Collection, use, disclosure and retention of personal information
UltraLinq collects personal information that customers and others voluntarily provide to us, for example, when using UltraLinq services, requesting technical support, joining our mailing list etc.
This information may include:
- contact information, such as name, email address, mailing address or phone numbers
- preference information, such as notifications or communication preferences.
This information is only used for the purposes for which it is collected, including:
- providing services;
- responding to inquiries;
- providing troubleshooting, technical and product support; and
- sending information about products and services (e.g., by email).
UltraLinq provides products and services that allow healthcare providers to more effectively manage, access, share and archive medical images and data. Depending on the product or service provided, we may obtain and process personal information about the patients of a healthcare provider on behalf of that provider. We will only use this information for the purposes of serving our customers and will only retain such information as long as necessary to meet those purposes.
Our customers are required to ensure that they have consent or other lawful authority to transfer personal information to UltraLinq for processing. Any such information provided is solely for the purpose of providing troubleshooting, diagnostic, or other support services on the software products provided by UltraLinq.
Passive Collection. Any other information collected, such as originating domain, time of visit, connection speed, and pages accessed is maintained in aggregate form. As is true of most websites, we gather certain information automatically. This information may include browser type, Internet protocol (IP) addresses, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, and/or clickstream data to analyze trends in the aggregate and administer the site. UltraLinq makes no attempt to correlate such information to an individual user. This information is not individually identifiable and will only be used to improve the performance and responsiveness of our website.
UltraLinq will not share your personal information with third parties except
- with your consent;
- where necessary to fulfil a purpose for which the personal information was collected (e.g., we may provide your personal information to a service provider in order to process a payment or to send you marketing emails you have requested);
- to respond to a subpoena, warrant or court order,
- to comply with court rules regarding the production of records and information;
- in urgent circumstances to protect the life, health or security of any person; or
- where otherwise required by law.
When UltraLinq shares your information with third parties who provide services on our behalf to help with our business activities, these companies are authorized to use your personal information only as necessary to provide these services to us.
Potential 3rd party partners include:
- Electronic Medical Record (EMR) products used by your provider;
- Other medical devices used by your provider;
UltraLinq may retain your personal information as long as is necessary to fulfil the purpose of its collection, and for as long as your account is active, to comply with our legal obligations, to resolve disputes and to enforce our agreements.
Storage outside of your country
Personal information collected by UltraLinq may be transferred between and stored outside of the country in which you reside. As such, UltraLinq may be legally required to provide personal information to government institutions, law enforcement agencies or courts in either in those countries in order to respond to a subpoena, warrant, or other lawful order.
EU-U.S. Privacy Shield Framework
UltraLinq is responsible for the processing of personal information it receives, and any subsequent transfers to a third party acting as an agent on its behalf. UltraLinq collects the minimum amount of information necessary to conduct business activities and any parties who are receiving said information have signed agreements protecting your personal information.
With respect to personal information received or transferred pursuant to the Privacy Shield Framework, UltraLinq is subject to the regulatory enforcement powers of the U.S Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to support@UltraLinq.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to support@UltraLinq.com.
UltraLinq’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, UltraLinq remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless UltraLinq proves that it is not responsible for the event giving rise to the damage.
In certain situations, UltraLinq may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security enforcement requirements.
UltraLinq has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
UltraLinq notifies visitors covered by this Privacy Shield Policy about its information practices regarding personal information received by UltraLinq in the U.S. from European Union member countries in reliance on the respective Privacy Shield framework, including the types of personal information it collects about them, the purposes for which it collects and uses such personal information, the types of third parties to which it discloses such personal information and the purposes for which it does so, the rights of customers to access their personal information, the choices and means that UltraLinq offers for limiting its use and disclosure of such personal information, how UltraLinq’s obligations under the Privacy Shield are enforced, and how visitors can contact UltraLinq with any inquiries or complaints.
