TD-500: Last Updated: August 5, 2019
Article 1 – GENERAL
1.1 MIM Software Inc., incorporated under Ohio law, with a registered office at 25800 Science Park Drive - Suite 180, Cleveland, OH 44122 (USA), takes responsibility for the processing of your personal data as a "data controller."
- The Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, Title XIII of Division A of the American Recovery and Reinvestment Act of 2009, and the regulations promulgated thereunder (collectively, "HIPAA");
- The Federal Trade Commission Act (15 U.S.C. §§41-58) (FTC Act); and
- The European Union Regulation of 2016 concerning the protection of individuals with regards to the processing of personal data, regarding the free movement of such data and repealing Directive 95/46/EC ("GDPR").
Article 2 – PERSONAL DATA MIM SOFTWARE COLLECTS
2.1 MIM Software does not collect the sensitive information of its users (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation). MIM Software shall, where necessary, obtain your explicit consent to collect and use such information.
2.2 Our Website and Services collect only personally identifiable information that is specifically and voluntarily provided by you.
2.3 The personal data MIM Software may collect:
- Category 1: Your internal protocol address ("IP-address").
- Category 2: In general, when you subscribe to our newsletter, fill out questionnaires, or ask us to contact you, you may provide us with your contact details (your name, email address, your contact details, such as telephone number, address, country and social media information).
- Category 3: Data obtained by placing cookies (see Article 7).
- Category 4: Information about your use of the Website, such as the sections of the Website you visited, the date and time you have accessed the Website, and the materials posted to or downloaded from the Website.
- Category 5: Information about your use of our Services, such as your contact details (your name, email address, your contact details, such as telephone number, address, country); and if payment is made through MIMcloud or our Website, credit card information.
- Category 6: Data acquired through your participation in a trade show or event through which consent is secured by the organizer of the event for the purpose of use by vendors.
2.3 You are not obligated to provide us with your personal data, however, the delivery of several Services may not be possible if you choose not to.
Article 3 – HOW WILL MY PERSONAL DATA BE USED?
3.1 General Purpose
MIM Software collects and processes your personal information in order to offer you a safe, comfortable, and personalized experience each time you visit the Website or utilize our Services.
The information we collect about you is primarily processed to help us ensure proper technical functioning and to improve the quality and content of our Website and Services – based on the lawful purposes of "consent" for the Website, "legal obligations" and "contractual necessity" for Services, or "legitimate interest" as allowed under GDPR.
With that said, your personal data will only be processed for the following (internal) purposes:
- To provide Services or to enable MIM Software to execute an agreement which you initiated. (Categories 1, 2, 3, 4, 5)
- We keep certain data such as your IP address for troubleshooting, medical records auditing, and ensuring security. (Category 1)
- To reach out to potential new MIM Software employees. As such, MIM Software processes your personal data to employ recruitment strategies taking optimum advantage of opportunities to create a first-rate MIM Software workforce. (Categories 1, 2, 3, 4)
- To inform you about MIM Software's product offerings, via targeted advertising, promotional offers or updates. (Categories 2, 3, 4, 6)
- To capture your opinion and for statistical purposes to maintain and enhance our Services. (Categories 1, 2, 3, 4, 6)
- To create your account to have access to certain Services. (Category 5)
MIMcloud uses email and/or MIMcloud account messages to deliver important information. The delivery methods are configurable in your account profile.
Our Website may contain message boards, chat room, personal web pages or profiles, forums, bulletin boards, and other interactive features (collectively, "Forums"), that allow users to post, submit, publish, display, or transmit to other users or other persons content or materials (including but not limited to medical image scans, collectively, "User Content") on or through the Website. User Content must always be anonymized prior to posting on a Forum.
MIMcloud tracks usage for the purpose of billing. Each transaction only details the action (download, upload, etc.), the time, the user(s) involved, and a reference to the encrypted study that was involved. The contents of the study itself remain unknown.
With regard to credit card payments, credit card information is processed by a third party in accordance with Article 3.3. Credit card information is not stored in MIMcloud or the Website.
3.2 Direct marketing:
MIM Software may also use your personal information for the purpose of marketing our products and services. If you do not want to receive marketing material from us, you may opt out or exercise your right to object (Article 5) as detailed below:
- For electronic communications, you can click on the unsubscribe function in the communication;
- You can go to https://www.mimsoftware.com/support/email-opt-out;
- You can email MIM Software at email@example.com; or
- You can call MIM Software at 866-421-2536.
3.3. Transfer to third parties:
We provide access to our employees in order to process your personal data.
