Purpose
The purpose of this privacy policy is to inform you about what kinds of information we at mobileHealthWorks, a branded service offering of the company Synegys s.r.o. (“Synegys”), may gather about you, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of the information. Reference to our “Web Sites” includes the following: www.synegys.com, www.mobilehealthworks.com, and any other site owned by Synegys. This policy does not apply to the practices of companies that Synegys does not own or control, or to people that Synegys does not employ or manage. This includes any companies from whom you may have ordered services or products that are transmitted over Synegys’ mobile transaction network, and any companies from whom you may be purchasing telecommunications services.
We know you are concerned about privacy, so we developed this privacy policy (“Privacy Policy”) to explain how we collect, use, and disclose information from you, our user (“you” or “your”). We offer solutions for companies to setup, use and operate a cloud backend web-based solution, SMS solution, mobile app or any combination (“Apps”), and a number of related services (collectively, the “Services”). Read on and we will tell you how this all works.
This Privacy Policy will apply whether you are a “Visitor” (which means that you simply browse the Site), or a “Client” (which means you have registered with us, established an Account and have access). Visitors and Clients are individually referred to as a “User,” and collectively, as “Users”. This Privacy Policy also applies to information collected through Apps from end users of those Apps (“End Users”), as described in more detail below.
So we are clear about the terminology we are using, when we use the phrase “Personal Information”, we mean contact information (i.e., name, address, email address, and/or telephone number) and any other non-public information that is used or intended to be used to personally identify an individual, and information associated with the foregoing. When we use the phrase “Anonymous Information”, we mean information that is not associated with or linked to Personal Information. Anonymous Information does not enable identification of or contact with, individual persons.
BY USING OUR SITE OR SERVICES OR SUBMITTING PERSONAL INFORMATION THROUGH OUR SITE OR SERVICES, YOU AGREE TO THE TERMS OF THIS PRIVACY POLICY AND YOU EXPRESSLY CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION ACCORDING TO THIS PRIVACY POLICY. YOUR PERSONAL INFORMATION MAY BE PROCESSED BY US IN THE COUNTRY WHERE IT WAS COLLECTED AS WELL AS OTHER COUNTRIES (INCLUDING THE UNITED STATES) WHERE LAWS REGARDING PROCESSING OF PERSONAL INFORMATION MAY BE LESS STRINGENT THAN THE LAWS IN YOUR COUNTRY.
Basic Principles for Data Processing
We always approach your personal data in accordance with the legislation currently in force. You can find a list of the most important legal regulations in the sections following this. In accordance with these regulations, we also comply with the following basic principles of personal data processing:
- We always process your personal data in the correct manner in accordance with the law and using a method that is adequately clear, transparent and comprehensible.
- We always process your personal data in the necessary scope and using a method that is in accordance with the purpose for which we process your data.
- We take care to ensure that your personal data which we process is always accurate and updated as needed. Inaccurate personal data will be deleted or corrected.
- We process your personal data only for the absolutely necessary period of time. In certain cases, such period is stipulated by the law; in other cases, we set the period internally so that it corresponds to our legitimate interests.
- We properly secure your personal data against leakage, unauthorised processing, accidental loss and damage. For this purpose, we have adopted appropriate technical measures particularly consisting in strict setting of individual persons’ access to your data, encryption and other technical and physical means of security.
GDPR
The Synegys Privacy Policy complies with Chapter 3 Articles 12-23 in as much as Synegys collects data from individuals for marketing and day to day business operations. Synegys’ primary role in relation to GDPR is that of a Data Processor for Data Controllers that reside within the Union or Data Controllers that have data subjects that live in the Union. The Data Controllers provide a GDPR compliant Data Processing Agreement with Synegys for requested services and Synegys acts under the authority of the Controller to process data based on their instructions.
We obtain your personal data either directly from you or from our Clients who are providing services to you. The types of personal data processed is found in the section Information Collection.
