTIFICATIONS
10. SECURITY
11. DATA RETENTION
12. PRIVACY OF CHILDREN
13. JOB CANDIDATES
14. UPDATES TO THIS PRIVACY POLICY
15. GENERAL INFORMATION
16. CONTACT US
1. WHAT TYPES OF INFORMATION DO WE COLLECT?
​
We divide the information we may access and collect into three categories: Personal Information, Protected Health Information (PHI), and Non-Personal Information. In this section, we describe each of the three categories of information that we may collect, and in the following section we describe the circumstances under which such collection is performed.
-
Non-Personal Information means information that may be made available to us, or collected automatically through your use of the Services, that does not enable us to identify the person from whom it was collected, or to whom such data pertains. Non-Personal Information usually consists of either technical, analytical, or aggregated information that is not linked to a specific individual;
-
Personally Identifiable Information (PII) or Personal Information means information that pertains or relates to a specific individual, where such individual is identified or may be identified with reasonable efforts or together with additional information we have access to. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, a persistent cookie identifier etc., i.e. an identifier that does not expire at the end of your session in our Services. Personal Information does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person;
-
Protected Health Information (PHI), as such term is defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations as each may be amended from time to time (“HIPAA”), means information which may identify a specific individual or for which there is a reasonable basis to believe can be used to identify the individual, and which relates to the past, present, or future physical or mental health or condition of such individual, including the provision of health care products and services to such individual or payment for such health services. PHI does not include information that has been de-identified in accordance with the HIPAA Privacy Rule.
​
2. WHEN DO WE COLLECT INFORMATION?
​
We collect Personal Information and/or PHI (if any appropriate relationship exists) from you and any devices you use (e.g., mobile device and desktop) when you: use or access our Services, create an account for a team member (as an Account Owner), update or add information to your account, provide us information on a web form or other text field, or through correspondence you and we conduct with each other through any channel of communication. More specifically, we collect and use the following categories and types of Personal Information:
​
2.1. Personal Information you provide us actively and voluntarily when you use our Services:
​
Contact information, such as full name, nickname, email address, role, account name, User avatar (optional), and any other information you actively input through forms and text fields in the Chiefy App, including your correspondence with other Users (such as your team members) through the Services, your feedback, or the content of your interaction with our customer support which may include text/video/audio recording and transcripts of such communications.
​
2.2. Personal Information we automatically obtain when you use or interact with our Services:
​
This is Personal Information we obtain through the Services when Users access or interact with the Services, which is derived, learned, or detected as a result of such access and/or interaction, such as:
Technical information with respect to the devices and software you use to access our Services such as screen size, operating system, type of end user device, device ID, Carrier, Language, and Library;
​
Geo-location including the country, city, and region; and
​
Usability information and Impression information with respect to your use of the Services and your engagement, such as User’s screen views and clicks, system notifications sent to user, literature/videos used by user, click stream, event and log data, page visits, and different segmentation we apply when we consider your engagement with our Services.
We perform such automatic collection through: (i) use of cookies and similar technologies; and (ii) unique identifiers that generally only identify a computer, device, browser, or application. Most mobile devices, operating systems, and browsers allow their user to control or disable the use of certain collectable information including location services, by any application, in the device's settings menu.
​
2.3. Personal information collected from other sources:
​
We may also collect personal information concerning you from third parties who have assured us that they have obtained your consent for such provision of information, such as the Customer or Customer’s Admin when they invite you to their Customer’s account as an End User.
For avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed to be Personal Information as long as such connection or linkage exists. We do not collect any Personal Information from you or related to you without your approval, which is obtained, inter alia, through your acceptance of this Privacy Policy.
​
3. WHY DO WE COLLECT AND PROCESS INFORMATION?
​
3.1. What are our legal grounds for collecting Personal Information?
​
With your consent: We ask for your agreement to process your information for the specific purposes stated in the Terms and you have the right to withdraw your consent at any time, though withdrawing your consent may impact the functionality of the Services. For example, we ask for your consent to connect your Business Applications accounts (which may contain Personal Information) to the Services and you may at any time withdraw such consent.
