Privacy Policy – Oncospace Website (Last Updated 13 June 2022)
1. Scope
This document contains the following privacy policy:
- A “products and services” version, for use in product documentation, e.g., the “Privacy Policy” link in an “About” box that would contain specific sections of this policy.
- ‘Products’ refers to the distributable software Oncospace produces for commercial purposes, and ‘Services’ are systems and processes related to promotion or sale for those commercial purposes.
2.
2.1 Introduction
Oncospace, Inc., a Maryland, USA, corporation (“us,” “we,” or “Oncospace”), is committed to respecting the privacy of our customers, users of Oncospace products, services and applications, including our websites (collectively, the “Services”) in accordance with applicable data protection laws including but not limited to the principles of the Privacy Act of 1974, the EU General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) and the Maryland Personal Information Protection Act.
2.2 Your Consent to, and Agreement with, this Privacy Policy
Please read this Privacy Policy carefully to understand our policies and practices regarding Personal Data and Sensitive Personal Data (both defined below) and how Oncospace will treat each of them.
2.3 “Personal Data” and “Sensitive Personal Data”
As used in this Privacy Policy
- “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”) that may be used directly or indirectly to identify an individual, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Sensitive Personal Data” means data relating to physical or mental health, such as medical history, family history, medical diagnosis, health background, current health status, age, gender, sexual behavior and sexual orientation, demographic information (including race, ethnicity, marital status, salary, education, political, religious, and trade union information), and information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, payments for treatment and health insurance information, or other personally identifiable information under an applicable law.
2.4 The Purpose of Data Collected
2.4.1 Oncospace Product
We may use Personal Data and/or Sensitive Personal Data:
- to operate, audit and improve our Services, which may entail the transfer of data and storage of the data (including storage on the Cloud for certain services as applicable and in accordance with data protection law relating to cross-border transfer of data);
- to collect information transmitted from your computing device for the purpose of providing Services, such as information that lets Oncospace know when you are accessing our Services;
- to provide customer service and support;
- to provide and to facilitate the delivery of products and services;
- to provide you with notices and to facilitate communication between us;
- to enhance security, monitor and verify identity or service access, and to combat fraud, spam, malware or other network and/or information security risks;
- to understand you and your preferences to enhance and personalize your experience and enjoyment when using our services;
- to carry out our obligations and enforce our rights arising from any contracts we have entered regarding you, including Business Associate Agreements;
- to notify you about changes to the Oncospace Privacy Policy and Terms of Use;
- to comply with any court order, law or legal process, including responding to a government or regulatory request, subpoena, or search warrant;
- to link or combine it with other personal information we get from third parties, to help understand your needs, provide you with better service and to prevent fraud;
- for aggregated, statistical analysis to monitor and/or improve our services including metadata about an Authorized User’s activities and behavior within our Service, such as click-patterns and feature utilization;
- to prevent, detect, and investigate security incidents, breaches, and/or unlawful activities.
2.4.2 Oncospace Trials
As part of product evaluation and the pre-sales process, you may be assigned a trial user account, to which you can upload data using the Oncospace Trials Uploader feature of our Customer Tools application. Data uploaded using this tool is anonymized prior to upload, and can be examined by you to ensure that this anonymization meets your requirements and legal obligations.
The anonymized uploaded data will be removed from the Oncospace Trial Customer account within 30 days of your trial ending, or earlier if specifically requested by you. We undertake to use this data only for the following purpose:
- To provide you an experience of using our product, to help in your evaluation of capability and eventual purchase decision.
It may be that your uploaded data is of interest to Oncospace Product Development – for example, if you have an old, new or unusual CT Scanner that provides DICOM images in an unusual format. In such cases, Oncospace staff may contact you to request that the minimum amount of such data be retained for development and testing purposes. Only and only if you agree, such data may be retained by Oncospace as part of ongoing test data.
2.5 Information Collected for Tracking and Customization (Cookies)
2.5.1 What are Cookies?
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded by your browser. These cookies help us make the website function properly, make the website more secure, provide a better user experience, and allow us to understand how the website performs, what works, what doesn’t and where it needs improvement. To find out more about cookies, visit wikipedia.org or https://www.allaboutcookies.org/.
2.5.2 How do We Use Them?
As with most online services, our website uses first-party and third-party cookies for a number of purposes. First-party cookies are mostly necessary for the website to function the right way. More importantly, they do not collect any of your personally identifiable data.
The third-party cookies used on our websites are used mainly for understanding how the website performs, how you interact with our website, and the services it provides. Third-party cookies provide you with a better user experience and help speed up your future interactions with our website.
