Privacy Policy

WINFertility (WIN) is a corporation established in the United States and is committed to protecting the privacy and security of your personal information. To fulfill our contractual obligations with our clients and deliver health care services to you or our clients in relation to your health, we are required to access, store and process your personal information.

This privacy notice will help you understand what data we collect, how we use, protect and share the data, and your privacy rights related to your personal information processed by us. We encourage you to read this notice carefully, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

1. What data do we collect and from whom?

During the course of providing Services, including family building care management, to you, we will collect or gain access to your Personal Information directly from you, your partner or other family members, from health plans, physicians, pharmacies, pharmacy benefit managers, health care professionals, employers, their representatives or sub-contractors, from related third-parties and through our websites, web applications, mobile applications (collectively referred to as Website). This information, collectively referred to as “Personal Information” includes the following related to your, your partner and/or other family members (as applicable):

  • Name and contact information including, without limitation, email address, physical address, phone number, and other location data
  • Unique personal identifiers and biographical information (e.g. date of birth, gender)
  • Personal Health Information and medical records including, without limitation, sensitive health and financial information
  • All of the above information related to minor children, where consent is obtained from parent/legal guardian
  • Call notes, emails and recordings of conversations with our representatives, employees, contractors, subcontractors, agents
  • User details provided by you at the time of registration or thereafter on our website
  • Usage details on our website, such as time, frequency, duration, pattern of use, features used
  • Any master, transaction data and other data you have willingly stored in your user account on our website
  • Internet Protocol address, mobile device IDs, cookie data, browser type, browser language, referring URL, files accessed, errors generated, time zone, operating system and other visitor details collected in our log files
  • Information from third parties that display ads or otherwise promote their products including data about your visits to our Website and websites operated by others
  • Information from voluntarily completed customer survey or feedback provided on our website or via phone or email.
  • Use or view our website via your browser’s cookies
  • Any other information you share with us willingly

2. How do we collect your data?

The Services have security measures in place that WIN believes are reasonable to protect against the loss, misuse and alteration of Personal Information under our control. However, all security measures are subject to possible circumvention, and we cannot and do not provide any guarantees regarding the effectiveness of the security we employ or our ability to prevent third parties, acting unlawfully, from obtaining Personal Information that you provide to us.

Any sensitive Personal Information you provide to WIN – such as health information about you – should be transmitted only through secure means, including electronic transmissions, secure web portals or apps that are encrypted in accordance with applicable law. WIN expects your health plans, physicians, pharmacies, pharmacy benefit managers, health care professionals, employers and their representatives or sub-contractors to transfer your Personal Information to us securely with secure transfer mechanisms WIN has provided to them. However, WIN, under any circumstances, cannot take responsibility for any such entity failing to transfer your Personal Information securely to us. No transmission to WIN of specific health information should be made via regular email.

When you are using the Services, Personal Information that you submit will be transmitted via the internet (with Secure Socket Layer encryption) and such transmission is beyond the control of WIN. WIN assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other Personal Information transmitted in connection with use of the Services

3. How will we use your data?

Your Personal Information may be used for various purposes including but not limited to the following:

  • To provide effective Services
  • To operate and improve our Website and/or our Services;
  • To contact you via phone, app, text, email or postal mail for appointments or queries related to Services
  • To send promotional mailings via app, text, email or postal mail;
  • To administer or otherwise carry out our contractual obligations with you, your health plan or employer
  • To provide advertisements on the Website about goods and services that may be of interest to you
  • To build a profile of patients and customers using our services
  • To respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims; and
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of/breach of our agreements with you or our clients or as otherwise required by law
  • To aggregate Personal Information for research, statistical analysis and business intelligence purposes and organizational needs, as determined solely by us from time to time

4. How do we store your data and who do we share it with?

We store Personal Information on servers located in our secure data centers in Collegeville, PA, Atlanta, GA, and Greenwich, CT, all located within the United States.

For the purpose of providing Services to you, we will share your Personal Information with third parties including”

  • Our colocation data center providers located in the United States
  • In the case of UK and EU residents, with our local UK/EU representatives.
  • Hardware, software, telecommunication and data security third-party vendors to help organize, store and better protect your Personal Information provided the data continues to reside in our servers within the United States only
  • Survey and mail vendors to maintain and enhance the quality of our services to you and meet our contractual obligations with our clients

We will share your Personal Information with third parties only after they have agreed to comply with our commitments made under this Privacy Policy and only with those parties with whom we have a contractual relationship.

We will share your Personal Information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Neither WIN nor its strategic business partners will give, sell, rent or loan any identifiable Personal Information to any third party, unless legally required to share such information.

We may disclose Personal Information we possess about you as part of a merger, acquisition, sale of company assets, or transition of service to another provider, as well as in the unlikely event of insolvency, bankruptcy, or receivership in which your Personal Information would be transferred as one of the business assets of the company. We do not guarantee that any entity receiving such information in connection with one of these transactions will comply with all terms of this Privacy Policy.

We will retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any contractual, legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data and applicable legal requirements.

