Privacy Notice updated on January 12, 2016.
Aptus Health Holdings, Inc. and its affiliates, subsidiaries and divisions (collectively, the “Company,” “we,” “us” and “our”) value your confidence in us and respect your privacy. We have prepared this Privacy Notice to describe our policies and practices for safeguarding the personal information you provide to us, or which we obtain about you, through our services that link to this Privacy Notice. Our services include our websites, newsletters, mobile applications, reference tools, sponsored content, continuing medical education and communications (the “Services”).
Your personal information is controlled by Aptus Health Holdings, Inc., a U.S. company with its registered office at 55 Walkers Brook Drive, Reading, MA 01867-3274 USA. Irrespective of the country in which you reside or from which you supply personal information, you authorize us to use your personal information in the United States and any other country where the Company operates.
Aptus Health Holdings, Inc. is a wholly-owned subsidiary of Merck & Co., Inc., Kenilworth, New Jersey, U.S.A. (known outside the U.S. and Canada as MSD) (“MSD”), with its own independent employees, editorial process, business and financial operations, and governance. Aptus Health Holdings, Inc. maintains its information independent from MSD and maintains confidentiality of its customers’ information from MSD.
INFORMATION COLLECTED AND HOW WE USE IT
One of our primary goals in collecting information from you is to give you a meaningful, enjoyable and customized experience while using our Services and to allow us to develop new products and services that are relevant to you. Your personal information also allows us to provide specific services and features that are likely to meet your needs and preferences, and to customize our Services to make your online experience more rewarding.
In the course of using our Services, we may ask you to provide us with certain personally identifiable information (“Personal Information”) that we use to provide you the Services and to contact or identify you. The Personal Information we collect may include your name, contact information (e.g., address, phone number, fax number, e-mail address), as well as the following categories of Personal Information for the following purposes:
- Registering for our Website or Newsletter. When you register for one of our websites or sign up for one of our newsletters, we may collect your name, specialty, contact information, professional information and credentials about you, such as your degree, specialty, license number, medical or other graduate school and year of graduation in order to provide you with content that is tailored to your practice and interests. Although most of our Services require you to register with us, you may use some of our Services (e.g., browsing our public-facing websites), without providing any Personal Information.
- Purchasing our Products or Services. For the purchase of certain products or services, we may request credit card information as well as your billing and shipping address
- Contacting Us. If you voluntarily offer feedback or contact us via e-mail, we may collect your name and e-mail address, as well as the content included in the e-mail, in order to send you a reply.
- Participation in a Survey, Program or Promotion. When you voluntarily participate in surveys, programs or promotions (as described in detail below) of ours or of our Partner Companies (as defined below), we may collect your contact and demographic information. By submitting answers to these surveys, programs or promotions, you are providing specific feedback to us. Participation is voluntary and you have the opportunity to decline participation. If you elect to participate in a survey, program or promotion sponsored by a Partner Company, we may share your Usage Information (as defined below) with the sponsoring Partner Company. We do not share your personal contact information with a sponsoring Partner Company without your consent, but by choosing to participate in a sponsoring Partner Company's survey or program, you agree that we may share participant response data with the sponsoring Partner Company. The sponsoring Partner Company will be required to conform to privacy agreements no less stringent than this notice.
- Communicating with You. We may also use your contact information as well as other Personal Information to communicate with you. For example, we may correspond with you through e-mail, direct mail, fax, or phone calls: (a) to facilitate your transactions and orders; (b) to fulfill legal requirements; (c) to allow you to participate in our surveys, programs and services; and (d) to deliver e-mail marketing communications about new surveys, programs or services and to alert you to developments or selected information about products and services in the health care and life sciences industries related to your medical specialty. We may also use such information to extend offers to you from our Partner Companies (as defined below), to respond to your comments or requests for information, or to contact you in the course of processing or shipping products or services offered through our websites.
- Social Media. We may use your Personal Information to implement social networking features you have activated.