In the scope of providing the Services: We collect and process your Personal Information in order to provide you with the Services which are tailored to your needs and requirements.
Legitimate interests: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for purposes like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality, or technical issues with our Services; protecting against harm to the rights, property, or safety of our Services, our Users or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; and in order to comply and/or fulfill our obligations under applicable laws, regulation, guidelines, industry standards, and contractual requirements, legal process, subpoena or governmental request.
​
3.2. Purposes for Collecting Personal Information
​
We may use Personal Information and Non-Personal Information that we collect and receive about you for the following purposes:
-
To provide, operate, and improve our Services and related offers and to manage our business;
-
In order to anonymize/de-identify it as part of the measures we use to protect your privacy and minimize risks of security breaches;
-
To provide our Users with a better user experience, more fitted to their specific needs;
-
To be able to contact Users who requested such contact to be made, such as for the purpose of providing them with further information about Chiefy and its Services;
-
To prevent, detect, mitigate, and investigate fraud, security breaches, or other potentially prohibited or illegal activities, whether suspected or actual;
-
To comply with any applicable rule or regulation and/or respond to or defend against legal proceedings versus us or our affiliates;
-
To be able to send Users our newsletters and information in connection with the Services, where Users registered to receive such messages, or otherwise to provide important notices with respect to Services to which Users have registered;
-
To market our Services to Users or potential Users, and to be able to track and evaluate our marketing activities and their results and attribute different marketing achievements to the respective marketing efforts;
-
To act upon and comply with requests you may make pursuant to this Privacy Policy and the privacy laws that apply to you; and
-
To perform functions or services as otherwise described to you at the time of collection.
​
4. WHO DO WE SHARE YOUR INFORMATION WITH AND WHY?
​
We keep the information processed by us in strict confidence and we may only share information with third parties (or otherwise allow them access to it) in very limited circumstances and for very specific purposes.
Internally – We may share information with our parent company, subsidiaries, and affiliates (all as applicable), as well as our employees for the purposes described in this Privacy Policy. In addition, should Chiefy or any of its affiliates undergo any change in control, including by means of merger, acquisition, or purchase of substantially all of its assets, your information may be shared with the parties involved in such event under strict security conditions, for the purpose of evaluating such event and in accordance with the terms of this Privacy Policy and applicable law. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have, either through prominent notice on our Services or by contacting you directly through contact details you have provided us;
​
Third Parties & Business Partners – We may partner with certain third parties to provide selected services that are used to facilitate and enhance the Services and your use of the Services (“Service Providers"). Such Service Providers may have access to, or process on our behalf, Personal Information that we collect, hold, use, analyze, process, and/or manage. If necessary or applicable, a Service Provider must sign an appropriate data processing agreement (such as a Data Processing Agreement and/or Business Associate Agreement) with us prior to getting access to any User PII or PHI. Service Provider use of data will be limited to supporting our internal procedures and the security, availability, performance, and integrity of the Services. We remain responsible for any Personal Information processing done by Service Providers on our behalf, except for events outside of our and/or their reasonable control. These Service Providers may include among others, hosting, database, server services, data analytics services, user authentication and data security services e-mail and text message distribution and monitoring services (e.g., AWS), and our business, legal and financial advisors;
​
Protecting Rights and Safety – We may share your information to enforce this Privacy Policy and/or the Terms of Use or any other agreement between Chiefy and you with respect to the Services, including investigation of potential violations of any agreement between you and us; to detect, prevent, or otherwise address fraud, security or technical issues; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of any of our Users, or any member of the general public; and
​
Law Enforcement – We may cooperate with government and law enforcement officials to enforce and comply with the law. In compliance with applicable law, we may disclose any information to government or law enforcement officials as we believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and legal rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
For avoidance of doubt, we may share anonymized/de-identified information with any third party, at our sole discretion.