If personal information covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the personal information was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party, UltraLinq will provide visitors with an opportunity to choose whether to have their personal information so used or disclosed. Requests to opt out of such uses or disclosures of personal information should be sent to: support@UltraLinq.com.
If sensitive personal information covered by this Privacy Shield Policy is to be used for a new purpose that is different from that for which the personal information was originally collected subsequently authorized, or is to be disclosed to a third party, UltraLinq will obtain the Data Subject’s explicit consent prior to such use or disclosure.
Accountability for Onward Transfer
As a third-party acting as an agent, UltraLinq may receive and transfer data only for purposes specified in the Master Services Agreement. UltraLinq complies with the Privacy Shield Principles for all onward transfers of personal information from the EU, including the onward transfer liability provisions.
UltraLinq will provide privacy protection as required according to the Privacy Shield Principles.
UltraLinq will take reasonable and appropriate steps to ensure that personal Information is processed in a manner consistent with obligations under the Principles. All data receive will be protected according to UltraLinq’s Privacy Shield Security Policy.
- Encrypting data both in transit and at rest.
- Ensuring that all data is logically separated from other clients’ data.
- Implementing a training program to ensure that all UltraLinq personnel are competent with the handling of sensitive information.
UltraLinq agents may only use, access or disclose patient information under circumstances outlined in the Master Services Agreement, or where required by law.
UltraLinq will take reasonable and appropriate steps to stop and remediate unauthorized processing. Any discovery of unauthorized processing will be processed according to the Breach Response Plan.
UltraLinq will provide a summary to organizations or any relevant privacy provisions of the Master Services Agreement upon request.
The security of your personal information is important to us. UltraLinq endeavors to keep personal information as secure as possible and employs generally accepted industry standards to do so. The following is a summary of the measures taken by UltraLinq to protect your information.
UltraLinq uses Secure HTTP (HTTPS), TLS, and AES 256-bit encryption when transmitting data such as personal information, so that no one else can read it while it is being transmitted over the Internet.
UltraLinq maintains reasonable physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.
Vendors and Partners
UltraLinq requires its vendors and partners to protect the security and privacy of personal information. These vendors include:
- Amazon Web Services
Employee and Contractor Access to Information
UltraLinq limits access to personal information to those employees and contractors who reasonably require such access in order to provide products or services to you or in order to do their jobs.
Education and Training for Employees
UltraLinq has implemented a company-wide education and training program about security that is required of every UltraLinq employee.
Security Steps You Can Take
If you are a user of an UltraLinq service that requires you to create an account with a password, do not share that password with anyone. Please contact us if you believe your UltraLinq account has been compromised or if you have been contacted by someone about your UltraLinq account asking for a password or other personal information. In the event that you believe your personal safety is at risk or if you believe that you may be the victim of identity theft or other illegal conduct, please contact the appropriate federal, state or local law enforcement agencies directly.
Access to your personal information
Upon request, UltraLinq will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by contacting us as described in the “Contacting UltraLinq” section below. We will respond to your request within a reasonable timeframe, and we will abide by your requests unless otherwise required by law.
UltraLinq acknowledges that you have the right to access your personal information. UltraLinq has no direct relationship with the individuals whose personal information we process on behalf of our customers. If you wish to access, correct, amend, or delete information about you that was provided to UltraLinq by an UltraLinq customer, you should contact the UltraLinq customer with whom you have a direct relationship (i.e. the account owner). If requested to remove data we will respond within a reasonable timeframe.
UltraLinq relies upon assurances from its customers that the personal information that UltraLinq receives or is given access to by its customers is relevant for the purposes for which it is to be used and that its customers have obtained the requisite consents to enable the lawful processing of personal information by UltraLinq. UltraLinq uses the data only in accordance with its customers’ instructions.
UltraLinq will take reasonable steps to ensure that personal information entered into its systems retains its original relevance, accuracy, completeness and currency.
