Health Flights Solutions Inc. Privacy Policy:
Customer relationships at Health Flights Solutions Inc. (Health Flights, we, us) are built on trust. You have chosen to do business with Health Flights, and we guard that relationship with great care, beginning with the information you have chosen to share with us. Health Flights provides technology products for the medical, health and wellness sectors. In order to provide these services, Health Flights receives information about members, affiliates and others, as well as their customers, including but not limited to non-public personal information, medical and health information, email addresses, etc. (collectively, Personal Information). We believe that making you aware of how we use your Personal Information, and to whom it is disclosed, will form the basis for a relationship of trust between us and the public that we serve. This Privacy Statement provides that explanation. We reserve the right to change this Privacy Statement from time to time consistent with applicable privacy laws.
In the course of our business, we may collect Personal Information about you from the following sources:
- From applications, documents or other forms you or your authorized representative fill out, upload or send to us.
- From your transactions with, or from the services performed by, us, our affiliates, our members, or others.
- From our internet web sites.
- From the public records maintained by governmental entities that we either obtain directly from those entities, or from our affiliates or others and
From consumer or other reporting agencies.
Our Policies Regarding the Protection of the Confidentiality and Security of Your Personal Information:
Health Flights maintains physical, electronic and procedural safeguards to protect your Personal Information from unauthorized access or intrusion. We limit access to the Personal Information only to those employees, contractors and agents who need such access in connection with providing products or services to you or for other legitimate business purposes. We will at all times comply with all laws and regulations to which we are subject regarding the collection, use and disclosure of individually identifiable information.
The member’s area of our website and Patient Portal (which may be accesses through third-party websites) use SSL Protection. We use a technology called Secure Socket Layers (SSL), an encryption technology to establish a secure connection between your computer and our server. A secure connection is maintained while you are logged on. If you would like to be certain that you are using a secure connection, the site name is preceded by “https” and not “http” and the icon in the bottom left-hand corner of your Web browser’s window should appear as a closed lock.
Although we use SSL encryption to safeguard the confidentiality of your information as it travels over the Internet, “perfect security” does not exist on the Internet and we cannot guarantee the safety of transmitting personal information over the Internet.
The member area of our websites, products and tools, including our member, physician and patient portals (which may be accessed through third-party websites) also use Password Protection. You are responsible for maintaining the confidentiality of your passwords. We have the right to assume that anyone accessing our sites using a password assigned to you has the right to do so. You will be solely responsible for the activities of anyone accessing our sites using a password assigned to you, even if the individual is not, in fact authorized by you. You agree to change your password immediately if you have reason to believe that your password may have been compromised or used without authorization.
We may combine, in a non-identifiable format, the Personal Information you provide with information from other users to create aggregate data that may be disclosed to third parties. Aggregate data combines non-personal, similar data from many or all the users. This sort of statistical information is called aggregate data because it reflects the habits and characteristics of a large group of anonymous people. Aggregate data does not contain any information that could be used to contact or identify you. For example, we may use information gathered to create a composite profile of all the users of a particular third party site, who may use this information to understand needs and to design appropriate programs and activities on their site or we may we may use information gathered to create statistics of how many people visit a particular country or request a particular service
Our websites may use “cookies” for site administration purposes. If for any reason you wish to not take advantage of cookies, you may set your browser to not accept them, although this may disable or render unusable some of the features of our website. Our website also may detect and use your IP address or domain name for traffic monitoring and capacity purposes or to otherwise administer our website or track usage patterns.
Our Policies and Practices Regarding the Sharing of Your Personal Information:
We may share your Personal Information with our members and affiliates. We also may disclose your Personal Information:
- to providers, agents, brokers or representatives to provide you with services you have requested
- to third-party contractors or service providers who provide services or perform marketing or other functions on our behalf, such as webhosting or data storage providers
- to governmental entities to meet our legal requirements connected to the collection, retention and disclosure of individually identifiable information, such as tax reporting or identification of money laundering
- to law enforcement in connection with investigations, or civil or criminal subpoenas or court orders and to maintain our relationship with our employees.