Moreover, information is also collected by cookies. Please refer to the section Cookie Notice.
Documentation is in electronic form and access to its contents by individual employees is strictly limited. Documentation in paper form is stored in a locked facility in order to prevent unauthorised access. All employees are trained to heed the enhanced measures in connection with this matter.
Personal data can be processed to support our Client’s business scope e.g. clinical studies or for the purposes of our promotion. Your personal data is processed on the basis of your voluntary consent to personal data processing, which you cannot and will not be forced to provide in any case. You can withdraw your consent at any time or, as the case may be, exercise your other rights connected with personal data processing, about which we will thoroughly instruct you before you grant consent.
Personal information is never shared outside Synegys without permission, except under conditions explained below:
- When we have consent to share the information;
- If sharing information is necessary to provide a product or requested service (If information is shared with third parties we only provide the information they need to deliver the service. Also, such companies are prohibited from using information for any other purpose);
- To keep users up to date on the latest product announcements, software updates, special offers or other information we think users would like to hear about (unless users have opted out of these types of communications).
We will also disclose personal information if required to do so by law, to enforce our Terms of Use, or in urgent circumstances, to protect personal safety, the public or our websites.
As a matter of principle, we do not transfer your personal data abroad. This may happen only exceptionally if you grant us consent for such transfer (e.g. if you participate in a clinical study), a Client’s request (the Privacy Policy of the Client is followed between you and the Client) or if it is required by a legal regulation.
Your personal data is always retained for the absolutely necessary period. If we process your data on the basis of your consent, we shall undertake to process your data on for the period specified in such consent.
As a data subject, the law confers on you a full range of rights.
Right of access to personal data
Of course, you have the right to know the kind of data pertaining to you that is being processed, the purpose and duration of such processing, where we obtained the data and whether and to whom we transfer the data. At the same time, you have the right to information on other rights pertaining to such data. This document in particular serves for your awareness in this regard; nevertheless, we are prepared to provide you with confirmation or clarification regarding any item of this information.
If you request it from us, we will also provide to you, without undue delay, a copy of your processed personal data. In connection with administrative costs, we are authorised to charge a proportionate fee for such copy, especially in the case that it is requested repeatedly. If you submit the request in electronic form, we will automatically assume that you are interested in provision of information also in electronic form. However, you have the option of requesting provision by other means. Please bear in mind that the rights of other persons cannot be adversely affected by the right to obtain a copy of processed personal data.
Right to correction of personal data
In the event you determine that the personal data that we process in relation to you is not accurate or complete, you have the right to request that we supplement or correct such data without undue delay.
Right to restriction of personal data processing
In certain cases, this right enables you to demand that certain items of your personal data be marked for restricted processing and thus not be the subject of further processing for a certain period. This is not the same as the right to deletion, as restriction of processing is not permanent. You have the right to demand restriction of the processing of your personal data in the case that:
- you refute the accuracy of your data that we are processing; restriction will be imposed for the period necessary to verify the accuracy of the data.
- processing is without a legal basis (e.g. beyond the scope of data that we are authorised to process), but you prefer restriction of processing instead of deletion because, for example, you anticipate that you will provide the data to us in the future.
- we no longer need to process your personal data, but you request the data for the purpose of determining, exercising or defending your legal claims.
- you raise an objection against processing (see the point of instruction on this right below).
If processing is restricted, data can be processed only with your consent or for the purpose of determining, exercising or defending legal claims, for the purpose of protecting the rights of another entity, whether a natural person or legal entity, or for important reasons in the public interest.
Right to raise objections against personal data processing
You can exercise the right to raise objections against the processing of personal data only in the situation when we would process any of your personal data in the public interest or on the basis of our legitimate interests or for the purposes of direct marketing. In such cases, you can raise an objection at any time. If that happens, we will further process your personal data only if we demonstrate serious, legitimate reasons for doing so (particularly if we need the data for determining, exercising or defending our legal claims). If, however, you raise an objection against data processing for the purpose of direct marketing, we will cease processing your data for such purpose without delay.
