Sync.MD is a company with a technological platform that helps exchange information between individuals and organizations in a more secure, efficient, and electronic manner. Sync.MD uses software, mobile applications, website, and associated services (collectively the “Services”) to collect, store, share, and exchange your personal information with organizations and individuals that you choose.
The team at Sync.MD takes the privacy and protection of your personally identifiable information (or “PII”) as our top priority. We will not sell or rent your data. We will not allow third parties to use it for profit or monetary transactions, and this includes both your PII and any deidentified or anonymized data that may be created based on your PII.
Sync.MD and our Services do not provide medical advice, treatment, or diagnosis. Always seek the advice of healthcare providers directly, not through our Services, with any issues, questions, or concerns that you may have regarding a medical or health emergency, treatment, or diagnosis.
Section 1. Collection of Personally Identifiable Information
Information Provided to Sync.MD
When you use Sync.MD, you may submit or Sync.MD may collect a variety of PII to give you access to our Services. Depending on the type of product or service that you are using, this PII may include:
- Contact Information (name, email, address, telephone number)
- Demographic Information (birthdate, age, gender, marital status)
- Financial Information (employment status, employer, salary)
- Government-Issued Driver’s License Information (driver’s license number, barcode, copy or image of license)
- Automotive Insurance Information (insuring organization, insurance status, account number, copy or image of insurance card)
- Payment information (billing address and credit card details, including card number, expiration date, and security code)
- Biometric Information (temporary processing of face, facial, eye, iris, retina, and other ‘Selfie’ related image data, scans, or identifiers for identity verification services)
- Personal Health Information (information and data related to the provision of health care to you such as your health status, medical records and related information or documents, consent to treatment forms, authorization to disclose medical information forms, Medicare forms, Medicaid forms, living wills, Directives to Physicians and Family or Surrogates, Medical Powers of Attorney, Out of Hospital Do Not Resuscitate Orders, Declarations of Mental Health Treatment, images, reports, labs and test results, medical treatments performed on you, and any other “protected health information” that may otherwise be defined under HIPAA and similar terms as defined by state, national, or international law)
- Self-Reported Health Information (information that you voluntarily enter or provide while using our Services, such as information about your health and/or medical condition and behaviors such as medications, exercise, or other activities)
- Legal Forms, Contracts, and Agreements (forms, contracts, agreements, authorizations, and other types of legally binding documents provided or collected through our services for your storage, transfer, review, consent, execution, or electronic signature including originals and/or copies)
- Electronic Signatures (record and/or image of your electronic signature including name, date, and time of the signature)
- Business Contact Information (name of organization, business email, business address, business telephone number)
- Other information that you provide directly to us or authorize a third party to provide to us
Automatically Collected Information while using our Services
In addition to the PII listed above, Sync.MD may automatically collect, store, and analyze data from your computer, mobile device, or smartphone. Sync.MD automatically collects IP addresses and web site usage information when you access our Services including:
- The type of web browser used
- Access times
- Webpages viewed
- The Webpage viewed before navigating to our Services
- Information about the computer, mobile device, or phone used to access our Services, including hardware model, operating system and version, unique device identifiers, and mobile network information.
This information helps Sync.MD evaluate how our users, visitors, and customers navigate our platform. We look at such things as the number and frequency of people accessing each web page and how long they stay.
Web browsers are often set to accept cookies by default. If you prefer not to share cookies with Sync.MD, you may be able to set your browser to delete or reject all cookies or specific browser cookies. If you choose to delete or reject cookies from Sync.MD, this could impact the functionality of the services provided through Sync.MD.
Information Collected from Third-Party Sources
Section 2. Usage of Personally Identifiable Information
Sync.MD may use the PII collected about you only for the following:
- For the purpose(s) you specifically provided the information
- To register you as a customer, client, or associated user (or as a potential customer, client, or associated user) with organizations, individuals, or entities that you choose and consent to sharing and exchanging information with through Sync.MD
- To provide you with our Services or access to our Services
- To provide our Services or access to our Services with the organizations, individuals, or entities that you choose and consent to sharing and exchanging information with through Sync.MD
- To send you electronic notices or email to provide informational and operational support such as user management, customer service, system maintenance, or legal notifications
- To verify your identity and the legitimacy of your submitted PII
- To evaluate, enhance, and develop features, products, and services
- To detect and prevent fraudulent or illegal usage of our services
- To ensure internal quality control
- To perform accounting, auditing, and other internal functions
- To carry out any other purpose for which the information was collected
We may also use the information in other ways with your express consent. For instance, if we use a service or product that we offer jointly or through another entity. We may also use the information we collect about you in other ways if we provide specific notice and gather your active consent at that time.