We automatically collect various types of aggregated, anonymized, and other information from devices (e.g., mobile, computer, laptop, tablet) used to access our Services (“Usage Information”). The Usage Information we collect may include unique Device ID (defined below), browser type and version, operating system, date/time stamp, IP address, domain name, referring URLs, statistics about the number of visitors to the website, the number of pages visited, click-stream data and user response rates. We may also use technologies, vendors or partners to assist us to record browser events such as keystrokes and mouse movements to compile a screen capture in order to analyze and improve the user experience. Where required by applicable law, we will seek your consent to collect certain Usage Information. Generally, we collect Usage Information in order to provide, maintain and optimize the Service, as follows:
- Device IDs. We may collect and store a unique device ID associated with your particular device (“Device ID”) to track the number of unique users using our Services and to enable you to interact with and use our Services. We link your Device ID with the technical information accessed through your use of our websites, products, and services so that we may administer resets to your account, delete information when you request that we do so, or for other administrative purposes.
- Log Files. We also gather certain Usage Information automatically and store it in log files. For instance, when you visit one of our websites, our web server will automatically recognize some Usage Information, including but not limited to, the date and time you visited our website, the pages you visited, the referrer (the website you came from), the type of browser you are using (e.g., Firefox, Internet Explorer), the type of operating system you are using (e.g., Windows or Mac OS), and the domain name and address of your internet service provider (e.g., AT&T, Verizon, AOL, Vodafone).
- ETags. ETags are unique values used for web page caching. We use ETags to allow a website visitor to be recognized in subsequent visits. You may be able to remove ETags from your browser by following your browser instructions for clearing cache.
- Scripts. Scripts are code that are embedded into some of our web pages. We use scripts to collect certain information about your web browser to the code provider when you visit those web pages. You may be able to disable scripts from your browser by following your browser instructions for disabling scripts.
- Clear Gifs (Web Beacons/Web Bugs). We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), which helps us to better manage content on our website by informing us what content is viewed or clicked on. Clear gifs are tiny graphics with a unique identifier similar in function to cookies. In contrast to cookies, which are stored on a user’s computer, clear gifs are embedded invisibly on web pages and e-mails and are about the size of a period. We do not tie Usage Information gathered by clear gifs to your Personal Information.
- Local Shared Objects. We use Local Shared Objects, such as Flash cookies, to store content information and preferences. Third parties with whom we partner to provide certain features on our website also use Flash cookies to collect and store information. To manage Flash cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
- Social Media Widgets. Our Services include social media features, such as the Twitter and LinkedIn buttons and widgets or interactive mini-programs that run on the website. These features may collect your IP address, which page you are visiting on that website, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy notice of the company providing it.
Some of categories of Personal Information and Usage Information collected for the purposes identified above are required in order to use the Services, while others are not required to use the Services. For example, using your e-mail address to communicate with you in order to send you marketing communications about our latest products or services is not required to maintain the relationship we have with you. As detailed below, you control the choice of receiving marketing communications from us. Your decision not to provide Personal Information or certain Usage Information for purposes that are not required to use the Services (e.g., receiving marketing communications), will not prevent you from accessing the website, but may limit access to some parts of our Services.
We may combine your Personal Information with Usage Information and aggregate it with information collected from other users to attempt to provide you with a better experience, to improve our Services and to analyze how our websites and products are used. We may also use the combined information without aggregating it to serve you in a specific way, such as to deliver a product to you according to your preferences or restrictions, or for advertising or advertising targeting purposes (as detailed below). When we combine Personal Information with Usage Information in this way, all of the safeguards in our Privacy Notice apply.
Please note that under some laws, certain types of Usage Information described above may be considered personally identifiable information, and in such cases we will treat it as Personal Information.
We may place or recognize cookies and other Usage Information (e.g., Device IDs, Clear Gifs) on your browser or device when you visit our website or application in order to serve you targeted advertising (also referred to as “online behavioral advertising”). We also partner with third parties who may place their own such technologies on your browser or device when you visit our website or application, in order to serve you targeted advertising. As indicated above, you may configure browsers to reject all cookies if you do not want cookies (including these third-party cookies) to be placed on your browser.
As an additional step, these third parties may participate in one of the following self-regulatory programs for online behavioral advertising, with corresponding user opt-outs:
- Network Advertising Initiative (NAI) - (http://www.networkadvertising.org/choices/)
- Digital Advertising Alliance (http://www.aboutads.info/choices/ )
- Google Analytics - (https://tools.google.com/dlpage/gaoptout )
- Mobile Devices - Most mobile devices provide you control over tracking for advertising purposes via the “Limit Ad Tracking” setting (on iOS devices) or the “Opt out of Interest-Based Ads” setting (on Android).