MIM Software will not disclose your personal data to third parties, unless it is necessary in the context of providing our Services and/or optimising them. To that end, MIM Software may appeal to third parties in order to:
- send you newsletters;
- capture your opinion on our products and services;
- optimize your experience on our Website;
- facilitate recruitment of potential new MIM Software employees.
- facilitate credit card transactions;
- Credit card transactions are handled through Braintree Payment Solutions. Credit card data is encrypted and protected. MIM Software does not have access to the full credit card number and the information MIM Software has is only used to verify payment was made and in cases where there is a suspicion of fraud.
- provide mobile applications;
- Mobile MIM™, VueMe™ and PlanTouch™ ("Mobile Applications") use Google LLC's Fabric (https://docs.fabric.io/apple/fabric/data-privacy.html), a secure mobile application, to assist MIM Software in improving its Mobile Applications.
- provide cloud services; and
- MIMcloud operates on the Google App Engine platform (https://policies.google.com/privacy) and Amazon S3 (https://aws.amazon.com/privacy). These cloud services provide a secure, protected computing environment for users to view MIMcloud accounts.
- operate our Website.
- The Website operates on the Heroku platform (https://www.heroku.com/policy/security). This platform provides a secure, protected computing environment for users to view the Website.
Please see the links above to see how these third parties will be obligated to use your personal data.
Consequently, MIM Software shall not sell, hire out or pass on your personal data to third parties, except in the situations provided for in this Policy or unless you explicitly provide prior consent.
It is however possible that MIM Software will disclose your personal data:
- If MIM Software is obligated to do so, following a court order or to comply with imperative laws and/or regulations, or to safeguard and defend our rights.
- In case of whole or partial reorganization or cession of MIM Software's activities, whereby MIM Software reorganizes, transfers, ceases business activity or in case MIM Software goes bankrupt, your personal data may be transferred to new entities or third parties.
MIM Software will, if reasonably possible, try to inform you in advance of such transfers, unless revealing this information is subject to legal constraints. Informing you beforehand is not always possible.
Article 4 – HOW LONG WILL WE HOLD YOUR PERSONAL DATA?
MIM Software only processes your personal information for as long as necessary. This means that we do keep a record of your data for as long as it is required or justified by the law or by another legal obligation, or for the period for which this would be necessary for the aforementioned purposes. Based on the categories of data described in Section 2.2, we hold your data as follows:
- Category 1: Your IP-address will be stored for the functioning of the Website for up to one week. With regard to MIMcloud, your IP-address shall be stored during the duration of your MIMcloud account and for 10 years after account termination.
- Category 2, 5 and 6: Your name, email address, telephone number, and country will be stored for the duration of your relationship with MIM Software and for 10 years thereafter.
- Category 3: Data obtained by placing cookies for the duration of the browsing session (see Article 7).
- Category 4: Information about your use of the Website will be stored indefinitely for further statistical research without being linked to your identity. Personal data will be anonymized, so it becomes impossible to identify you based on this data.
Article 5 – YOUR RIGHTS AS A DATA SUBJECT
5.1. Right of access and right to obtain a copy
You have the right to freely obtain access to your personal data, as well as to be informed about the purpose of the processing by MIM Software.
5.2. Right to rectification, erasure, or restriction
You have the choice to share your personal data with MIM Software. You also have the right to request MIM Software rectify your personal data or have it erased. You can also request the processing of your personal data to be restricted.
When you choose not to share data, or when you request that we erase your personal data, it may prevent us from providing you with several Services and access to the Website.
5.3. Right to object
You have the right to object to the processing of your personal data when you have legitimate reasons to do so. You also have the right to object to the use of your personal data for purposes of direct marketing. In such case specific reasoning will not be requested.
5.4. Right to data portability
You have the right to obtain your personal data which is processed by MIM Software in a structured, commonly used and machine-readable format and/or to transfer this data to another data controller.
5.5. Right to withdraw consent
When the processing is based on prior consent you have the right to withdraw this consent.
5.6. Automated decisions and profiling
The processing of your personal data does not include profiling, nor shall you be subjected to automated decisions.
5.7. Exercising your rights
You can exercise the above-mentioned rights by sending an e-mail with an enclosed copy of your identity card to firstname.lastname@example.org.
5.8. Right to file a complaint:
For EU residents using the Website or Services: If you have any complaints about the way MIM Software collects, uses and/or processes your personal data, you have the right to file a complaint with the Belgian Privacy Commission or Supervisory authority, which is the Lead Supervisory Authority of MIM Software:
Belgian Data Protection Authority,
Drukpersstraat 35, 1000 Brussels,
However, you are always free to contact your own European or EU-vested authority.
