SyncMD Secure by Design

SYNC.MD PRIVACY POLICY

Privacy Policy Summary

This Privacy Policy applies to visitors of VYRTY™ Corporation’s (“VYRTY™”, “Us”, “We”, “Our”) websites located at www.syncmd.com (“Sites”) as well as registered users of our Sync.MD technology services accessible through the Sites and our related Sync.MD Personal Health Records mobile application (“Sync.MD App”), (collectively our “Services”). Sync.MD is a simple and secure technology service that enables consumers to create, manage, and share access to their Medical Data with other people. Please take the time to read through the entirety of our Privacy Policy, our Terms of Use, and the Sync.MD App EULA (collectively “our Agreements”) before deciding whether to use Sync.MD so that you can fully understand the different ways that VYRTY™ can collect, store, and use both your Personal Data and your Medical Data. We have provided a summary of our Privacy Policy below, but you should still take the time to read the entire Policy.

In general, VYRTY™ may collect, process, and use your Personal Data (name, date of birth, address, email, phone number, and other information that could be used to personally identify you and your account) and your Medical Data (information and data related to the provision of health care to you) for the following purposes:

  • To provide you with access to the Sync.MD App and its associated services. VYRTY™ may also contract with third parties to help provide you with access to the App and its services, and we may share both your Personal and Medical Data with them for this purpose, including, but not limited to, our cloud host provider. These third parties may only use your Data for this purpose and they have no right to use your Data for any other reason.
  • To act as your personal representative and contact healthcare organizations on your behalf to ensure the successful processing of your requests for Medical Data. This includes sharing your Personal Data with healthcare organizations to validate the authenticity of your request.
  • To request, send, or receive your Personal and Medical Data from individuals that you have given us consent to contact and share your Data with.
  • Transferring your Personal Data and Medical Data to and hosting your Data in data centers within the United States of America.
  • De-identifying your Personal Data and Medical Data (so it can no longer be used to personally identify you) and using it in aggregated or non-aggregated forms for ourselves or providing it to third parties, including research companies, or for any other lawful commercial purpose.
  • Disclosing your Personal Data and Medical Data to the extent required under State and Federal law.

IF YOU DO NOT AGREE TO YOUR PERSONAL DATA AND MEDICAL DATA BEING COLLECTED, PROCESSED, AND USED FOR THESE PURPOSES, OR WITH ANY OTHER TERMS OF THE PRIVACY POLICY DETAILED BELOW, DO NOT USE THE SYNC.MD PERSONAL HEALTH RECORD MOBILE APPLICATION.

FULL PRIVACY POLICY

Changes to this Privacy Policy

VYRTY™ may change or update this Privacy Policy from time to time at our own discretion by posting a new version online. If we make any significant changes affecting you and your Personal Data or Medical Data, as determined solely by VYRTY™, we will notify registered users by providing notice through the Sync.MD App, our Sites, or via Email. We may request that you agree to the new terms as they are updated, otherwise your continued use of our Services and the Sync.MD App may be suspended or terminated under the terms of our Agreements, but any existing Personal Data or Medical Data will still be subject to the terms of the Privacy Policy that existed at the time the information was first collected or processed.

Personal Data Collection

Below is a list of the different kinds of Personal Data that VYRTY™ may collect through our Services. You always have the choice not to provide us with this information. However, by not providing this information you will not be able to use our Services.

  • Demographic Information— When you register with VYRTY™, we collect your Personal Data as part of the registration process, including but not limited to your name, date of birth, address, phone number, email address, and other demographic information such as age, gender, and geographic location.
  • Device or Hardware User Data -VYRTY™ may collect information on our server logs from your computer or mobile device, including your IP address and other in-browser or in-app user activity, including cookies.
  • Product Improvement — VYRTY™ may collect information about your computer or mobile device and data derived through your utilization of our Services.
  • Surveys and User Research — We may occasionally send you survey questionnaires or contact you with requests for feedback and information about our Services. We collect any responses that you provide even if you did not complete or answer the entire form. Participation in surveys or research tasks is completely optional and voluntary and it does not impact or affect your access to Sync.MD.