Please note that even if you reject such technology, you may continue to receive advertisements, but the advertisements will not be tailored to your browsing activities and interests.
Information Collected from Other Sources
We may occasionally supplement your Personal Information and Usage Information with information we receive from other sources including, but not limited to: (a) companies that provide our products or services by way of a co-branded or private-labeled website; (b) companies (e.g., health care, pharmaceutical, and medical device entities) that sponsor surveys or programs on our websites (the entities in (a) and (b), collectively, “Partner Companies”); (c) software applications; or (d) professional organizations, such as the American Medical Association, which we will add to the information which we already hold about you.
We do not knowingly collect or maintain personally identifiable or other information from any person under the age of majority. No parts of our websites, products or services are designed to attract anyone under the age of eighteen.
HOW WE SHARE YOUR PERSONAL INFORMATION
Disclosing Personal Information
We share your Personal Information with third parties only in the ways that are described in this Privacy Notice, as directed by you or as otherwise permitted or required by applicable law:
- Aptus Health Holdings, Inc. Affiliates, Subsidiaries and Divisions. In order to provide you with our Services, we may share your Personal Information with our affiliates, subsidiaries and/or divisions (e.g., those companies related to us by common ownership or control) for everyday business purposes, in which case we will require our affiliates, subsidiaries and divisions to comply with this Privacy Notice.
- Third Party Service Providers. We may also share your Personal Information with our suppliers, vendors, agents, contractors, or other companies or individuals that provide services to us or on our behalf (“Service Providers”) in connection with the services they perform, which include analytics, hosting, and personalized content. We require our Service Providers to protect your Personal Information with the same or equivalent safeguards as those in this Privacy Notice, and we do not permit them to use or disclose your Personal Information other than to provide the services requested by us.
- Business Transfers. If Aptus Health Holdings, Inc. or its assets are sold, acquired, or merged with another entity, or if Aptus Health Holdings, Inc. becomes insolvent or declares bankruptcy (each a “Company Change Event”), the Services and any information obtained through them, including Personal Information, may be transferred or sold to another entity in connection with the Company Change Event. That entity will assume the rights and obligations governing your Personal Information as described in this Privacy Notice. You will be notified via e-mail or a prominent notice on our Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
- Business Partners. We may disclose your Personal Information to our Partner Companies with whom we collaborate solely for activities related to our Services or those jointly offered or developed by Aptus Health Holdings, Inc. and that Partner Company and as described above in the context of sponsored surveys, programs or promotions. Our Partner Companies may also use this information to provide services requested by Aptus Health Holdings, Inc.
- Continuing Medical Education Providers. There are specific limited instances when your Personal Information may be shared with accredited Continuing Medical Education (“CME”) providers for their fulfillment of their reporting obligations to the Accreditation Council for Continuing Medical Education (“ACCME”) and global equivalent accrediting bodies. We do not control the privacy practices of these third parties.
- As Required or Appropriate by Law. We may use or disclose Personal Information if we believes in good faith that such use or disclosure is necessary: (a) to help identify any person attempting to break into or damage our websites or other property; (b) to investigate, prevent, or mitigate illegal activities; (c) to comply with applicable law; (d) to respond to valid subpoenas or warrants served on Aptus Health Holdings, Inc. (including our affiliates, subsidiaries and divisions); or (e) to protect or defend the rights or property of Aptus Health Holdings, Inc. (including our affiliates, subsidiaries and divisions) or its customers.
Some of these parties may be located in countries that do not provide an equivalent level of protection as your home country. Where required, we take appropriate measures to allow and secure the transfer of Personal Information about you to these recipients for the purposes described above and in order to comply with local data privacy laws. By using our Services, and providing us Personal Information about you, you consent to the international transfer of Personal Information about you to the above parties. We do not sell, rent or trade your Personal Information to third parties for their own marketing purposes, unless we explicitly obtain your consent.
EU/Swiss Safe Harbor
Aptus Health Holdings, Inc. complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Aptus Health Holdings, Inc., has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Aptus Health Holdings, Inc.’s certification, please visit http://www.export.gov/safeharbor/. If you have any complaints about our compliance with Safe Harbor protections, please contact us, as detailed under the “Contact Us” heading below, or your local Data Protection Authority.