For improving your return visits to our website, cookies are retained for a period no less than 6 months.
2.5.3 What Types of Cookies do we use?
The cookies used on our Oncospace product web application are grouped into the following categories.
- Analytics: Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of customer visits, page utilization, etc.
- Functional: Functional cookies help to perform certain functions like collecting customer feedback.
- Necessary: Necessary cookies are essential for the website to function properly. These cookies ensure basic functionality and security features of the website, anonymously.
- Performance: Performance cookies are used to understand and analyze the key performance indexes of the web application which helps in delivering a better user experience for visitors.
Advertisement cookies are not used by Oncospace.
Further, these types of cookies can be either:
- Session: Session cookies last only as long as your web browser is open. Once you close your browser, the cookie is deleted. Websites may use session cookies for technical purposes such as to enable better navigation through the site, or to allow you to customize your preferences for interacting with the site;
- Persistent: Persistent cookies are saved on a user’s hard drive in order to determine which users are new to the site, and for repeat visitors, to block recurring invitations.
2.5.4 How Can You Manage Your Cookies?
You can manage your cookie preferences on Oncospace.com by clicking “Settings” and enabling or disabling the cookie categories according to your preferences. However, you are required not to block any cookies necessary for the correct and secure functioning of the Oncospace web application.
2.6 Data Security
We use reasonable and appropriate technical, physical, and administrative safeguards that are designed to enhance the security, confidentiality, integrity and accessibility of Personal Data and Sensitive Personal Data. We incorporate secure storage and transmission technologies including anonymization, pseudonymization, de-identification, data removal, redundancy, encryption, firewalls, physical access controls, auditing and monitoring protocols.
Despite Oncospace maintaining and continuously improving its security controls and overall information security maturity, we cannot in all instances, however, ensure or warrant the security of all information transmitted via Oncospace’s Services and cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by a breach or interference with our systems.
Oncospace applies anonymization, pseudonymization, de-identification and/or removal of Personal Data and Sensitive Personal Data, as described in Section 8.4 of Oncospace’s DICOM Conformance Statement. However, some information available by accessing the Services, such as the date and time and which a plan was generated, could be used in combination with data from your existing hospital information systems in order to further re-identify patient data. You acknowledge that unauthorized or malicious access to both the Services and to your hospital information systems may result in exposure to a more significant information security breach.
2.7 Your Information Choices and Changes
If you would like to submit a request to access, rectify, erase, restrict or object to the processing of Personal Data that you have previously provided to us, or if you would like to submit a request to receive an electronic copy of Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact the Oncospace Privacy Officer at privacy@oncospace.com. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have the Personal Data suppressed from our database, or otherwise let us know what limitations you would like to put on our use of the Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with your account, your email address or other account information, that you use to send us your request, and we may need to verify your identity before implementing your request.
Please note that we may need to retain certain information (other than PHI) for record-keeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
We will try to respond to, and if appropriate, comply with, your request(s) as soon as reasonably practicable.
If you make use of (some of) your choices and rights, you may not be able to use, in whole or in part, certain of the Services.
2.8 Your Express Representation of Authorization and Compliance
Prior to using the Oncospace Services, you expressly represent and warrant that you are authorized to use the Services, that you are authorized to disclose and transfer to us all data provided, and that you will at all times comply with applicable national, state and regional laws relating to the handling, storage, use, privacy, and protection of data to be processed in connection with the Services (including as applicable obtaining the express and informed consent and authorization of the “Data Subject”, such term to include personnel, subcontractors and patients as applicable). You also represent and warrant that all information you provide to us will be current, true, accurate, verifiable and complete. It is entirely your choice whether or not to submit, use or disclose Personal Data and Sensitive Personal Data through Oncospace’s Services. If you choose not to provide the required data, you may not be able to use certain features of Oncospace’s Services.
In order to access the Services, Oncospace will integrate your existing corporate identity (such as Azure Active Directory). You are solely responsible for maintaining the confidentiality of all user logins and passwords and for ensuring that your login and password is used only by you. Oncospace strongly recommends that you consider enhanced identity protection measures such as multi-factor authentication to further secure access to the Services and your other systems.
You are solely responsible for:
- all access and use of the Services that occurs under your account; and
- for the accuracy, quality, integrity, legality, reliability, appropriateness, security, and right to use all data and information that you input into the Services.
You may not circumvent or otherwise interfere with any user authentication or security of the Services.
You must notify us (privacy@oncospace.com) within 24 hours if any of your account data is lost, stolen or used without permission.