Retention of PII
Sync.MD may keep the PII we obtain for as long as you continue to actively use or maintain our services, as needed to fulfill the specific purpose(s) for which it was collected, and/or to provide ongoing services to the organizations or individuals with whom you have already shared or exchanged your PII. We may also need to retain your PII to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws and regulations.
In the event of unused, or otherwise inactive accounts, Sync.MD will retain your PII and associated user data for a period of seven years. At that point your account, information, and all its associated user data will be permanently deleted from our records. Once deleted, it will no longer be accessible by us or recoverable by you in any way.
You are always free to delete your account and all its information and data, at any time, for any reason. You can initiate this process directly through the Services at your own discretion or by contacting Sync.MD at email@example.com. We will respond to all requests within a reasonable time or thirty business days.
Please make sure that you download or make copies of any information that you wish to keep before deleting your account.
Legal Foundation for Handling Your PII
Some jurisdictions require companies to tell you the legal framework that gives them authority to use, disclose, or process your PII. To the extent that any of those laws apply, our legal foundation is as follows:
To fulfill our contractual commitment we made with you
- Most of our processing of PII is done to provide you with continued access and use of our services to exchange and share your information with the organizations, individuals, or entities that you choose.
Legitimate business interests
Other processing of PII occurs because it furthers a
legitimate or protected business interest in a way that does
not override individual interests or fundamental rights and
freedoms. This includes activity such as:
- Providing a safe and enjoyable user experience
- Customer Service
- Marketing Communications
- Protecting our users, employees, property, or trade secrets
- Analyzing and improving our business operations by collecting information about how you use our services to improve on the design and placement of features
- Managing legal, regulatory, or compliance-based issues
- Other processing of PII occurs because it furthers a legitimate or protected business interest in a way that does not override individual interests or fundamental rights and freedoms. This includes activity such as:
- We may need to use, disclose, and maintain PII in certain ways to comply with legal obligations or for certain activities or features offered within our services that require different standards.
- Where required by law, and in some other circumstances, we handle PII on the basis of your express or implied consent to use it.
To protect and safeguard vital interests of individuals or other people.
Section 3. Sharing of Personally Identifiable Information
Sync.MD is not in the business of selling, renting, or sharing your PII for profit or monetary transactions. This includes any de-identified or anonymized data created from your PII. Third parties are not allowed to use your PII, including using or creating de-identified or anonymized data based on your PII, without your active consent. Third parties are not allowed to use your PII in any way that contradicts the standards of this Policy or the terms of our Services.
The services we provide to you involve the sharing of sensitive information. The trust you place in Sync.MD to handle that information is why we consider the protection and safeguarding of your privacy our top priority. However, there are certain situations in which we may share your information with specific third parties based on the following conditions.
You may customize, manage, and revoke your consents through our Services and Applications. Be aware that the organizations, or individuals that you shared your PII with may have already acted, made decisions, or used your PII while your consent was active. Do not share your PII unless you are comfortable with recipient being able to view and use it for the purposes or services that you are providing it.
Sharing, Storing, and Processing by Related Service Providers
We may need to share, store, or process information about you with Sync.MD related Service Providers as part of the delivery of our Services . We may also share information about you with these service providers to support, enhance, or troubleshoot the Services we provide to you, to fulfill legal requirements, and for routine business purposes.
The types of activities and service providers to whom we may share, store, or process PII with include the following categories.
- Information Technology (IT) services
- Business Technology (BT) services
- Payment Processing Services
- Customer Service Activities
- Identity Verification or Identity Authentication Services
- Fraud Prevention
- The provision of Information and Services which you have specifically requested and consented to
- In connection with the provision of other Services or Products that we may offer in the future after updating this Policy accordingly
We may need to disclose or be required to disclose, information about you in specific legal situations.
- As needed for legal requirements or legal process (such as a court order or subpoena)
- In response to requests by government agencies such as law enforcement authorities
- To establish, exercise, or defend the rights of Sync.MD
- When disclosure is necessary or appropriate to prevent physical, financial, or other harm
- In connection with an investigation of suspected or actual illegal activity or content
- With your consent or at your discretion
Should you choose to stop using our Services and close your account, you will be given a chance to have copies of your PII securely transmitted, shared, or downloaded for your personal use or retention before your account, information, and all your associated data is permanently deleted.