In addition, we will disclose your Personal Information when you direct or give us permission, when we are required by law to do so, or when we suspect fraudulent or criminal activities. We also may disclose your Personal Information when otherwise permitted by applicable privacy laws such as, for example, when disclosure is needed to enforce our rights arising out of any agreement, transaction or relationship with you. One of the important responsibilities of some of our affiliated companies is to record documents in the public domain. Such documents may contain your Personal Information.
We may provide aggregate data to third parties. For example, we might inform third parties regarding the number of users of our website and the activities they conduct while on our site. We might also provide a medical provider, or other entities (that may or may not be a member of our sites) data that certain percentages of our users request a particular service. Depending on the circumstances, we may or may not charge third parties for this Aggregate Information. We require parties with whom we share aggregate information to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.
Right to Access Your Personal Information and Ability to Correct Errors or Request Changes or Deletion:
Certain states afford you the right to access your Personal Information and, under certain circumstances, to find out to whom your Personal Information has been disclosed. Also, certain states afford you the right to request correction, amendment or deletion of your Personal Information. We reserve the right, where permitted by law, to charge a reasonable fee to cover the costs incurred in responding to such requests. We recommend that because most Personal Information received by Health Flights is processed by or on behalf of our clients, that you first contact the client to whom you submitted the data and request access to your Personal Information from the client.
All requests must be made in writing to the following address:
Compliance, Health Flights Solutions Inc
1360-B Lake Baldwin Ln
Orlando, Florida 32814
Our policy regarding children:
We are committed to protecting the privacy of children. Neither our sites nor any of its services are designed or intended to attract children under the age of 13. We do not collect Personal Information from any person we actually know is under the age of 13. A parent or guardian, however, may use our services to request services from us or our affiliates or fill-out, upload or send us personal or medical/health information for a minor. The parent or guardian is solely responsible for providing supervision of the minor’s use of our services. The parent or guardian assumes full responsibility for ensuring that the registration information is kept secure and that the information submitted is accurate. The parent or guardian also assumes full responsibility for the interpretation and use of any information or suggestions provided through our websites or services for the minor.
Our policy regarding links to external sites or access to our services/products/tools from external sites:
Our websites contain links to third-party (“external”) websites. We do not endorse or make any representations or warranties for the accuracy of content located on linked external websites. We are not responsible for any linked external website’s privacy policies, content, products, data collection procedures, materials, software, business activities, etc.
Health Flights websites, patient, member, physician portals, and other products and tools may be accessed through third-party websites. Health Flights is not responsible for the content or privacy practices of other websites to which this site may link or from which you gained access to our products, tools or services.
Limitation on Scope of Principles:
Adherence by Health Flights to this policy may be limited to the extent required to meet legal, governmental or national security obligations, including requirements to cooperate with law enforcement.
EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework:
The European Union (“EU”) adopted Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“EU Directive”), which requires EU member countries to adopt laws protecting personal data collected within their borders. Switzerland adopted the Swiss Federal Data Protection Act (“SFDPA”) and the Data Protection Ordinance (“DPO”), which regulate all acts of personal data processing. In accordance with Article 2a of the EU Directive, and the SFDPA and DPO, personal data includes any information relating to an identified or identifiable natural person (“Personal Data”). The EU Directive, SFDPA and DPO allow the transfer of Personal Data only to countries that have data protection laws deemed “adequate” under the respective legal frameworks. The US Department of Commerce has agreed on the requirements to enable US Companies to satisfy the mandate under EU law and Swiss law that adequate protection be given to Personal Data transferred from the EU or Switzerland to the US. For EU citizens’ Personal Data, these requirements are memorialized in the EU-U.S. Privacy Shield Framework. For Swiss citizens’ Personal Data, these requirements are memorialized in the Swiss-U.S. Privacy Shield Framework.
