Casect collects and manages user data according to the following Privacy Policy. By using casect.com (the “Website”) and the Platform, users agree to the terms of this Privacy Policy, the End User License Agreement and the Terms of Use. Please read these documents in their entirety, and refer to them for definitions and contacts.
The Casect Notice Address for all purposes under this Privacy Policy, the Terms of Use, the End User License Agreement, and the HIPAA Business Associate Agreement shall be:
Casect, LLC
1309 Coffeen Avenue, 549
Sheridan, WY 82801
support@casect.comwww.casect.com1. Data Collected
Cookies. Casect collects anonymous data from every visitor of
the Website. In order to enable login-based features, Casect uses
cookies to store session information for the convenience of
Subscriber. Subscribers can block or delete cookies and still be able
to use the Website and Platform, although Subscribers will then be
asked for their username and password every time they log in to the
Website. In order to take advantage of certain features of the
Website, a Subscriber may also choose to provide Casect with other
information, but Subscriber retains discretion to decide whether or
not to utilize these features and provide such data.
Account Information. Subscribers are required to create an
account and log in to provide certain personal information (such as
name, email address, phone number, billing address, and professional
information) in order to be able to create Case Records and media,
documents, records, and comments associated with it (all of which
shall be referred to herein as “Subscriber Information”).
Changes. Subscribes are able to view, change and remove the
data associated with their account. If Subscriber chooses to delete
its account, Subscriber may do so using the Website or Platform.
No Minors. Minors and children should not use the Website or
Platform. By using the Website and Platform, users represent that they
have the legal capacity to enter into a binding agreement.
2. Protected Health Information
HIPAA Compliance. Certain information held on the Website may be considered
“Protected Health Information” as defined in the Health
Insurance Portability and Accountability Act of 1996, (Pub. L.
104-191, August 21, 1996, 110 Stat. 1936), 42 U.S.C. § 1320d -
1320d-8, as amended (“HIPAA”). That information is retained,
processed and communicated in accordance with the End User
License Agreement and HIPAA Business Associate Agreement that
have been entered into between Casect and each Subscriber, which
provides that Protected Health Information is transmitted and
used in full compliance with HIPAA.
No Sharing of PHI. Certain information held on the Website may be considered
“Protected Health Information” as defined in the Health
Insurance Portability and Accountability Act of 1996, (Pub. L.
104-191, August 21, 1996, 110 Stat. 1936), 42 U.S.C. § 1320d -
1320d-8, as amended (“HIPAA”). That information is retained,
processed and communicated in accordance with the End User
License Agreement and HIPAA Business Associate Agreement that
have been entered into between Casect and each Subscriber, which
provides that Protected Health Information is transmitted and
used in full compliance with HIPAA.
Deidentified Data. Casect may share information provided by Subscriber which is not
Protected Health Information or which has been de-identified in
accordance with HIPAA with other third-party organizations.
3. Use of the Data
Limited Use. Casect only uses Subscriber information to provide the Platform
services or to communicate with Subscribers about services or
the Website. Casect does not share information Subscriber
provides unless: (a) doing so is appropriate to carry out a
Subscriber's request; (b) it is needed to enforce the Casect
Terms of Use; (c) Casect is legally required to share the
information; (d) the information is needed to detect, prevent or
address fraud, security or technical issues; or (e) otherwise to
protect Casect's property, legal rights, or that of third
parties.
No Unauthorized Access. With respect to any documents, photos, videos, content or
information that a Subscriber may choose to upload to the
Platform, Casect takes the privacy and confidentiality of such
documents seriously. Casect employs industry-standard techniques
to protect against unauthorized access of data of Subscribers
that are stored, including personal health information of third
parties.
Contact with Subscriber. Casect may contact a Subscriber or user, by email or other
means. For example, Casect may send promotional emails relating
to Casect or other third-parties, or communicate with Subscriber
or users about use of the Website.