Also, UltraLinq cannot provide patients with access to their personal information in that information was provided to UltraLinq by a healthcare provider. Patients of UltraLinq’s healthcare provider customers should contact their healthcare providers to obtain access to their personal information.
For more information, feel free to reach out to us at firstname.lastname@example.org
Data Integrity and Purpose Limitation
UltraLinq will store information that is covered under the Master Services Agreement. UltraLinq has incorporated controls to prevent processing of data not covered under UltraLinq clearance by FDA and CE.
UltraLinq will store patient data for a minimum of 7 years, or longer where required. UltraLinq does not delete patient data; however, at a client’s request, UltraLinq will delete data at anytime.
UltraLinq clients are responsible for providing access to consumers’ personal information.
UltraLinq will support clients in any effort to correct, amend or delete information per the Principles; however, the burden of access lies with the client. Should a patient request a copy of his records, UltraLinq will document the request and forward it to the account owner.
Recourse, Enforcement, and Liability
All privacy practices are reviewed annually in March to ensure 1) that practices are implemented correctly, 2) any areas of noncompliance are identified, 3) a plan is in place to mitigate areas of non-compliance.
When inquiries and requests are received, UltraLinq will respond promptly to said requests.
Should an individual invoke binding arbitration, UltraLinq follow the terms set for in the Principles Annex I.
Links to other websites
Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at info@UltraLinq.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
A “cookie” is a small text file sent by a web server to a web browser to transmit information back to that browser. Cookies are a way to have the browser remember specific bits of information to improve the user experience by simplifying the delivery of relevant content, making site navigation easier, etc. We do not record personal or sensitive information in our cookies.
Use of web beacons
We may use web beacons to track browsing activities in order to measure how users interact with the UltraLinq website and the effectiveness of advertisements or promotional campaigns. A “web beacon” is an electronic image that can be used to recognize a cookie on your computer when you view a web page. Web beacons are used for analytics, to inform customization of product and services offerings, and to optimize the browsing experience. Web beacons are not used to collect personal or sensitive information.
Advertising and IBA Opt-Outs
Do Not Track
Currently, various browsers offer a “do not track” or “DNT” option which sends a signal to websites visited by the user about the user’s browser DNT preference setting. UltraLinq does not currently commit to responding to browsers’ DNT signals with respect to UltraLinq’s websites, in part, because no common industry standard for DNT has been adopted, including no consistent standard of interpreting user intent.
We may display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial with your name. If you wish to update or delete your testimonial, you may contact us as described below.
Requesting to be removed from email lists
You may sign-up to receive newsletters or email from UltraLinq. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you, at your user account on our website, or by contacting us as described below.
Deleting your UltraLinq account
If you are a user of UltraLinq, you can email email@example.com and we will coordinate account deletion with the administrator.
For EU Individuals: Your Rights under the General Data Protection Regulation
The General Data Protection Regulation (GDPR) is effective since May 25, 2018. EU residents now have greater say over the use, processing, and disposal of their personal data.
Right of access and correction
You have the right to review and amend any personal data stored in our system if you believe it may be out of date or incorrect. Just send an e-mail to firstname.lastname@example.org.
Right of cancellation
You have the right at any time to withdraw your consent to the use of your personal data in the future. Again, just send an e-mail to email@example.com.
Right of complaint
You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Changes to this privacy statement
This Privacy Statement was last updated on November 1, 2019. UltraLinq reserves the right, at its discretion, to change, modify, add, or remove portions of this Privacy Statement at any time. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to check this page periodically for changes. Your continued use of UltraLinq services following the posting of changes to this Privacy Statement will mean that you accept those changes.
If you have any questions or concerns about this Privacy Statement or UltraLinq’s privacy practices, please contact our Privacy Officer at support@UltraLinq.com.
When contacting us, please be sure to provide us with your exact e-mail address, name, address and/or telephone number(s) in order to be sure we handle your inquiry correctly.
You may also contact us at:
UltraLinq Healthcare Services
Union Square W, New York, NY 10003, United