Section 4. Collection and Usage of De-Identified Data
Sync.MD may collect, process, and use your PII to change it into aggregated or non-aggregated data sets of de-identified information. De-identified information means that your PII has been fundamentally changed so that any information, and data points that could be used to identify you (or which could be reasonably used in combination with other information to specifically identify you), has been completely removed or transformed.
Aggregation of de-identified information means that even after your PII is made anonymous, it is combined with large amounts of other anonymous data so that no single source of data is identifiable.
Sync.MD may use de-identified data in aggregated or non-aggregated forms exclusively internally for the following purposes:
- To evaluate, enhance, and develop features, products, and services
- To directly perform or engage in research, analytics, and testing
- For any other legitimate but exclusively internal business purpose authorized by law
Section 5. No Sharing of De-Identified Data
Sync.MD does not sell, rent, or otherwise profit or engage in monetary transactions from providing any de-identified or anonymized user data to third parties, in any form.
Section 6. Risks of Choosing to Share or Exchange Data and Information through Sync.MD
When you use Sync.MD, we will provide you with Services that allow you to collect, store, share, and exchange PII about yourself with any organizations or individuals that you choose. Your decision to use Sync.MD and share information with other parties in this manner is not without risk however, and you should consider them before or while using our Services.
You are not required to use Sync.MD to receive any form of medical treatment, advice, or services from a healthcare provider. Sync.MD is an optional, third-party service provided directly to individuals for use as their own Personal Health Record. You are always free to request, exchange, and access your medical information directly from your healthcare providers without using Sync.MD.
When you share medical information, you should be aware that it could include data or information that may impact others. Genetic tests, family histories, and similar types of medical information can reveal sensitive health information about others such as your spouse, relatives, children, etc. Carefully consider whether you trust the recipient to keep such information secure and protected before you share it.
Also consider the risks of information disclosure if you make a mistake or error when using Sync.MD. You should always carefully review and verify the details of any organizations, individuals, or entities that you select or choose to share information with. We encourage you to talk directly with those recipients outside of Sync.MD before you share information. You should discuss any concerns that you may have, such as their reason for needing your information, how much information they need, and what actions or decisions they may make based on that information.
Sync.MD is not responsible for any actions or decisions that an organization or individual may take based on the information that you share with them. This includes any decisions regarding healthcare advice, treatment, diagnosis, verification of qualifications or insurance, testing results, offers of employment, terms of loans or product purchases, or any other actions that may come from the sharing of your PII. Carefully consider whether you want or need an organization or individual to have access to your information through Sync.MD.
Section 7. Geographic Processing of Information – Consent to Transfer, Process, and Use your PII in the US from other countries
Sync.MD is based in the United States and we offer our Services exclusively as part of operations within the United States. The laws of the United States which govern the collection and use of personal data may not be as comprehensive or protective as the laws of many other countries.
Section 8. Your Consent for Email Communications from Sync.MD
By using our Services or providing your PII to Sync.MD, you agree that Sync.MD may send you emails about important user account, security, privacy, and/or administrative matters relating to your use of the services.
If we learn of a security or data breach for example, we will email you based on the information that you provided at the time of your registration. You may also have a legal right to receive such a notice in writing.
Section 9. Unsolicited Information
You may provide us with ideas for new products, modifications to existing products, or other unsolicited submissions, feedback, or contributions (collectively, “Unsolicited Information”). All Unsolicited Information is non-confidential. Sync.MD is free to reproduce, use, disclose and distribute such Unsolicited Information to others without limitation or attribution.
Section 10. Request to Access or Delete PII
We will give you the chance to access or delete PII that we have in our possession. You can manually access or delete most forms of PII collected through Sync.MD through your account, our applications, or our Services. If you wish to directly request access or deletion of your personal information, please contact us at firstname.lastname@example.org or use the “Delete Account” function available within our Services or Applications.
We may still need to keep certain information as required by law, to provide ongoing services for the organizations, individuals, or entities who already have your PII, or for legitimate business purposes. We will respond to your request for access or deletion within a reasonable period or within thirty business days.
If you request to delete your PII, it will all be permanently deleted. Please make sure that you download or make copies of any information that you wish to keep before deleting your account.
Although Sync.MD makes good faith efforts to provide individuals with access to their PII when requested, there may be times when Sync.MD cannot provide access, including:
- The information contains legal privilege
- The information would compromise the privacy or rights of other individuals
- The burden or expense of providing access outweighs the risks to the individual’s privacy
- Where it is commercially proprietary
Section 11. Annotating, Correcting, or Marking PII
Sync.MD makes an effort to provide tools and methods for you to directly update or change your PII, like contact information, as needed… However, some forms of PII collected are unable to have their content changed, such as records, forms, and documents that may be stored or preserved in static electronic formats such as PDFs.