Health Flights and its affiliates and subsidiaries operating under the brand name of Health Flights (iGlobalCare Solutions and GSI Infosoft) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Health Flights adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. Health Flights is committed to subjecting all Personal Data received from the European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. The United States Federal Trade Commission (FTC) is the enforcement authority with jurisdiction over this compliance with the Privacy Shield. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield principles, the Privacy Shield principles shall govern. To learn more about the Privacy Shield Framework, visit the US Department of Commerce’s Privacy Shield site at https://www.privacyshield.gov
Processor on Behalf of Customers:
Health Flights provides software as a service designed to help companies manage their medical travel processes. In this capacity, Health Flights acts as a Data Processor, and data it collects and stores is done so at the direction of and on behalf of our customers. It does not own or control any of the information it processes on behalf of its customers and Health Flights receives information transferred from the EU to the United States merely as a processor on behalf of our customers. Health Flights has appointed a corporate leader of fair information practices who is responsible for the internal supervision of Health Flights’ privacy policies. Health Flights has also appointed a corporate leader for data security. Health Flights is committed to educating its customers and associates (employees) in the United States about the issues, guidelines and laws surrounding compliance with the Privacy Shield Framework. The corporate leader for fair information practices is available to any associate who has questions concerning Health Flights’ Privacy Policy or data security practices. Health Flights’ policies and manner of compliance are described separately below.
When Health Flights acts as a processor on behalf of its customers, the policies outlined below apply to all data processing operations concerning Personal Data has been transferred from the EU or Switzerland to the United States.
Processing Contracts:
Before starting any processing on behalf of Health Flights’ customers, Health Flights will enter into a processing contract with the EU or Swiss data controller responsible for the personal information pursuant to the applicable EU Member State data protection law or Swiss data protection law. The processing contract ensures that the EU or Swiss data controller will be in compliance with the Member State Data Protection law. The processing contract will also specify that the processing will be carried out with appropriate data security measures. Health Flights has in place measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction. Any information Health Flights’ customer (acting as the EU or Swiss controller) identifies as sensitive will be treated accordingly. Further, any data processed by Health Flights will not be disclosed to third parties except where permitted or required by the processing contract, Privacy Shield or the applicable Member State Data Protection law. Health Flights will not disclose personally identifiable information to third parties unless specifically agreed to and at the direction of the data owner, or when we are required by law in response to lawful requests by public authorities to meet national security or law enforcement requirements including subpoenas, court orders or legal process.
As a processor on behalf of Health Flights’ customers (who is the EU or Swiss controller), Health Flights is not required to apply other EU Privacy Shield Principles or Swiss Privacy Shield Principles to the personal information received for processing from a customer.
Notice:
Prior to the transfer of any non-public personal information from the EU or Switzerland to the United States, Health Flights requires contractual confirmation from the EU or Swiss controller from whom Health Flights acquired the information that the Personal Data has been provided to Health Flights in accordance with the applicable EU Member State data protection law or Swiss data protection law, thereby ensuring the data subjects have been provided with proper notice regarding how their personal data will be used. In addition, when Personal Data is collected directly from data subjects, Health Flights provides the data subject with notice regarding the manner and circumstances in which the Personal Data will be used and transferred to third parties.
Choice:
Prior to the transfer of any non-public personal information from the EU or Switzerland to the United States, Health Flights requires contractual confirmation from the EU or Swiss controller from whom Health Flights acquired the information that the Personal Data has been collected in accordance with applicable EU Member State data protection law or Swiss data protection law, thereby ensuring the data subjects have been provided with the proper choice regarding how their Personal Data may be used. In addition, when Personal Data is collected directly from data subjects, Health Flights provides the data subject with notice regarding the manner in which their Personal Data will be used and where it will be stored.