​
5. HOW DO WE STORE AND TRANSFER PERSONAL INFORMATION?
​
Information regarding the Users and Patients (if applicable) may be maintained, processed, and stored by us and our authorized affiliates and Service Providers in the United States and Israel. Our Service Providers which store or process your Personal Information either: (i) assured us that they provide adequate safeguards to protect your rights to privacy, including where applicable complying with HIPAA; and (ii) perform such processing pursuant to your consent and acceptance of their privacy policy as further detailed in this Privacy Policy.
​
By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.
​
6. YOUR USER RIGHTS
​
If applicable to you under your country’s jurisdiction, you may have certain rights in connection with your Personal Information and how we handle it. You can exercise your rights at any time by contacting us via any of the methods set out in Section 16 below. Those rights may include, but are not limited to, the following:
​
Right of access. You may have a right to know what information we hold about you and, in some cases, to have the information communicated to you. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information.
​
Right to correct Personal Information. We endeavor to keep the information that we hold about you accurate and up to date. Should you realize that any of the information that we hold about you is incorrect, please let us know and we will use our best efforts to correct it as soon as we can.
​
Data deletion. In some circumstances and under certain laws and regulations, you may have a right to request that some portions of the Personal Information that we hold about you be deleted or otherwise anonymized/de-identified.
​
Data portability. In some circumstances and under certain laws and regulations, you may have the right to request that data which you have provided to us is provided to you, so you can transfer or port it elsewhere.
​
7. PHI
​
Under certain circumstances, we may be a Business Associate (as defined under HIPAA) to you. We will only function as a Business Associate if you have appropriate authority to execute a Business Associate Agreement on behalf of yourself or your facility/organization. You may only enter PHI into the Service if a valid Business Associate Agreement has been executed.,
If a valid Business Associate Agreement has been executed, the input of PHI into the Services should still be limited in accordance with the minimum necessary standard under HIPAA. However, if a valid Business Associate Agreement is in place, the team’s communications and needs will determine the scope of information to include.
​
8. COOKIES OR SIMILAR TRACKING TECHNOLOGIES
​
When you access or use the Services, Chiefy may use industry-wide monitoring and tracking technologies such as "cookies" or “pixel tags” (or similar technologies), which store certain information on your computer ("Local Storage").For example, these technologies enable us to: (i) provide you with the Services, (ii) keep track of our users’ preferences and authenticated sessions, (iii) secure our website by detecting abnormal behaviors, (iv) identify technical issues and improve the overall performance of the Services, and (v) deliver targeted advertisements that are more tailored to their audience and track ad performance (For more information about this practice, click here: http://www.aboutads.info/choices/). The Local Storage is created per session and may be deleted by you or otherwise your browser may be configured by you to not accept any such Local Storage items.
Such tracking technologies may include Pixel tags (also commonly known as web beacons), transparent images, iFrames, cookies, or Java script placed on our Website or our emails, that are used to understand how you interact with the Website and emails. It is important to note that some of these tracking technologies are provided to us by our Service Providers who collect and process Personal Information in the scope of the services that they provide us. To learn more, please refer to the policy of our Service Provider, Amplitude, which generates usage analytics for us, at: https://help.amplitude.com/hc/en-us/articles/115003135607-Tracking-Unique-Users.
​
Learn more about your choices and how to opt-out of tracking technologies:
​
In order to delete or block any tracking technologies, please refer to the “Help” area on your internet browser for further instructions, or you may also opt out of third party tracking technologies by following the instructions provided by each applicable Service Provider in its privacy policy listed above or visiting www.youronlinechoices.eu or http://www.aboutads.info/choices/.
Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Services or Website, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser as the protocol and form for such setting has not yet been generally accepted.
​
9. TEXT MESSAGES AND OTHER NOTIFICATIONS
​
The Services include notifications to the Users with important information regarding your use and interaction with our Services. The Services may send you SMS text notifications regarding your case status, case changes, reminders on incomplete briefs/debriefs, different kinds of reports, service information, and updates (“Text Notifications”). By obtaining or creating a User Account in the Chiefy App and/or providing us with your phone number, e-mail address, or any other contact information, you hereby consent to us sending you such Text Notifications and contacting you for the purpose of informing you about our products and services.