In these situations, Sync.MD will provide you a process to flag or mark these forms of PII based on particular conditions. This way you and any organizations, individuals, or entities that you choose to share this PII with, will have notice of the problem, issue, or error associated with the underlying PII.
You may always reach out to us at email@example.com to request corrections, annotations, or changes to your PII. We will respond to all requests within a reasonable time or thirty business days, although we may not always be able to fulfill every request due to technical or legal barriers.
Section 12. Data Security and Data Breach
Sync.MD takes appropriate technical, security, and organizational measures to protect against unauthorized access, unlawful processing, accidental loss, destruction, or damage to PII and other data. You acknowledge and agree however, that no security measures are perfect or impenetrable, and Sync.MD cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure. Sycn.MD is not responsible for the circumvention of any privacy settings or security measures contained on the Sync.MD platform or services by any users or third parties.
If a data breach does occur, Sync.MD will formally notify the impacted parties via email with information about how and when the data breach occurred and the kinds of personal information that was involved or put at risk. The notice will explain and detail the steps that Sync.MD is taking to remedy the breach, protect individuals, and what services we are offering in response. The notice will include individual steps or actions that you may take, and how to contact us for more information.
Section 13. Policy for Minor Users
Section 14. Changes to Policy
This may include a combination of direct disclosures or notifications within our Services, Applications, or Website, contacting you through email, and by posting the revised policy on this page with a new “Last Updated” date. Providing your renewed consent to the changes we make, publish, or communicate about this Policy means that you are agreeing with the new terms.
Section 15. Change in Ownership
Should you choose to stop using our Services and close your account, you will be given the chance to have copies of all your PII securely transmitted, shared, or downloaded for your personal use prior to your account and all its associated data and information being permanently deleted.
Section 16. Governing Law
Section 17. How to Contact Us or Submit a Complaint
If you would have a question about this policy, are seeking privacy related information, or would like to submit a complaint, please send us an email at firstname.lastname@example.org. We will respond to all complaints within a reasonable time or thirty business days.
Section 18. Notice to California Users
The information provided in this section applies only to California residents.
The California Consumer Privacy Act of 2018 (“CCPA”) requires us to provide an explanation of the rights and choices we offer to California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use, and share.
1. California Residents’ Privacy Rights
The CCPA grants California residents the following rights:
Information: You can request information about
how we have collected, used, and shared your personal
information during the past 12 months.
- Access: You can request a copy of the personal information that we maintain about you.
- Deletion: You can ask us to delete the personal information that we collected or maintain about you.
The CCPA places limits on these rights. We may not be able to provide certain sensitive information in response to an access request. We may be limited in the circumstances in which we must comply with a deletion request. If we do deny or limit your request, we will communicate our decision to you. You may exercise the rights listed above free from discrimination.
2. How to Submit a Request
To request access or deletion of personal information from out databases, please send us an email at email@example.com. The CCPA requires us to take certain steps to properly verify the identity of the individual submitting a request before we can process it.
- We will contact you independently using the email address associated with your PII to confirm the validity of the request and your ownership of the data. We may also ask that you provide certain details and information about yourself to assure us that you are in fact the individual to whom the information you have requested belongs to.
- Once we have confirmed your identity to a satisfactory level in keeping with the principles of the CCPA, we will begin processing your request and notify you of any limitations or denials.
- California residents may empower an “authorized agent” to submit requests on their behalf. As part of our security and privacy measures, we require that any authorized agents have a written authorization with your signature confirming their authority to act on your behalf.
3. Personal Information that Sync.MD Collects, Uses, and Shares
Sync.MD will never sell or rent your personal information without your consent.
Information that Sync.MD directly collects from you:
- Our services may collect information directly from you, which identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or device (“Personal Information”).
- We may collect this Personal Information directly from you on our web portal or through our services, or indirectly from you, such as by observing your actions when using our web portal, our services, or our website.
4. Categories of Personal Information
|Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code Section 1798.80(e))||Yes|
|Protected Classification Characteristics under California or federal law||Yes (age)|
|Internet or other similar network activity||Yes|
|Professional or employment-related information||Yes|
|Non-public education information (per the Family Educational Rights and Privacy Act (20 USC Section 1232g, 34 CFR Part 99))||No|
|Inferences drawn from other personal information||Yes|