Data Integrity:
Health Flights takes reasonable steps to ensure the information transferred from the EU or Switzerland to the United States is reliable, accurate and complete. The steps Health Flights takes to assure data integrity are based on the purposes for which the Personal Data is used.
Onward Transfer:
Health Flights complies with the notice and choice principles as described above for all data disclosed or transferred to a third party. We do transfer Personal Data to certain third-party agents or service providers with whom we have entered written agreements and which agreements addresses data privacy and security policies and procedures that requires all contractual parties to ensure that Personal Data is protected with the same level of protection the Privacy Shield requires. Under certain circumstances, we may be required to disclose Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements. When Health Flights uses data processors/centers to perform processing tasks/store data on behalf and under the instruction of Health Flights, Health Flights requires that its data processors enter into a written agreement with Health Flights requiring them to provide the same level of protection as Health Flights provides, and retains liability for onward transfers to such agents when under the direction of Health Flights.
Security:
Health Flights has in place an information security policy to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction. Health Flights’ security officer is responsible for conducting investigations into any alleged computer or network breaches, incidents or problems and ensuring the proper disciplinary action is taken against those who violate Health Flights’ information security policy. Any security compromises or potential security compromises and any inquiries concerning security should be reported to the Health Flights Compliance department.
Access:
Health Flights acknowledges the right of EU or Swiss individuals to access information held about them. Individuals wishing to access their information to correct, amend, or delete their Personal Data, or limit the use of their Person Data, should contact Health Flights. When Health Flights acts as a Data Processor, Health Flights’ customers are responsible, pursuant to their contractual agreements with the company, for providing individuals with access to their Personal Data, allowing individuals to correct, amend and delete their Personal Data, or requesting to limit the use or sharing of their Personal Data, as required by applicable law. Health Flights requires its customers to maintain appropriate procedures for handling individuals’ requests to access, correct, delete, or limit the use of their Personal Information, in accordance with applicable law. To exercise these rights, individual should contact the appropriate Health Flights customer that transferred their Personal Data to Health Flights. Health Flights will cooperate fully with its customers in responding to any such request. In the event a request is made directly to Health Flights, customers are required to cooperate with Health Flights in promptly addressing such requests.
Health Flights agrees to process all reasonable requests for access within a reasonable time period, but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be disproportionate to the risks to the individual’s privacy or in the case of an unwarranted or fraudulent request.
Enforcement:
When Health Flights acts as a Data Processor, individuals should submit complaints concerning the processing of their Personal Information to Health Flights’ customer that originally collected their information in accordance with the customer’s relevant dispute resolution mechanism (if available). Health Flights will participate in the customer’s dispute resolution process at the request of the individual.
In compliance with the EU-U.S. Privacy Shield Principles and Swiss-U.S Privacy Shield Principles, Health Flights commits to resolve complaints about an individual’s privacy and our collection or use of Personal Data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy may contact us at the address given below (“how to Contact Us”).
If after contacting us, your complaint or dispute has not been resolved, your complaint will be referred to JAMS, as a third party resolution provider. Health Flights commits to following the determination and advice of this provider. You may use this link to contact JAMS https://www.jamsadr.com/eu-us-privacy-shield. The services of JAMS are provided at no cost to you.
Binding Arbitration
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have first taken the following steps: (1) raised your complaint to the organization that originally collected your information (2) raised your complaint directly with Health Flights and provided us the opportunity to resolve the issue; (3) made use of the independent dispute resolution mechanism identified above; and (4) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) at http://ec.europa.eu/justice/data-protection/files/annexes_eu-us_privacy_shield_en.pdf.
How to Contact Us:
Please address any questions or concerns regarding this Policy or Health Flights’ practices concerning Personal Information or Personal Data to:
Compliance, Health Flights Solutions Inc,
1360-B Lake Baldwin Ln
Orlando, Florida 32814
This Privacy Policy was last revised April 24, 2017