Last Reviewed April 8, 2019
This Policy applies to information that Nocimed receives from Physicians about Individual Patients as well as information collected on the Nocimed website. Collected information may fall into two categories: “Personal Data” and “Sensitive Data.”
Capitalized terms are defined in Section 9 of this Policy.
Collection and Use of Data Obtained from Physicians
Physicians located in the United States may collect Personal Data and Sensitive Data from Individual Patients, subject to such Individual Patients’ lawful consent, and may forward this Personal Data and Sensitive Data to Nocimed for the purpose of providing a NOCICALC-LS™ and/or NOCIGRAM-LS™ report. The Personal Data and Sensitive Data Physicians provide to Nocimed may include: MRI/MRS record, MRI/MRS images, medical record number, height, weight, and age/birthdate.
Nocimed will use the Personal Data and Sensitive Data transferred to Nocimed by Physicians for the sole purpose of analyzing the MRI/MRS data and providing a NOCICALC-LS™ and/or NOCIGRAM-LS™ report. Nocimed will take reasonable steps to help ensure the integrity of the Personal Data and Sensitive Data it receives from Physicians. Nocimed and the Physician will also take reasonable steps to ensure that the Personal Data and Sensitive Data is reliable for its intended use, accurate, complete, and current.
Collection and Use of Data and Information Obtained through the Nocimed Website
Nocimed may also obtain certain Personal Data when you choose to provide it through our website. The types of Personal Data we collect through our website may include:
- Contact information (such as name, postal address, email address, and phone number);
- Username and password;
- Professional information (such as a medical license number);
- Payment information (such as payment card number, expiration date, and billing address).
In addition, when you visit the Nocimed website, we may obtain certain information by automated means, such as cookies and web beacons. The information we obtain in this manner includes IP address, browser characteristics, device characteristics, operating system, referring URLs, geographic location, information on actions taken on our website, and dates and times of website visits. A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. Through these automated collection methods, we obtain “clickstream data,” which is a log of content on which a visitor clicks while browsing a website. As the visitor clicks through the website, a record of the action may be collected and stored. Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of our website.
Nocimed may use the Personal Data and information we obtain through our website to:
- create and manage your account;
- offer and provide products and services to you;
- display content on our websites;
- respond to and communicate with you about your inquiries and requests and provide information you request;
- operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our communications; analyzing our products; performing data analytics; and performing accounting, auditing, billing reconciliation and collection activities and other internal functions);
- perform data analyses and processing (including market and consumer research, trend analysis, financial analysis, anonymization, encryption and tokenization of personal information);
- protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
- comply with and enforce applicable legal requirements, relevant industry standards and our policies.
In addition, we use may information collected online through cookies, web beacons and other automated means for purposes such as (i) customizing our users’ visits to our website, (ii) delivering content (including advertising) tailored to our users’ interests and the manner in which our users browse our website, and (iii) managing our business. We may also use this information to help diagnose technical and service problems, administer our website, identify users of our website, and gather demographic information about our users. We may use clickstream data to determine how much time users spend on web pages of our website, how users navigate through our website, and how we may tailor our website to better meet the needs of our users.
We may use Third Party web analytics services on the website. The service providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyze how visitors use the website. The information collected through these means (including IP address) is disclosed to these service providers, who use the information to evaluate use of the website.
Disclosures / Onward Transfers of Data
Nocimed does not sell or otherwise share Personal Data or Sensitive Data, except as described in this Policy. We may share Personal Data with Third Parties who perform services on our behalf. These Third Parties are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We also may share the Personal Data we obtain with our affiliates, subsidiaries and joint marketing partners.
Nocimed may engage Third Party data processors to carry out specific processing activities with regard to the Personal Data and Sensitive Data transferred by Physicians under appropriate data processing contracts. Such data processors must agree to abide by confidentiality obligations. Nocimed will take reasonable and appropriate steps to ensure that the data processors use the Personal Data and Sensitive Data in accordance with the agreement and consistent with this Policy. Should Nocimed receive notice of any unauthorized processing by the Third Party data processors, Nocimed will take reasonable and appropriate steps to stop the unauthorized processing and remediate. Nocimed will maintain copies of all of its agreements with data processors to which it transfers Personal Data and Sensitive Data.