PROTECTION OF YOUR PERSONAL INFORMATION
We have a number of security measures in place to protect your Personal Information from unauthorized access, disclosure, alteration or destruction. Although no online service can guarantee the absolute security of your Personal Information, we are committed to implementing strong physical, technical and administrative safeguards.
These procedures include the use of firewalls, secure connections on our websites, and frequently the use of Secured Socket Layers (SSLs) to encrypt pages that collect Personal Information. Personal information is stored in limited access servers and physical access to our servers requires individual authorization and authentication. Only authorized Aptus Health Holdings, Inc. employees or contractors carrying out permitted functions are allowed access to Personal Information. In addition, each employee and contractor of Aptus Health Holdings, Inc. is required to sign a confidentiality agreement requiring him or her to keep confidential all Personal Information of users and customers. We regularly train our employees and contractors on proper use and handling of Personal Information. Employees and contractors who violate these policies may be subject to disciplinary action, termination of their employment and legal action. Our Service Providers are also required to maintain security measures similar to Aptus Health Holdings, Inc. Nonetheless, for added protection, we ask that you keep your login information and passwords confidential.
By using the Services or providing Personal Information to us, you agree that we may communicate with you electronically about security, privacy, and administrative issues relating to your use of the Services. If you have reason to believe that your interaction with Aptus Health Holdings, Inc. is no longer secure, please contact us immediately as detailed under the “Contact Us” heading below.
UPDATING YOUR INFORMATION
We hope you will be able to take an active role in your experience with us. We highly recommend that you confirm and update your profile regularly. You can update or change your profile, which includes Personal Information, online at any time by contacting us through e-mail or mail as detailed under the “Contact Us” heading below. You may request that we delete your Personal Information, but please note that we may be required to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We will respond to your request for access to your Personal Information within 30 days. While updating your profile, you can select the type of messages and communications that you want to receive, which will further customize your experience as described below.
You have the right to access, correct and request the deletion of your Personal Information in accordance with applicable law. To the extent permitted by law, you are also entitled to oppose certain data processing practices or revoke previously granted consent.
Should you have any questions or concerns in connection with how we handle your Personal Information or wish to exercise your rights above, or make any other type of request, please contact us as detailed under the “Contact Us” heading below. Upon receiving such request, we may inform you about: (a) the information (including documents) that you or your legal representative will be asked to provide (if any) with your request; (b) timeframes to receive a response from us regarding your request; (c) forms and templates available for submitting the request (if any); and (d) how we will deliver the information to you (typically through copies of documents or data messages).
As described above, and in accordance with applicable law, we may provide you (via e-mail, mail, phone, fax, or similar technologies) communications promoting the Services of Aptus Health Holdings, Inc., our Partner Companies, and/or other third parties. When you receive marketing communications from us, you may indicate a preference to stop receiving further communications from us by “opting-out”: (a) via the unsubscribe instructions provided in the e-mail you receive; or (b) by contacting us directly as provided under the “Contact Us” heading below. Despite your indicated e-mail preferences, we may send you notice of any updates to our Privacy Notice and other service-related, non-marketing communications.
LINKS TO OTHER WEBSITES
Certain features of our Services contain links to other websites and online services. If you choose to visit a third party service or an advertiser by clicking a banner ad or other links, you will be directed to that third party’s website or online service. The fact that we provide a link to a website’s content or present a banner ad or other type of advertisement is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. This Privacy Notice is not applicable to the websites or content of any such third parties and we do not exercise control over third party websites or services. We encourage you to read the privacy notices of any such third party websites and services.
CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice is subject to revision. If we make any material changes in the way we use your Personal Information, we will notify you by sending you an e-mail to the last e-mail address you provided to us, or by prominently posting notice of the changes on our website. Changes may be effective immediately for new users of our Services, unless the notice states otherwise.
For instructions on changing any of your privacy preferences, accessing or updating your Personal Information, or for any privacy or data protection-related questions, please contact us at firstname.lastname@example.org or:
Aptus Health, Inc.
Attn: Customer Service
55 Walkers Brook Drive
Reading, MA 01867-3274