4. Sharing of Data
Optimization Use. Except as otherwise set forth herein or in the End User License
Agreement or Terms of Use, Casect does not share Subscriber
information with third parties. Only aggregated, anonymized data
is periodically transmitted to external services to help to
improve the Website and Platform.
Agents. Casect may contract with people and other entities that perform
certain tasks on its behalf (“Agents”). Casect may need to share
Subscriber information with its Agents in order to provide
products or services to Subscriber. Agents do not have any right
to use Subscriber information or other information Casect shares
with them beyond what is necessary to assist us. By using the
Website and Platform, Subscribers consent to Casect's sharing of
Subscriber information with the Agents.
Assignee. Casect may also transfer the Subscriber Information to an
assignee in the event of the sale of the assets of Casect or a
bankruptcy. Subscriber acknowledges that such transfers may
occur, and that any acquirer of Casect or its assets may
continue to use the Subscriber Information as set forth in this
policy.
5. GDPR Privacy Notice
Applicability. If Subscriber is located in the European Union (“EU”), United
Kingdom, Lichtenstein, Norway, or Iceland, a Subscriber may have
additional rights under the EU General Data Protection
Regulation (the “GDPR”) with respect to Personal Data, as
outlined below.
Personal Data. For this GDPR Privacy Notice, the terms “Personal Data” and
“processing” are as defined in the GDPR, but “Personal Data”
generally means information that can be used to individually
identify a person, and “processing” generally covers actions
that can be performed in connection with data, such as
collection, use, storage and disclosure. Casect will be the
controller of Personal Data processed in connection with the
Platform, except that Casect may also process Personal Data of
Subscriber's patients or employees in connection with Casect's
provision of services to Subscriber, in which case Casect is the
processor of Personal Data and Subscriber is the controller. For
more information about data rights and processing activities,
please contact Casect at the Notice Address.
Supplement. Where applicable, this GDPR Privacy Notice is intended to
supplement, and not replace, Casect's existing privacy policy.
If there are any conflicts between this GDPR Privacy Notice and
the balance of this Privacy Policy, the policy or portion that
is more protective of Personal Data shall control to the extent
of such conflict.
Processing Personal Data. Casect will only process Personal Data if it has a lawful
basis for doing so. Lawful bases for processing include
consent, contractual necessity and the “legitimate interests”
of Casect or others, as further described below. When Casect
processes Personal Data based on Subscriber consent, it will
be expressly indicated to Subscriber at the point and time of
collection. From time to time, Casect may also need to process
Personal Data to comply with a legal obligation, if it is
necessary to protect the vital interests of Subscriber, or if
it is necessary for a task carried out in the public interest.
Collection and Use of Personal Data - Casect collects Personal Data about Subscriber when Subscriber provides such Personal Data directly to Casect, when third parties such as Casect's business partners or service providers provide Casect with Personal Data about Subscriber, or when Personal Data about Subscriber is automatically collected in connection with Subscriber's use of the Platform.
- Casect receives certain Personal Data directly from Subscriber when Subscriber provides Casect with such Personal Data, including without limitation the following: first and last name; email address; mailing address; telephone number; medical credentials and job title.
- Casect collects and processes these categories of Personal Data as a matter of contractual necessity so that Casect can provide the Services to Subscriber in accordance with Casect's Terms of Use. When Casect processes Personal Data due to contractual necessity, failure to provide such Personal Data will result in Subscriber's inability to use some or all portions of the Services that require such Personal Data.
- Casect may also collect Case Record information from Subscriber when Subscriber provides it to Casect. By sharing this user content in a public forum, Subscriber is choosing to disclose any Personal Data included in such content, and Casect does not have control over the decision of Subscriber. Casect processes user content, including any Personal Data included in any such user content, on the basis of Casect's legitimate business interest in providing Subscriber with the Platform services.
- Casect also uses the Personal Data it collects directly from Subscriber to operate, improve, understand and personalize the Platform based on Casect's legitimate business interest in operating the Platform in a way that benefits Casect and its Subscribers.