Nocimed may engage Third Party service providers that provide data storage and transfer services for the purposes of transmitting results (which include Personal Data and Sensitive Data) to the requesting Physicians. Nocimed may also engage Third Party service providers to provide it with on-site and cloud data storage services.
Please be aware that Nocimed may disclose information about you (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials based on a lawful disclosure request, or (iii) when we believe disclosure is necessary or appropriate to enforce our policies, to protect ours or other’s rights, property, or safety, to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. We reserve the right to transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
Nocimed will not share your Personal Data or Sensitive Data with Third Parties other than our agents, or use it for a purpose other than for which it was originally collected or subsequently authorized, without your prior written consent.
Nocimed takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. In so doing, Nocimed takes into account the risks involved in its processing of the Personal Data and Sensitive Data and the nature of the Personal Data and Sensitive Data it receives. Nocimed requires valid SOC 2 Type II reports from all Third Party service providers that will transfer or maintain Personal Data.
Nocimed maintains administrative, technical, and physical safeguards designed to protect the Personal Data and Sensitive Data it collects against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Nocimed personnel may access and use Personal Data and Sensitive Data only if they are authorized to do so and only for the purpose for which they are authorized.
Right to Access, Change, or Delete Data
At any time, if Individual Patients do not wish for their Personal Data and Sensitive Data to remain with Nocimed, they can contact their Physician to revoke consent for the use of their Personal Data and Sensitive Data to generate a NOCIGRAM-LS™ and/or NOCICALC-LS™ report. Upon notification of revocation of an Individual Patient’s consent, the Personal Data and Sensitive Data relating to that patient will be deleted from databases and file servers under Nocimed’s control without undue delay. The Individual Patient can obtain a copy of the Personal Data and Sensitive Data provided to Nocimed from their Physician. Individual Patients’ requests for access, modification, corrections and completions can be made through their prescribing Physicians. If the accuracy of the Personal Data and Sensitive Data relating to the Individual Patient should be contested, the Individual Patient may also, via their prescribing Physician, request Nocimed to restrict processing of said Personal Data and Sensitive Data for a period of time enabling Nocimed to verify the accuracy of the Personal Data and Sensitive Data.
At any time, website visitors who do not wish for their Personal Data to remain with Nocimed can contact us using the contact information provided below in the “Questions and Comments” section of this Policy.
Links to Other Websites
Our Sites may provide links to other websites for your convenience and information. These websites may operate independently from us. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by us, we are not responsible for those websites’ content, any use of those websites, or the privacy practices of those websites.
Changes to This Policy
This Policy may be updated and amended from time to time at Nocimed’s sole discretion and without prior notice to you, consistent with applicable data protection and privacy laws and principles. Nocimed will make Employees aware of changes to this Policy either by posting to our intranet, through email, or other means. Nocimed will post a notice on our website to notify you of any significant changes to our Policy and will indicate at the top of the Policy when it was most recently updated. Nocimed will also notify Physicians if Nocimed makes changes that materially affect the way Personal Data and Sensitive Data that was previously collected is handled. All changes are effective immediately upon posting.
Questions and Comments
Nocimed commits to resolve questions and comments about your privacy and our collection and use of your Personal Data and Sensitive Data. Individuals with inquiries or comments should contact Nocimed at:
951 Mariners Island Blvd #300
San Mateo, CA 94404
Phone: (650) 241-1741
Nocimed will respond to inquiries without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the inquiries.
“Individual Patient” means an individual patient in the United States for whom a prescribing Physician intends to receive a NOCIGRAM-LS™ and/or NOCICALC-LS™ Report from Nocimed.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of Nocimed.
“Personal Data” means data relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal Data does not include data that is de-identified, anonymous, or publicly available.
“Physician” means the healthcare provider providing or prescribing treatment to the patient in the United States; this includes a member of that prescribing healthcare provider’s team who is authorized to obtain consent.
“Sensitive Data” means Personal Data that discloses an Individual Patient’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Third Party” means any individual or entity that is neither Nocimed nor a Nocimed employee, agent, contractor, or representative.