2.9 Information We Receive from Third Parties
From time to time, Oncospace may obtain information about you from third party sources, such as public databases and websites, resellers and distributors, joint marketing or business partners, security and fraud detection firms and social media platforms. Examples of the information we may receive from other sources include account information, page-view information, contact information from business partners, search results and links, (including paid listings, such as sponsored links), and credit history information from credit bureaus.
2.10 Sharing of Personal Information
We do not share personal information (Personal Data and Sensitive Personal Data) with third parties other than as follows:
- where it has been de-identified, including through aggregation or anonymization;
- when you instruct us to do so;
- with your consent and authorization, for example, when you agree to our sharing your information with other third parties for their own marketing purposes subject to their separate privacy policies;
- with Oncospace affiliates, in such case the information will be processed as otherwise described in this policy;
- with third party vendors, consultants and other service providers who work for us and need access to your information to do that work. Examples include vendors and service providers who aid with marketing, billing, processing credit card payments, data analysis, fraud prevention, network and information security, technical support and customer service;
- with third party business partners, such as distributors, and/or referral partners, who are involved in providing services to our prospects and/or customers, to fulfill product and information requests and to provide customers and prospective customers with information about Oncospace and its products and services. Our partners are responsible for managing their own use of the personal information collected in these circumstances. We recommend you review the privacy notices of the relevant partner to find out more about their handling of your personal information.
- to comply with laws or to respond to lawful requests and legal process, to protect our rights and property and that of our agents, customers, members and others including to enforce our agreements, policies and terms of use or in an emergency to protect the personal safety of any person;
- to protect any individual’s vital interests, but only where we believe it necessary in order to protect the vital interests of any person; and
- in connection with or during negotiation of any business transfer, merger, financing, acquisition, or dissolution transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company.
2.11 Data Retention and Deletion
We retain personal and sensitive personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing, until deletion or return is possible.
2.12 California Users Only–Your Privacy Rights
California Shine the Light Law: The California Consumer Privacy Act of 2018 (“CCPA”), effective as of January 1, 2020, requires businesses that collect personal information of California residents to make certain disclosures regarding how they collect, use and disclose such information. This section addresses those requirements. For a description of all of our data collection, use and disclosure practices, please read this Privacy Notice in its entirety.
California law gives California residents the right to make the following requests with regard to certain information we collect about them, at no charge, two times every 12 months:
- request a copy of personal information we collected or disclosed for a business purpose in the past 12 months;
- request deletion of personal information we collected, subject to certain exemptions (for example, where the information is used by us to detect security incidents, debugging or to comply with a legal obligation); and
- request that we disclose personal information we collect, use and disclose.
As a processor of such data, Oncospace expects all such resident requests to be proxied via the respective Oncospace customer (entity) that supplied the information to Oncospace in the first place. To do so, these entities may write to Oncospace at privacy@oncospace.com.
2.13 Data Collected
Categories of Personal Information We Collect | Categories of Third Parties with Which We Share Information for Business Purposes |
Non-patient Identifiers (such as clinic name, address, email address) | Corporate affiliates, vendors, service providers and third-party business partners (as identified above) |
Any categories of sensitive personal information as explained in this document. | N/A |
Legally Protected Classifications (such as gender and marital status) | N/A |
Commercial Information (such as transaction data) | Vendors, service providers, and third-party business partners (as identified above) |
Internet or Other Network or Device Activity (such as app usage) | Vendors and service providers |
Approximate Location Information (such as location inferred from your IP address, city, country) | Vendors and service providers |
Professional or Employment-Related Data (such as the name of your employer) | Vendors, service providers, and third-party business partners (as identified above) |
Education Information (such as degrees and certifications) | Vendors and service providers |
Inferences drawn from any of the information identified above | N/A |
2.14 Personal Data of Minors
Special information for parents: The Oncospace Services are not directed to children, as defined under applicable law, and we do not knowingly collect Personal Data from children. It is, however, Oncospace policy to comply with the law when it requires parent or guardian permission before collecting, using or disclosing Personal Data of children. We are committed to protecting the privacy needs of children and we strongly encourage our customers to communicate with parents and guardians to take an active role in their children’s online activities and interests. If a parent or guardian becomes aware that his or her child has provided you with his or her Personal Data without their consent, please contact us. If we become aware that a child has provided us with Personal Data, we will delete his/her data from our files.
2.15 Changes to this Notice
We may change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above. If such changes are material in nature, we will provide you with additional notice (such as adding a statement to the main website page or sending you an email notification).
2.16 Inquiries or Concerns
If you have any questions about this notice, please contact the Oncospace Privacy Officer at privacy@oncospace.com.