Information from third party sources: Some third parties provide Casect with Personal Data about Subscriber, such as the following:
- Account information for third party services. If Subscriber interacts with a third-party service when using the Casect services, such as if Subscriber uses a third party service to log-in to the Casect Platform, or if Subscriber shares content from the Platform through such third party service, the applicable third party service will send Casect certain Personal Data if the third party service and Subscriber's account settings allow such sharing. The Personal Data Casect receives will depend on the policies and account settings with the applicable third-party service.
- Information from advertising partners. Casect receives information about Subscribers from some of its service providers that provide marketing or promotional services to Casect related to how Subscriber interacts with the Website, applications, products, services, advertisements or communications.
- Information automatically collected. Some Personal Data is automatically collected when Subscriber uses the Website or Platform, such as the following: IP address; device identifiers; web browser information; page view statistics; browsing history; usage information; cookies and other tracking technologies; location information; and log data.
Cookies. In collecting the Personal Data, Casect sometimes use “cookies”
and other tracking technologies. Cookies allow Casect to
recognize a browser or device and “remember” a browser during
subsequent visits for purposes of functionality, preferences,
and website performance. Most browsers automatically accept
cookies but have an option for blocking or deleting cookies,
which will prevent a browser from accepting new cookies, as well
as allow a user to decide on acceptance of each new cookie in a
variety of ways. A user can usually access these options through
the “Settings” or similar menu in a browser. Please note that if
a Subscriber blocks or deletes cookies, some portions of the
Platform may not work properly.
Other uses of Personal Data. Casect may also process the Personal Data collected on the basis of the following legitimate business interests.
- Operation and improvement of Casect's business, products and services
- Marketing of products and services
- Provision of customer support
- Protection from fraud or security threats
- Compliance with legal obligations
- Completion of corporate transactions
Sharing of Data - Third-Party Vendors. Casect shares Personal Data with vendors, third party service providers and agents who provide Casect with services related to the purposes described in this Privacy Policy or Casect's Terms of Use. Casect also shares Personal Data when necessary to complete a transaction initiated or authorized by Subscriber or to provide Subscriber with a product or service requested.
- Compliance. Casect also shares Personal Data when it is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; protect Casect, its business or its users, for example to enforce the Terms of Use, End User License Agreement, prevent spam or other unwanted communications and investigate or protect against fraud; and to maintain the security of the Casect products and services. Casect also shares Personal Data with third parties when Subscriber gives Casect consent to do so.
- Business Transfer. If Casect chooses to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if Casect, or substantially all of its assets, were acquired, or if Casect goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and Casect would share Personal Data with the party that is acquiring the assets. Any acquirer of Casect or its assets may continue to use the Personal Information as set forth in this policy
Retention. Casect retains Personal Data for as long as Subscriber has an
open account with Casect or as otherwise necessary to provide
the Platform and improve it for all users. In some cases, Casect
may retain Personal Data for longer, if doing so is necessary to
comply with its legal obligations, resolve disputes or collect
fees owed, or is otherwise permitted or required by applicable
law, rule or regulation. Afterwards, Casect may retain some
information in an aggregated form.
Security. Casect seeks to protect Personal Data by using appropriate
technical and organizational measures based on the type of
Personal Data and applicable processing activity.
Personal Data of Children. Casect does not knowingly collect or solicit Personal Data from
anyone in the EU, United Kingdom, Lichtenstein, Norway, or
Iceland under the age of 16. If Casect learns that it has
collected Personal Data from a child under age 16, Casect will
delete that information as quickly as possible. If a user
believes that a child under 16 may have provided Casect with
Personal Data, please contact Casect at the Notice Address.
Personal Data Rights. Subscriber may have certain rights with respect to Personal Data, including those set forth below. For more information about these rights, or to submit a request, Subscriber may email Casect at the Notice Address. Please note that in some circumstances, Casect may not be able to fully comply with a Subscriber's request.
- Access
- Rectification
- Erasure
- Withdrawal of Consent
- Portability
- Objection
- Restriction of Processing
- Right to File Complaint