Sharing and Disclosure of Personal Data

When you create a request for Medical Data with the Sync.MD App, you provide consent for VYRTY to act as your personal representative and contact healthcare organizations directly to facilitate the successful processing of your request. VYRTY may share your Personal Data as necessary to validate the authenticity of your request, and your healthcare organization may directly communicate with Sync.MD about your Personal Data and the processing and fulfillment of your requests, including but not limited to status, documentation, and costs. VYRTY™ may remove the identifiable parts of your information to create de-identified Personal Data (data that can no longer be associated with you or used to identify you). We may collect, use, and share your de-identified Personal Data in aggregated or non-aggregated forms. We use this aggregated or non-aggregated data in the following ways:

  • Disclosure for Business Purposes — We may license, sell or otherwise share de-identified Personal Data with commercial clients, partners, investors and contractors for any purposes related to our business practices, or for any other lawful commercial purpose.
  • Product Improvement — We may use de-identified Personal Data for our own product and quality improvement purposes, including the Sync.MD App and our Services, as well as sharing it with third-parties in order to evaluate their own products or services.
  • Research — We may use de-identified Personal Data for research whether it is scientific, marketing, or commercial in nature.

You may also use our Services to provide VYRTY™ with your optional and voluntary consent to receive marketing communications. If you provide this consent, which is not required in order to use or access our Services, then VYRTY™ may also use your Personal Data to contact you about new products and features that VYRTY™ may develop, or about other companies’ products and services that we think you may be interested in. You may revoke your consent and remove your name from these mailing lists at any time.

Medical Data Collection

Below is a list of the different kinds of Medical Data that VYRTY™ may collect through our Services. You always have the choice not to provide us with this information. However, by not providing this information you will not be able to use our Services.

  • Self-Reported Health-Related Information — We collect information that you voluntarily enter during the course of using our Services, such as information regarding your health and/or medical condition and related behaviors such as medications, exercise, or other activities. This also includes any medical documents or information that you upload into the Services yourself, even if those documents or information originally came from other people.
  • Independent Third-Party Health-Related Information — We collect medical documents and other information about you that is shared with us by independent third-parties that you have given us consent to contact and exchange data with. This could include:
    • Information and data related to the provision of health care to you such as your health status, medical records and related information or documents, consent to treatment forms, authorization to disclose medical information forms, Medicare forms, Medicaid forms, living wills, Directives to Physicians and Family or Surrogates, Medical Powers of Attorney, Out of Hospital Do Not Resuscitate Orders, Declarations of Mental Health Treatment, images, reports, labs and test results, medical treatments performed on you, and any other “protected health information” as defined under HIPAA and similar terms as defined by state, national, or international law.
  • Communications with a Third-Party — We collect any communications that take place through the Services between you and an independent third-party.
  • Automatically Tracked Health-Related Information — We may use automated methods to track data from fitness wearables and other biometric monitoring devices that you have allowed to communicate with Sync.MD.
  • Third Party Medical Data Sharing — We collect information that you provide to us through the Services, pertaining to the people with whom you consent to share your Medical Data (such as a family member or spouse), as well as any communications within the Services between you and such individuals.

Sharing and Disclosure of De-Identified Medical Data

VYRTY™ may remove the identifiable parts of your information to create de-identified Medical Data (data that can no longer be associated with you or used to personally identify you). De-identified Medical Data may be compiled in aggregated or non-aggregated forms. We may use this aggregated or non-aggregated data in the following ways:

  • Disclosure for Business Purposes — We may license, sell or otherwise share De-identified Medical Data with commercial clients, partners, investors and contractors for any purposes related to our business practices, or for any other lawful commercial purpose.
  • Product Improvement — We may use De-identified Medical Data for our own product and quality improvement purposes, including the Sync.MD App and our Services, as well as sharing it with third-parties in order to evaluate their own products or services.
  • Research — We may use De-identified Medical Data for research whether it is scientific, marketing, or commercial in nature.