Right to file a complaint with the supervisory authority
Exercising the rights set forth above shall not in any way affect your right to file a complaint with the Office for Protection of Personal Data. You can find the current contact information on the website of the Office for Protection of Personal Data (www.uoou.cz). You can file a complaint at any time when you have doubts as to whether your personal data is being processed as it should be, i.e. if you believe your personal data is being processed without authorisation or in conflict with legal regulations.
Right to deletion
In certain cases, you, as the data subject, have the right to have your personal data deleted. We generally accede to deletion of your personal data when we no longer need such data or we do not have a legal reason to process it. Furthermore, we will delete your personal data if it was processed on the basis of consent and that consent has been withdrawn.
Please bear in mind that, even though this concerns one of the reasons for deletion, it does not mean that we will immediately delete all of your personal data. This right does not apply in the case that processing of personal date continues to be necessary for fulfilment of our legal obligations, archiving purposes, scientific or historical research or for statistical purposes, or for determining, exercising or defending our legal claims.
Right to withdraw consent
If this involves cases in which your personal data is processed on the basis of consent, you further have the right to withdraw your consent at any time. However, previous processing that we carried out prior to withdrawal of consent shall not be affected in any way by such withdrawal of consent.
In all matters associated with the processing of your personal data, whether that involves an enquiry, exercise of rights, filing of a complaint or anything else, you can contact our data protection officer using the following methods:
- by post or in person upon prior agreement at the address Synegys s.r.o., Washingtonova 1567/25, Praha 1 110 00, Czech Republic.
- by e-mail at the e-mail address office+DPO@synegys.com
- by telephone at +420 603 429 748
We will handle your request without undue delay, though within one month at the latest. In exceptional cases, particularly due to the complexity of your request, we are authorised to extend this period by two months. Of course, we will inform you of any such extension and the rationale for it.
We would also like to remind you that the supervisory authority with respect to the issue of personal data protection in the Czech Republic is the Office for Protection of Personal Data, which is also prepared to receive your suggestions and complaints. The Office for Protection of Personal Data is located at the address Ppl. Sochora 27, 170 00 Prague 7. You can find its current contact information on its website at www.uoou.cz.
California Consumer Privacy Act (CCPA)
In addition to privacy and security information contained within our Privacy Policy that complies with the CCPA, Synegys does not sell your information to third parties. Synegys will also review this Privacy Policy at least once a year.
NOTE – HIPAA and PHI: The requirements of the CCPA do not apply to “medical information” subject to the California Confidentiality of Medical Information Act (CMIA) or to “protected health information” (PHI) collected by covered entities and business associates under the HIPAA Privacy, Security and Breach Notification Rules. All data collected by the Synegys platform (PHI or non-PHI) receives the same safeguards for security, privacy and breach notification applied to our clients covered under HIPAA rules and stipulated by a client BAA.
Cookie Notice
This cookie notice is for visitors to our websites, apps and other digital platforms. It sets out how we use cookies.
For almost any modern website to work properly, it needs to collect certain basic information on its users. To do this, a site will create files known as cookies – which are small text files – on its users’ computers. These cookies are designed to allow the website to recognize its users on subsequent visits, or to authorize other designated websites to recognize these users for a particular purpose.
Cookies do a lot of different jobs which make your experience of the Internet much smoother and more interactive. For instance, they are used to remember your preferences on sites you visit often, to remember your user ID and the contents of your shopping baskets, and to help you navigate between pages more efficiently. They also help ensure that the advertisements that you see online are more relevant to you and your interests. Some data collected is designed to detect browsing patterns and approximate geographical location to improve user experience.
Some websites may also contain images called ‘web beacons’ (also known as ‘clear gifs’). Web beacons only collect limited information, including a cookie number, a timestamp, and a record of the page on which they are placed. Websites may also carry web beacons placed by third party advertisers. These beacons do not carry any personally identifiable information and are only used to track the effectiveness of a particular campaign (for example by counting the number of visitors).