By providing us with your phone number and email you also represent that you are the owner or authorized user of the mobile device that you used to subscribe to our mobile communications and that you are authorized to approve the applicable charges, if applicable.
If you wish to withdraw your consent to receive Text Notifications (i.e., opt-out), or wish to receive additional help, you may contact us by sending an email to: hello@chiefyteam.com.
​
10. SECURITY
​
As we take the confidentiality of the information under our control very seriously, we have adopted at least industry standard security measures, including the administrative, technical, and physical safeguards of HIPAA, to help prevent unauthorized access, use or disclosure of the information under our control (which may in appropriate instances included PHI). Among other security measures, Chiefy implements data encryption, multi-factor-authentication (MFA), and periodical audits by a reputable third-party auditor.
We limit access to your information only to those team members, Service Providers, or partners on a “need to know” basis, and strictly in order to enable us to provide the Services.
Despite these measures, Chiefy cannot guarantee absolute information security or eliminate all risks associated with operation of the Services, and security breaches may happen. If there are any questions about security, please contact us at hello@chiefyteam.com.
​
11. DATA RETENTION
​
We will retain your information only for as long as necessary to provide the Services and achieve the purposes for collection and processing set forth above. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. If you withdraw your consent to our processing of your Personal Information, we will delete your Personal Information from our systems (except to the extent retaining such data in whole or in part is necessary to comply with any applicable rule or regulation and/or to respond to or defend against legal proceedings brought against us or our affiliates).
​
12. PRIVACY OF CHILDREN
​
To use our Services, Users must be over the age of twenty-one (21). Therefore, we do not knowingly collect Personal Information from individuals under the age of twenty-one (21) and we do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that individuals under the age of twenty-one (21) are not using the Services. If you believe that we might have any information from or about an individual under the age of twenty-one (21), please contact us at: hello@chiefyteam.com. In the event that it comes to our attention that a person under the age of twenty-one (21) is using the Services, we may prohibit and block such User from using the Services and will make all efforts to promptly delete any Personal Information with respect to such User.
If you are submitting to the Services any Personal Information pertaining to any minor child, you hereby represent and warrant that you have received all the necessary legal consents or approvals or that you are the parent or legal guardian and have the actual authority and legal right to upload, submit, disclose or otherwise share such Personal Information and/or any other form of sensitive information, on the minor’s behalf.
​
13. JOB CANDIDATES
​
We welcome qualified candidates to apply to any of the open positions posted on our Services by sending us your contact details and CV or resume (“Candidate Information”). Since privacy and discreteness are very important to our candidates, we are committed to keeping Candidate Information private and will use it solely for our internal recruitment purposes (including for identifying candidates, evaluating their applications, making hiring and employment decisions, and contacting candidates by phone or in writing).
Please note that we may retain Candidate Information submitted to us even after the applied position has been filled or closed. This is done so we could re-consider candidates for other suitable positions and opportunities at Chiefy; so we could use the Candidate Information as a reference for future applications; and in case the candidate is hired, for additional employment and business purposes related to their employment with us.
If you previously submitted your Candidate Information to us, and now wish to access it, update it, or have it deleted from our systems, please contact us at hello@chiefyteam.com.
​
14. UPDATES TO THIS PRIVACY POLICY
​
This Privacy Policy is subject to changes from time to time, in our sole discretion. The most current version will always be posted on our Services (as reflected in the “Last Revised” heading). You are advised to check for updates regularly. We will use reasonable efforts to provide notice of substantial changes to this Privacy Policy on the homepage of the Services and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided to us. Such substantial changes will take effect seven (7) days after such notice was provided on our Services or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of the Services after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.
​
15. GENERAL INFORMATION
​
This Privacy Policy, its interpretation, and any claims and disputes related to this Privacy Policy, shall be governed by the laws of the State of New York, without respect to its conflict of law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Manhattan, New York.
​
16. CONTACT US
If you wish to exercise any of the rights identified in this Privacy Policy, or receive more information, please contact us using the details provided below:
Chiefy, Inc.
Email: hello@chiefyteam.com.
Address: 370 First Avenue, 11F, New York NY 10010