This does not affect a procedure before the civil court. If you have suffered damages caused by the processing of your personal data, you can file a claim for damages.
Article 6 – SAFETY AND CONFIDENTIALITY
6.1 MIM Software undertakes all reasonable efforts to prevent (i) unauthorized access to your personal information, and (ii) loss, abuse or alteration of your personal data, by using physical, administrative and technological measures to protect the information maintained.
Unfortunately, no one – including MIM Software – can guarantee 100% security when it comes to transmission or forwarding over the internet, or any method of electronic storage. In case of particular security concerns about certain personal information, it is up to you to decide not to transmit that information over the internet.
Nevertheless, you are responsible for the provision of personal data to MIM Software and can exercise a degree of control thereto. If certain information is incomplete or seemingly incorrect, MIM Software reserves the right to, temporarily or permanently, postpone certain actions or other Services.
6.2 You shall be solely responsible for your own User Content, such as content you upload to the Website, and the consequences of posting submitting and/or publishing it. MIM Software does not endorse any User Content or any opinion, recommendation, or advice expressed therein. MIM Software may, but is not obligated to, review and monitor, before and/or after submitting User Content. However, it is impossible for us to monitor or review all User Content. MIM Software is not responsible or liable to any third party for the content or accuracy of any User Content posted by you or any other user of the Website or Services, and MIM Software expressly disclaims any and all liability in connection with User Content to the fullest extent permitted by applicable law.
6.3 You will maintain your MIM Software account(s) to be accurate and current. You are solely responsible for maintaining the confidentiality of your password(s). You are solely responsible for restricting access to your computer(s). You agree to accept responsibility for all activities occurring under your accounts that are due to your conduct, inaction, or negligence. If you become aware of any suspicious or unauthorized conduct concerning your account or someone has stolen your password, you agree to contact MIM Software immediately by email to email@example.com. MIM Software may, at its own discretion, bar registration from the Website or any specific Service. You are responsible for maintaining and protecting your login and password information. Do not lose your password, and do not share it with any other person.
For the Website, if your password is lost, stolen, or forgotten reset your password by going to https://www.mimsoftware.com/portal/forgot-password or by contacting MIM Software.
For MIMcloud, if your password is lost, stolen, or forgotten, you can reset it by answering your security questions or, if you are a managed user, by having your group administrator reset it. If you forget both your password and your security question responses, contact MIM Software and have the data in your account deleted, since the data cannot be recovered.
7.1 What is a cookie?
A "cookie" is a small text file that can be sent from a web server to your computer that is then stored on your computer. When a cookie is stored on your computer each subsequent request to the same domain name will also send along the data stored in the cookie until the cookie expires or is deleted. A server can only give you a cookie if you make a request to that server. The cookie is only stored if your browser/client is configured to store cookies.
7.3 Kinds of cookies we use:
- Strictly necessary cookies - As the name suggests these cookies are strictly necessary to enable you to move around or remain logged into the Website or to provide certain information that you have requested.
- Tracking cookies - These cookies are used to record information such as how a visitor initially came to a website and how long they stayed and which pages they viewed. These tracking cookies are also third-party cookies (see below).
- Third party cookies - For cookies set by third parties we kindly refer you to the statements set forth by these parties on their respective websites. Beware, we do not have any influence on the content of these statements nor on the content of the cookies of these third parties. Though these cookies can also be disabled by browser settings.
- MIM Software uses Google Ads, which offers a remarketing function by creating remarketing lists of the people visiting our Website. By using this function, we can reach out to you once you have visited our Website or when you are visiting other websites or platforms that form part of the Google Display Network by showing our ads thereon.
7.4. Your permission:
When you first visit our Website or MIMcloud, you express your implicit approval to accept our different kinds of cookies.
You can block cookies by altering your browser's settings. The rejection of these cookies may inhibit some functionalities on the Website and MIMcloud.
Currently, some browsers offer a "do not track" or "DNT" option which sends a signal to websites visited indicating a visitor's tracking preference. MIM Software does not currently respond to these signals, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators. The third-party providers MIM Software uses may or may not do anything in response to this signal.
More information on cookies can also be found via the following link: http://www.allaboutcookies.org
More information on online behavioral advertising and online privacy can be found via the following link: http://www.youronlinechoices.eu
Article 8 – APPLICABLE LAW AND JURISDICTION