Information collected by cookies is now classed as personal data.
We collect a number of cookies from our users for various reasons, not least to track our own performance – but also to let us serve you content tailored to your own specifications, hopefully improving your overall experience of the website. Amongst other things, the cookies we use allow users to register to make comments, allow us to calculate how many visitors we have and how long they stay on our site.
Cookies That Ensure the Website can Function Properly
We use essential cookies for the following purposes:
- Reading your browser settings so that your screen will reproduce our website in the best possible way
- Identifying your browser when you are logged in so that you will not have to log into our website again (all the time)
- Detecting abuse of our website and services, e.g., by registering a number of successive, failed login attempts
- Evenly spreading the load on the website, so that the website remains accessible at all times
- Offering the option to save login data so that you will not have to enter them anew all the time
- Providing the possibility to react to our website
Third parties serve cookies through our Websites for analytics and other purposes. This is described in more detail below.
Cookies Through Which We Can Measure the Website’s Use
We use cookies to continuously try to measure how many people visit our website and what parts of the website they visit most. This tells us what components of the website draw our visitors’ interest most.
The information thus gathered is used for statistics. These statistics provide us with insight into how frequently our webpage is visited, where exactly visitors spend most of their time, etc. This enables us to draft the website’s structure, navigation and the contents as user friendly as possible for you. We will never trace any statistics to individuals.
We use cookies for:
- Recording the number of visitors of our web pages
- Setting the order in which a visitor visits the various pages of our website
- Assessing which parts of our site need adaptation
- Optimizing the website
Cookies to Share the Contents of our Website Through Social Media
By using buttons, you can share the articles and videos you watch on our Website through social media. These buttons are controlled by social media cookies that are deployed by the social media providers, so they are able to recognize you when you would like to share articles or videos. The collection, use and processing of data via these cookies is subject to the privacy policies of the relevant social media provider.
If you do not want websites to place cookies on your computer or mobile device at all, you can adapt your browser settings as such that you will be notified before any cookie is placed. You can likewise adapt the settings as such so that your browser refuses all cookies or only the third-party cookies. Likewise, you can remove any of your cookies that have already been placed. Please note that you will have to separately adapt the settings for each browser, mobile device, and computer you use.
You should be aware that any preferences will be lost if you delete all cookies and many websites will not work properly or you will lose some functionality. We do not recommend turning cookies off when using our website for these reasons.
Most browsers accept cookies automatically, but you can alter the settings of your browser to erase cookies or prevent automatic acceptance if you prefer. Generally, you have the option to see what cookies you’ve got and delete them individually, block third party cookies or cookies from particular sites, accept all cookies, to be notified when a cookie is issued or reject all cookies. Visit the ‘options’ or ‘preferences’ menu on your browser to change settings.
Information Collection
Personal Information and End User Information
At certain points in our Web site, when information is requested, product documentation is downloaded, surveys are filled out, products are ordered, etc., Synegys may ask for you to fill out information that pertains to you personally. This type of information can include name, address, phone number, fax number, text-messaging number, email address, etc. At any point that such information is requested, you are always given the choice of whether or not you wish to submit this information to Synegys.
If a Client collects and submits to us information of End Users, either through an App or otherwise, we may receive and store such information (“End User Information”). End User Information collected through Apps may include, but is not limited to, the following, which may be Personal Information of such End Users:
- Information about End Users, including name, address, gender, age, marital status, photograph, in-App purchase history, survey responses, and preferences.
- Information about a mobile device, including universally unique ID (“UUID”), platform type and version (iOS v4, Android, etc.), carrier and country location, hardware and processor information (storage, chip speed, camera resolution, NFC enabled, and network type (WiFi, 2G, 3G, 4G).