In some circumstances we may anonymize your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If you or our client related to your health care is no longer in a business relationship with us, we will return and/or securely destroy your Personal Information in accordance with our data retention policy, applicable laws and contractual obligations with our clients.

5. Marketing and use of Cookies

We or our partner companies may send you information about our products and services that we think you might like. At any time, you can opt out of receiving such information and have a right at any time to request that we stop contacting you for marketing purposes and we shall comply with your requests within reasonable time.

Our Company uses cookies in a range of ways to improve your experience on our website including:

  1. Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously chosen preferences,  including keeping you signed in.  These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
  2. Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address, mobile device ID.

We may place or recognize a unique “cookie” on your Internet browser. Cookies are small files placed on the hard drives of visitors to the Website. The cookies reflect identifying information about each user and retain certain non-identifying information about the user’s use of the Website. These cookies are accessible to WIN and its third party advertisers as users browse the Website. Most Internet browsers are initially set to accept cookies. Users are always free to set their Internet browsers to decline cookies, if their browser permits; however, it is possible that some parts of the Website, such as the areas where access is limited to registered users, will not function properly if the user’s cookies are disabled.

Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

You may occasionally receive cookies from our advertisers or business partners who offer services through, or advertise on, the Website. We do not control these cookies, and these cookies are not subject to our privacy policies.

6. Security and Privacy Procedures and Compliance

WIN’s privacy practices comply with the Health Insurance Portability and Accountability Act (“HIPAA“), HITECH, HITRUST CSF framework, General Data Protection Regulation (GDPR) and other federal and state regulations applicable to Services provided to its patients and contractual obligations to its clients. WIN is a covered entity as defined under HIPAA and a data controller as defined under GDPR.

WIN may change this Privacy Policy at any time at its sole discretion including to comply with applicable laws, regulations, and contractual obligations.  Your continued use of the Services reflects your consent to the application of the revised Privacy Policy to information previously provided to WIN.

We take appropriate security measures to safeguard your Personal Information from unauthorized access and disclosure. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know process your Personal Information to enable us to provide Services to you. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

However, it is important to note that no system can be completely secure. Therefore, although we take steps to secure your Personal Information, we do not promise, and you should not expect, that your Personal Information, searches, or other communications will always remain secure. Users should also take care with how they handle and disclose their Personal Information and should avoid sending Personal Information through insecure email. Please refer to the Federal Trade Commission’s website at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft.

From time to time, WIN may link to other websites in order to provide you with additional useful information and services. WIN is not responsible for the privacy policies or actions of those controlling third-party sites. Therefore, you are encouraged to look for and review the privacy policies of any third-party site you visit.

7. What are your data protection rights?

We would like to make sure you are fully aware of your data protection rights. Every user is entitled to request the following and we will comply with such requests within 1 calendar month:

  • Know and Access– You have the right to request us for copies of your personal data. In some circumstances, we may charge you a small fee for this service.
  • Rectification– You have the right to request that we correct any Personal Information you believe is inaccurate. You also have the right to request us to complete Personal Information you believe is incomplete. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your working relationship with us.
  • Data portability– You have the right to request that we transfer the Personal Information that we have collected to another organization, or directly to you, under certain conditions.
  • Erasure– You have the right to request that we erase your Personal Information, under certain conditions.
  • Restrict processing– You have the right to request that we restrict the processing of your Personal Information, under certain conditions.
  • Object to processing– You have the right to object to our processing of your Personal Information, and opt out of sharing with Third Parties and use in Automated Decision Making under certain conditions.
  • Withdraw consent – While we will provide services to you using your Personal Information only after obtaining your consent as necessary per applicable legal regulations, you have the right to withdraw such consent, under certain conditions. While doing so, you recognize that some or all services that we intend to provide to you under our contractual obligations to you and our clients will be severely or entirely restricted due to such withdrawal of consent and we will no longer be responsible for continued delivery of Services

8. How to contact us

To oversee compliance with this privacy notice, we have appointed a Data Protection Officer (DPO). If you have any questions about this privacy notice, your data protection rights or on how we handle your personal information, you can contact us via:

Email: dataprivacy@winfertility.com

Call: 914-412-3099 (International callers need to prefix US country code 1)

Mail:

The Data Protection Officer

WINFertility

Greenwich American Center

1 American Lane

Greenwich, CT – 06831

USA

 

9.   How to contact our local representatives in UK and EU

For all EU data subjects, we have appointed IT Governance EU to act as our EU Representative, therefore all requests to exercise your rights under GDPR, questions and comments regarding this privacy policy should be emailed to eurep@itgovernance.eu and for all UK data subjects we have appointed GRCI Law to act as our UK Representative, therefore all requests to exercise your rights under UK GDPR or for questions or comments on this privacy policy should be emailed to  ukrep@grcilaw.com. Physical correspondence can also be addressed to:

 

EU Representative

IT Governance Europe, Third Floor,

The Boyne Tower, Bull Ring,

Lagavooren, Drogheda,

Co. Louth, Ireland, A92 F682.

 

UK Representative

GRCI Law Limited,

Unit 3 Bartholomew’s Walk,

Clive Court, Ely,

United Kingdom, CB7 4EA.