Sharing and Disclosure of De-Identified Medical Data

Sharing and Disclosure of Identifiable Medical Data VYRTY™ does not rent, sell, or share identifiable Medical Data (data that could be associated with you or used to personally identify you) with third parties or other non-affiliated companies, except as necessary to provide you with access to the Sync.MD App and our Services, or when we provide this information to companies, consultants, or contractors working on our behalf under confidentiality agreements. These companies and consultants do not have any independent right to share or use your Medical Data except in connection with providing you with access to the Sync.MD App and our Services.

We may also be required to disclose your identifiable Medical Data in response to a request under State or Federal Law, for example, in response to a court order or a subpoena to comply with applicable legal and regulatory reporting requirements. We also may disclose your Identifiable Medical Data in response to a law enforcement agency's request, or where we believe it is necessary to investigate, prevent, or act regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person.

We may also be required to disclose your identifiable Medical Data in order to investigate violations of our End User License Agreement, or to verify and enforce compliance with the policies governing our products and services and with any applicable laws, or as otherwise required or permitted by law or as consistent with legal or regulatory requirements. In addition, we may transfer your Identifiable Medical Data to any entity or individual that acquires, buys, or merges with VYRTY™.

You may also use our Services to provide your optional and voluntary consent for your Identifiable Medical Data to be used by VYRTY™. If you provide this consent, which is not required in order to use or access the App, then VYRTY™ may rent, sell, and share your Identifiable Medical Data for any lawful commercial purpose.

Confidentiality and Security

VYRTY™ has taken appropriate steps to ensure that any Personal Data and Medical Data collected will remain secure and protected. We have put in place physical, electronic, and administrative procedures to safeguard and prevent unauthorized access to your data, to maintain the security of your data, and to correctly use the data that we collect. VYRTY™ follows all Applicable Laws, Regulations, and Standards related to the protection and privacy of data, such as using encryption technologies and processes to ensure the security of your data while it is at rest or in motion.

VYRTY™ is not responsible for and will not be a party to any transactions between you and an unapproved third-party provider of products, information or services. VYRTY™ does not monitor such interactions to ensure the confidentiality of your Personal Information. Any access, disclosures, or copies of information you provide to third parties is solely your responsibility.

Changes, Corrections, or Deletions of Your Personal or Medical Data

VYRTY™ provides users with the tools and ability to directly manage their Sync.MD Personal Health Records and those who have access to them. VYRTY™ does not and will not directly manage or respond to requests to change, edit, delete, or modify your Personal Data or your Medical Data. The decision of whether to make any changes to your data, whether to share data with or request data from independent third-parties, and the optional and voluntary consents that you may or may not give to VYRTY™ is solely your responsibility. You may freely add or revoke optional and voluntary consents within the App at any time at your discretion. Any changes or deletions to applicable Personal Data (such as demographic changes) or Medical Data (such as deleting health-related documents) must be done by yourself within our Services. However, your rights to access, change, or delete your Personal Information are not absolute. We may deny you such rights when they violate our End User License Agreement, when they violate State or Federal Laws and Regulations, when required by Law or Regulations, or if the request would likely reveal Personal Information about a third party without proper consent.

Additional Information

Third Party Users or Account Sharing—VYRTY™ does not allow or condone the sharing of Sync.MD accounts or credentials among multiple users; doing so is a violation of our End User License Agreement. VYRTY™ is not responsible for any disclosures of Personal Data or Medical Data that occurs as a result of you sharing your account or its credentials to third parties, whether intentional or not. You are responsible for maintaining appropriate account security such as proper password management and not allowing others to use your Sync.MD App or our Services.

Termination — VYRTY™ reserves the right to decide, at its sole discretion, to no longer offer you the Services. If VYRTY™ decides to terminate your account, VYRTY™ will permanently destroy or revoke access to any copies it maintains of your Personal Data and Medical Data in accordance with its obligations under applicable law.

Children —VYRTY™ does not knowingly collect data from children under the age of 13, and our Services are not directed at users under the age of 13. A parent, guardian, or personal representative may use the Software on behalf of a child under the age of 13. Minors between the ages of 13 and 17 may use our App, but a parent, guardian, or personal representative must consent to the Agreements on their behalf.