- Sensory and other information collected through a mobile device, including accelerometer data, lock phone on/off, power on/off, airplane mode on/off, number of SMS/MMS messages, number of calls and duration, camera usage, speaker usage, Bluetooth usage, NFC usage, and GPS location data
- Information about App usage, including user App retention data, session length, and session interval.
Synegys collects personal information when users register with Synegys for a Synegys Member / User login or account, for certain Synegys products or services or when asked by users to be included in an email or other mailing list. From time to time, Synegys receives personal information from business partners and vendors who may have been provided information by end users as part of two-way communications. Synegys only uses such information if it has been collected in accordance with acceptable privacy practices consistent with this Privacy Statement and applicable laws.
Access to certain Synegys web pages and the Synegys software requires a login and a password. Personal information may be retained by Synegys to verify compliance with the agreement, log software licenses granted, track software downloaded from those pages, or track usage of other applications available on those pages.
Anonymous Information
As you use our Site or Services, we may also collect certain information, including Internet protocol address, browser type, domain names, and access times from you and End User devices accessing the Services through your Apps, as well as any other anonymous End User Information of submitted through your Apps. We also use Cookies and navigational data like Uniform Resource Locators (URLs) to gather information regarding the date and time of your use of the Service. An “Internet protocol address” or “IP address” is a number that is automatically assigned to your computer by your Internet access provider when you use the Internet. In some cases your IP address stays the same from browser session to browser session; but if you use a consumer internet access provider, your IP address probably varies from session to session. We track IP addresses solely in conjunction with session cookies to analyze our web page flow. “Cookies” are small pieces of information that a web site sends to your computer’s hard drive while you are viewing a web site. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them). More information is detailed in our Cookie Notice section.
Our Relationship with Social Networking Sites and Third-Parties
We have created and may offer you interfaces that allow you to connect with social networking websites such as Facebook and Twitter(“SN Sites”) through our Site. We will work with the SN Site’s application protocol interface (better known as their developer API) in a way that allows you to authorize us to access your account on that SN Site on your behalf. In order to provide this authorization, you will not provide us with your user ID or password to the SN Site, but you will need to log-in to that SN Site directly through our Site. Once authorized by you, the SN Site will provide us a token that allows the SN Site to recognize us when we ask, on your behalf, for access to your account information or to post information. You will be able to revoke our access to any SN Site at any time by amending the appropriate settings from within your account settings on the applicable SN Site, though such revocation may limit the Services we are able to provide you.
In addition to accessing your SN Site accounts through developer APIs, we may also offer interfaces that allow Clients to connect with APIs for SN Sites as well as other third-party data providers in a manner that allows a Client to retrieve data from such third parties for inclusion in a Client’s App, for example Facebook or Yahoo! Maps (collectively, “Third Party Data Providers”). We may connect Apps to such APIs using the token method discussed above or we may require that a Client provide us the applicable API key, user name, password or other method of authentication (the “Third Party API Access Protocols”). The Third-Party API Access Protocols will be disclosed and used in the same manner as Personal Information, with the understanding that they will not be used to market any products or services.
Information Use
Personal Information and End-User Information
Synegys collects and uses your personal information to give you high quality customer service, to provide you with convenient access to our products and services, and to make you aware of the latest offerings from Synegys.
We will use Personal Information, including End User Information to:
- Administer Accounts;
- Process your payments, provide the Services and customer support;
- Tailor the features of the Site or Services to you;
- Respond to requests, resolve disputes and/or troubleshoot problems;
- Market our Services and products to our Users and those of third parties we believe may be of interest to our Users, including through the serving of targeted advertisements, though we will not disclose your Personal Information in doing so. For example, we allow advertisers to choose the characteristics of Users who will see their advertisements and we may use any of the non-personally identifiable attributes we have collected to select the appropriate audience for those advertisements. For example, if you tend to view and automobile-related content, we might use that interest to show you ads for automobiles (and to tell ad networks to serve those ads), but we do not tell any automobile maker who you are, though the dealer or manufacturer may learn that you possess certain characteristics based on the fact that you received the advertisement. We may do this on the site, in the Apps and on other websites on the internet.
