(last changed on 12th of December, 2022)
WINFertility (WIN) is a corporation established in the United States and is committed to protecting the privacy and security of your personal information. To fulfill our contractual obligations with our clients and deliver health care services to you or our clients in relation to your health, we are required to access, store and process your personal information.
This privacy notice will help you understand what data we collect, how we use, protect and share the data, and your privacy rights related to your personal information processed by us. We encourage you to read this notice carefully, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
During the course of providing Services, including family building care management, to you, we will collect or gain access to your Personal Information directly from you, your partner or other family members, from health plans, physicians, pharmacies, pharmacy benefit managers, health care professionals, employers, their representatives or sub-contractors, from related third-parties and through our websites, web applications, mobile applications (collectively referred to as Website). This information, collectively referred to as “Personal Information” includes the following related to your, your partner and/or other family members (as applicable):
The Services have security measures in place that WIN believes are reasonable to protect against the loss, misuse and alteration of Personal Information under our control. However, all security measures are subject to possible circumvention, and we cannot and do not provide any guarantees regarding the effectiveness of the security we employ or our ability to prevent third parties, acting unlawfully, from obtaining Personal Information that you provide to us.
Any sensitive Personal Information you provide to WIN – such as health information about you – should be transmitted only through secure means, including electronic transmissions, secure web portals or apps that are encrypted in accordance with applicable law. WIN expects your health plans, physicians, pharmacies, pharmacy benefit managers, health care professionals, employers and their representatives or sub-contractors to transfer your Personal Information to us securely with secure transfer mechanisms WIN has provided to them. However, WIN, under any circumstances, cannot take responsibility for any such entity failing to transfer your Personal Information securely to us. No transmission to WIN of specific health information should be made via regular email.
When you are using the Services, Personal Information that you submit will be transmitted via the internet (with Secure Socket Layer encryption) and such transmission is beyond the control of WIN. WIN assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other Personal Information transmitted in connection with use of the Services
Your Personal Information may be used for various purposes including but not limited to the following:
We store Personal Information on servers located in our secure data centers in Collegeville, PA, Atlanta, GA, and Greenwich, CT, all located within the United States.
For the purpose of providing Services to you, we will share your Personal Information with third parties including”
We will share your Personal Information with third parties only after they have agreed to comply with our commitments made under this Privacy Policy and only with those parties with whom we have a contractual relationship.
We will share your Personal Information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Neither WIN nor its strategic business partners will give, sell, rent or loan any identifiable Personal Information to any third party, unless legally required to share such information.
We may disclose Personal Information we possess about you as part of a merger, acquisition, sale of company assets, or transition of service to another provider, as well as in the unlikely event of insolvency, bankruptcy, or receivership in which your Personal Information would be transferred as one of the business assets of the company. We do not guarantee that any entity receiving such information in connection with one of these transactions will comply with all terms of this Privacy Policy.
We will retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual, legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data and applicable legal requirements.
In some circumstances we may anonymize your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If you or our client related to your health care is no longer in a business relationship with us, we will return and/or securely destroy your Personal Information in accordance with our data retention policy, applicable laws and contractual obligations with our clients.
We or our partner companies may send you information about our products and services that we think you might like. At any time, you can opt out of receiving such information and have a right at any time to request that we stop contacting you for marketing purposes and we shall comply with your requests within reasonable time.
Our Company uses cookies in a range of ways to improve your experience on our website including:
We may place or recognize a unique “cookie” on your Internet browser. Cookies are small files placed on the hard drives of visitors to the Website. The cookies reflect identifying information about each user and retain certain non-identifying information about the user’s use of the Website. These cookies are accessible to WIN and its third party advertisers as users browse the Website. Most Internet browsers are initially set to accept cookies. Users are always free to set their Internet browsers to decline cookies, if their browser permits; however, it is possible that some parts of the Website, such as the areas where access is limited to registered users, will not function properly if the user’s cookies are disabled.
Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
You may occasionally receive cookies from our advertisers or business partners who offer services through, or advertise on, the Website. We do not control these cookies, and these cookies are not subject to our privacy policies.
WIN’s privacy practices comply with the Health Insurance Portability and Accountability Act (“HIPAA“), HITECH, HITRUST CSF framework, General Data Protection Regulation (GDPR) and other federal and state regulations applicable to Services provided to its patients and contractual obligations to its clients. WIN is a covered entity as defined under HIPAA and a data controller as defined under GDPR.
WIN may change this Privacy Policy at any time at its sole discretion including to comply with applicable laws, regulations, and contractual obligations. Your continued use of the Services reflects your consent to the application of the revised Privacy Policy to information previously provided to WIN.
We take appropriate security measures to safeguard your Personal Information from unauthorized access and disclosure. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know process your Personal Information to enable us to provide Services to you. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
However, it is important to note that no system can be completely secure. Therefore, although we take steps to secure your Personal Information, we do not promise, and you should not expect, that your Personal Information, searches, or other communications will always remain secure. Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. Please refer to the Federal Trade Commission’s website at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft.
From time to time, WIN may link to other websites in order to provide you with additional useful information and services. WIN is not responsible for the privacy policies or actions of those controlling third-party sites. Therefore, you are encouraged to look for and review the privacy policies of any third-party site you visit.
We would like to make sure you are fully aware of your data protection rights. Every user is entitled to request the following and we will comply with such requests within 1 calendar month:
To oversee compliance with this privacy notice, we have appointed a Data Protection Officer (DPO). If you have any questions about this privacy notice, your data protection rights or on how we handle your personal information, you can contact us via:
Email: dataprivacy@winfertility.com
Call: 914-412-3099 (International callers need to prefix US country code 1)
Mail:
The Data Protection Officer
WINFertility
Greenwich American Center
1 American Lane
Greenwich, CT – 06831
USA
For all EU data subjects, we have appointed IT Governance EU to act as our EU Representative, therefore all requests to exercise your rights under GDPR, questions and comments regarding this privacy policy should be emailed to eurep@itgovernance.eu and for all UK data subjects we have appointed GRCI Law to act as our UK Representative, therefore all requests to exercise your rights under UK GDPR or for questions or comments on this privacy policy should be emailed to ukrep@grcilaw.com. Physical correspondence can also be addressed to:
EU Representative
IT Governance Europe, Third Floor,
The Boyne Tower, Bull Ring,
Lagavooren, Drogheda,
Co. Louth, Ireland, A92 F682.
UK Representative
GRCI Law Limited,
Unit 3 Bartholomew’s Walk,
Clive Court, Ely,
United Kingdom, CB7 4EA.