Safe Harbor Privacy Statement
These are our promises to you:
1. Notice. When we collect your personally identifiable information, we’ll give you timely and appropriate notice describing what personally identifiable information we’re collecting, how we’ll use it, and the types of third parties with whom we may share it. We will also provide you information regarding how you can contact us with any inquiries or complaints.
2. Choice. We’ll keep your personally identifiable information only as long as we need it for the purposes for which we collected it, or as permitted by law. For any sensitive information, we will ask for your explicit consent (opt in) prior to disclosing it to a third party or using it for any purpose other than for which it was originally collected. For non-sensitive information, we will allow you to opt out of any disclosures to a third party or use for any purpose other than for which it was originally collected.
3. Onward Transfer. If we transfer your data to any third party, we will follow our notice and choice policies. Third parties will either subscribe to Safe Harbor Privacy Principles or be subject to the Directive (European Commission’s Directive on Data Protection) or another adequacy finding, or will be under contract with us to provide at least the same level of privacy protections as required by the relevant principles.
4. Access. We’ll provide ways for you to access your personally identifiable information, as required by law, so you can correct inaccuracies.
5. Security. We’ll take appropriate physical, technical, and organizational measures to protect your personally identifiable information from loss, misuse, unauthorized access or disclosure, alteration, and destruction.
6. Data Integrity. We’ll collect only as much personally identifiable information as we need for specific, identified purposes, and we won’t use it for other purposes without obtaining your consent. We will take reasonable steps to ensure that data is accurate, complete, current, and reliable for the intended use.
7. Enforcement. We’ll regularly review how we’re meeting these privacy promises, and we’ll provide an independent way to resolve complaints about our privacy practices.
To access your information, ask questions about our privacy practices, or issue a complaint, please contact us at: email@example.com
If your inquiry is not satisfactorily addressed, Numera will cooperate with the European Data Protection Authorities as an independent recourse mechanism available to investigate unresolved complaints.
What types of personally identifiable information do we collect about you?
In order to use the Numera services, including Numera Net, the Home Hub, Gateway for PC, Numera Navigator, Numera Store, and Numera Social, we have to create an account for you.
To make this account, we need your first and last name, and an email address. We will ask you to enter a User Name and Password that is unique to you, and to record your Date of Birth, Country, Culture (the language you are going to use for the application) and the Time Zone you are in.
In setting up this account we will not ask you for health information – like what conditions you are managing, your health history or medications. We also will not ask you for financial information.
When you use an application like Numera Store, where you may have to pay by credit card or PayPal, we will only ask you for information specific to that use. We do not share it with any other Numera application.
When you use Numera Navigator, you will have the option of entering health information – and it is used only within that application and specifically with your health providers.
In some cases, we may automatically create an account for you by receiving information from your healthcare provider. We only ask for the data required to create the account.
Users of the Website are under no obligation to provide Numera with personally identifiable information of any kind, but this may prevent the user from using certain Website features.
How do we use your personally identifiable information?
We use the information we collect in the registration process to create an account to allow you to use the service. We do not sell or trade your data.
When we collect financial and address information in the Numera Store, we use that information to complete the transaction to ship you the devices you require.
With whom do we share your personally identifiable information?
We share your personally identifiable information with you and the health organization that is sponsoring your program.
We share the information that is specifically required to deliver the service. For example, we do not share credit card information we may gather in the Numera Store with your health organization. We use it to complete the financial transaction to ship you the devices.
To whom is my personally identifiable information disclosed?
Your personally identifiable information is disclosed to you, your sponsoring organization, and is viewable by a small number of people at Numera who have a need to see the information to provide direct support to you.
Generally, we manage the services at a more aggregate level and have tools that allow us to manage our systems without having to view specific personally identifiable information.
If we have to provide support to you to answer a question or troubleshoot an issue, we will ask your permission to access your information if needed.
How do we protect your personally identifiable information?
Our system begins with the Home Hub device and/or the Gateway for PC software. There is no data stored in the Home Hub – if you lose it or break it, you will not lose any data. Each time you use the Home Hub or the Gateway for PC, it securely connects to our service (using a Secure Socket Layer – SSL – connection). When you are done using them and you log off or turn off the device, they disconnect from our service.
Our Numera Net, Numera Store, Numera Navigator and Numera Social applications are all hosted applications. Numera hosts our software with Amazon Web Services (AWS).
We selected this hosting or “cloud” partner because of their track record of offering trusted service. Amazon has obtained many certifications and third party attestations including:
- SAS70 Type II. This report includes detailed controls AWS operates along with an independent auditor opinion about the effective operation of those controls.
- PCI DSS Level 1. AWS has been independently validated to comply with the PCI Data Security Standard as a shared host service provider.
- ISO 27001. AWS has achieved ISO 27001 certification of the Information Security Management System (ISMS) covering infrastructure, data centers, and services.
- FISMA. AWS enables government agency customers to achieve and sustain compliance with the Federal Information Security Management Act (FISMA). AWS has been awarded an approval to operate at the FISMA- Low level. It has also completed the control implementation and successfully passed the independent security testing and evaluation required to operate at the FISMA-Moderate level. AWS is currently pursuing an approval to operate at the FISMA-Moderate level from government agencies.
All the data we gather from you is stored in an encrypted database – this means that it has been protected with what amounts to a mathematical lock that requires a specific key to unlock it. It is extremely difficult to get access to the data without having the special key.
When we share information with you or a sponsoring organization, it is done via a highly secure connection. When we share data, we have specifically identified the requesting organization and verify that they received the data.
We track every change that is made to our system – every time data is added, changed, or deleted; we make a note of it. We can therefore trace specifically who took what actions. We securely store those logs should we need them.
We back up all the data in our system each day and many times within the day. We save these backups at a different location, fully encrypted. If needed, we can restore our systems quickly and prevent or minimize any data loss.
Passive Tracking Mechanisms
Spyware is software that aids in gathering information about a person or organization without their knowledge, and which may send such information to another entity without the consumer’s consent, or asserts control over a computer without the consumer’s knowledge.
Numera software does not contain spyware, adware, or covert software of any kind. Numera does not install any tracking software on your system, or collect information about your browsing habits. The software does not “spy” on other programs you run or web sites you visit.
A cookie is a small file that identifies a unique user upon login and stores personal preferences and user data throughout their visit to the Website.
No person should act or rely on any information on this site, or linked to this site, without seeking the advice of the appropriate professional to which the information applies.
All information is intended for your general knowledge only and is not a substitute for medical advice or treatment for specific medical conditions. Consult your healthcare professional to discuss any medically related questions and prior to starting any exercise routine.
We are not your doctors. Numera is not engaged in rendering medical advice.
Numera may share non-personal, non-identifiable, summary, and/or aggregate data with its partners and other third parties.
The Website is not intended for children under 13 years of age. Numera does not knowingly collect personally identifiable information from children under 13.
Numera will disclose personally identifiable information under the following circumstances:
By Law or to Protect Rights – Numera may disclose your personally identifiable information when required to do so by law, or in response to a subpoena or court order, or when Numera believes in its sole discretion that disclosure is reasonably necessary to protect the property or rights of Numera, third parties or the public at large.
Contacting the Web Site
If you have any questions about this security and privacy notice, the practices of this site, or your dealings with this Web site, you can contact:
1511 3rd Avenue, Suite 808
Seattle, WA 98101
This Policy is effective as of and was last updated on April 8, 2013.