- Market services and products to your End Users, in a manner similar to the method used for Users described above, but only if you choose to add advertising capabilities to your App;
- Improve the quality of the Site and the Services;
- Verify your compliance with your obligations in our Terms of Use and/or other agreements you may have executed with us;
- Communicate with Users about the Site and the Services, and
- Showcase the Personal Information you include in your Profile, if you elect to create one, to other Users.
- We also use Personal Information to contact you and provide you with information that may be useful or interesting to you, including newsletters regarding changes and upgrades to the Services as well as promotional e-mails, and to allow certain other entities to do the same. By using the Site, you agree to receive this information from us and certain other entities. If you do not want to receive these communications, you can always opt out of communications by following the instructions provides in the email or by emailing us at office@synegys.com. We may, however, send certain administrative emails which pertain to the Site and Services on a regular basis that you may not opt-out of.
- We may also use Personal Information to create Anonymous Information records by excluding information that makes the information personally identifiable.
We take appropriate technical and organizational measures to guard against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. While no computer system is completely secure, we believe the measures implemented by our site reduce the likelihood of security problems to a level appropriate to the type of data involved.
Anonymous Information
Generally, we use Anonymous Information in statistical analysis to help us analyze patterns in the use of our Services. We may, through our use of cookies, keep you logged into the Site during each session. We may also use Anonymous Information to improve our internal operations, surveys and software, and customize the content and layout of the Site and/or Service. We may also, with your consent, combine Anonymous Information with your Personal Information. We reserve the right to use Anonymous Information without restriction.
Disclosure of Information
Certain portions of our Web site contain links to third-party Web sites to provide you with information relating to our business and associated activities. Once you have left the Synegys site via these links, Synegys is no longer responsible for the content and/or privacy policies of the respective sites.
While it probably goes without saying, just to avoid any possible confusion, we go out of our way to say that End User Information is provided by Clients of Synegys and we use and disclose the End User Information as provided in this Privacy Policy. Clients have a right to access, use and disclose the End User Information collected by the Clients’ App in conformance with the privacy statement displayed in the applicable App. Synegys is not responsible for the Clients’ privacy statement or the Client’s compliance with its privacy statement.
We may disclose certain Personal Information, including End User Information:
- To third party vendors who help us provide the Services or the Site, including vendors that process payments, or who provide or market additional goods and services, in which case we will require such vendors to use such information in accordance with their privacy policies posted on their websites;
- To third parties to whom you ask us to send Personal Information, including where a Client chooses to integrate a third party’s services or content into an App;
- To other Users, if you create a public Profile;
- To a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), in the event we have such Affiliates in the future, in which case we will require our Affiliates to honor this Privacy Policy;
- To a company that merges with us, acquires us, or purchases our assets, in which case such company may continue to process your Personal Information as set forth in this Privacy Policy; or If we believe in good faith that such disclosure is necessary to (a) resolve disputes, investigate problems, or enforce our Terms of Use; (b) comply with relevant laws or to respond to requests from law enforcement or other government officials relating to investigations or alleged illegal activity, in which case we can (and you authorize us to) disclose Personal Information without subpoenas or warrants served on us; or (c) protect and defend our rights or property or the rights and property of you or third parties.
We reserve the right to disclose Anonymous Information publicly without restriction, including to third party vendors who may help us enhance or provide the Site or Services or to third parties.
Information Disclosed to Third Parties
This Privacy Policy addresses our use and disclosure of information we collect from and/or about you on the Site and through our Services. You understand that when you use the Site or Services, certain information you post or provide through the Site, such as your name, photographs, and comments, may be shared with other users and posted on publicly available portions of the Site or the Service. Please keep in mind that if you choose to disclose Personal Information when posting comments or other information or content through the Site, this information may become publicly available and may be collected and used by others, including other Users and third parties. We will not have any obligations with respect to any information that you post to parts of the Site available to others, and recommend that you use caution when giving out information to others in public forums online or otherwise. We may also share the information you publish with other third parties.
In addition, the use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable. The Site may contain links to third party websites, services or content that are not owned or controlled by us, but may be integrated into your Apps. When you click on such a link, you will either leave our Site and go to another site, or you will be asked to agree to such third party’s terms and privacy policy before integrating such third party’s content or services into your App. If you leave our Site, another entity may collect Personal Information or Anonymous Information from you. We have no control over, do not review and are not responsible for the privacy policies of or content displayed by such third parties. Please review the privacy policy of any new website you visit.
Updating and Controlling your Information
If you have an Account with us, you may update certain of your Personal Information on our Site. You may also email us at office@synegys.com. If users choose to deactivate their account, we will retain in our files some personal information requested to remove to prevent fraud, resolve disputes, troubleshoot problems, enforce our Services Agreement, respect opt-out preferences, and comply with legal requirements as permitted by law. When we delete Personal Information, it will be deleted from the active database, but may remain in our archives and we may also retain Anonymous Information about your use of our Services. Once we disclose some of your Personal Information to third parties, we cannot access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures.
Security
Synegys account information is password-protected for privacy and security. Synegys safeguards the security of the data provided to us with physical, electronic, and managerial procedures. In certain areas of our websites, Synegys uses industry-standard SSL-encryption to enhance the security of sensitive data transmissions. While we strive and make excellent efforts to protect personal information, we cannot ensure all elements of security, so we urge users to take every precaution to protect personal data while on the Internet. We encourage users to change passwords often, use a combination of letters and numbers, password protect devices, and use a secure browser.
Clinical Research and Healthcare Clients: HIPAA & Participant Privacy
While the mobile text messaging channel is not HIPAA compliant in certain scenarios, Synegys makes continuous efforts to maintain the privacy and data security of sensitive client and patient information, including:
- Informed Consent: Covered Entities and Business Associates who use the platform should warn the participant that the risk of unauthorized disclosure exists (encouraging the participant to properly secure their device is also good practice) and the participant´s consent should be obtained to communicate by text. Both the warning and the consent must be documented.
- Unique Users and Identification: Each user identity is assigned a unique name and/or number for identification, logging and tracking.
- Authentication: Authentication is used via unique, password protected account login access through SSL encryption technology. Only dedicated support staff have access to client data, provided only to approved client administrators, as needed.
- Encryption: The Synegys mComply system has encryption and decryption mechanics to protect electronic Patient Health Information (ePHI) where applicable. SSL encryption technology, protects all components of the Synegys dashboard accessible by account users.
- Automatic Logging Out: The Synegys mComply system will log out users after a short time of inactivity.
- Transmission Security: Technical measures have been implemented from authentication and SSL encryption. Only Developers employed by Synegys have direct access to the Synegys platform code base and databases. Our Production and Backup systems are in geo-diverse locations for added protection and redundancy.
- Multiple Organizations: ePHI is not accessible by Synegys partners or subcontractors unless otherwise authorized for the sole purpose of efficient communication transmissions.
- Response and Reporting Procedures: The company maintains a step by step reporting procedure to identify, document, respond and prevent security incidents. We have a specific data breach policy to effectively address personal data security breaches.
- Contingency Plans: ePHI and other sensitive data have accessible backups in geo-diverse locations, including procedures to recover data from Synegys’ hosting company.
- Privacy and Security Officers: The company’s co-founders are our privacy and security officers.
- Risk Management Evaluations: Privacy sensitivity training, activity logging, risk management procedures for code implementation, data and account management are reviewed once a year by Synegys’ chief officers to ensure maximum risk reduction.
Changes to this Policy
The Synegys Privacy Policy is subject to change at any time. Please review the privacy policy regularly for any changes.
Contact
If you have any questions or concerns about our Privacy Policy, please contact us at office@synegys.com.
Effective July 14, 2006.
Last updated: September 22, 2022