Privacy Policy
Welcome to Ping`s Privacy Policy, which explains how we collect, store, protect and share your personal information and with whom we share it. While you use the Ping Cares APP and our services, we collect some information about you. Data protection is of a particularly high priority for Ping and the processing of your personal information when using our iOS and Android mobile application (hereinafter “APP”) is always done in accordance with Illinois` Personal Information Protection Act (PIPA), the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).
Responsible for processing
Ping Cares is operated by Ping Corporation of 965 W Chicago Ave, Chicago, IL 60642, USA (hereinafter referred to as "we" or "Ping"). You can e-mail us using info@pingcares.com or call (773) 899-5645
Relevant legal basis
In accordance with the PIPA and the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:
-
consent, insofar as you have consented to the processing,
-
contract, insofar as the processing is necessary for the fulfillment of a contract or pre-contractual measures,
-
legal obligation, insofar as the processing is necessary for the fulfillment of a legal obligation incumbent upon us, and/or
-
legitimate interest, insofar as the processing is footed on our legitimate interest.
Security measures
We take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal information into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
However, you must understand that no web site or Internet transmission is completely secure. Therefore, we can never guarantee that unauthorized access, hacking, data loss and other incidents can be completely excluded.
Rights of data subjects Illinois Specific Rights If you are an Illinois resident, you have the following rights:
You have the right to:
-
request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell;
-
request that we delete personal information that we collect from you, subject to applicable legal exceptions;
-
“opt out” of the “sale” of your “personal information” to “third parties”;
In addition, Illinois residents who provide personal information to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to opt-out, please contact us.
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information. If applicable, you can choose whether you want this sharing or not. Remember, we don’t sell data that directly identifies you unless we have your explicit permission, no matter what choice you make. To make your choices, please contact us.
GDPR Specific Rights If you are a European Union Citizen, you have the following rights:
• You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.
• You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
• In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand restriction of the processing of the data.
• You have the right to obtain the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.
• You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
• You have the right to revoke any consent you have given in accordance with Art. 7 (3) of the GDPR with effect for the future.
• You may object to the future processing of data relating to you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Data Subject Access Request
For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options: Ask you Privacy Policy to confirm your identity, or ask you for more information about your request, and were permitted by law, refuse your request. (However, in this case we will explain the reasons for the refusal).
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
Where we store your data
The Personal Information that we collect may be transferred to, and stored at, the Servers of Amazon Web Services (AWS) of 410 Terry Avenue North Seattle, WA 98109 United States. We will take all steps reasonably necessary to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy.
Installation of our APP
Our APP can be downloaded from the APP stores "Google Play Store" and "Apple App Store". Downloading our APP may require prior registration with the respective APP store and installation of the APP store software.
APP installation via the Google Play Store You can use the Google service "Google Play", to install our APP. As far as we are aware, Google collects and processes the following data; • License check, • network access, • network connection, • WLAN connections, • location information, It cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal information Google processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Google as the operator of the Google Play Store. You can find more detailed information in Google's privacy policy, which you can access here: https://policies.google.com/privacy. APP installation via the Apple App Store You can use the Apple service "App Store" a service of Apple Inc, to install our app. As far as we are aware, Apple collects and processes the following data; • device identifiers, • IP addresses, • location information, It cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which personal information Apple processes with your registration and the provision of downloads in the respective app store and app store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store. You can find more detailed information in Apple's privacy policy, which you can access here: https://www.apple.com/legal/privacy/.
Registration data When you install the Ping Cares APP and create an account we will collect and store the data you enter during registration (e.g., your name, phone number and e-mail address) exclusively for precontractual services, for the fulfillment of the contract or for the purpose of customer care. When you contact us If you contact us, we will receive your email address and may store your IP address and the information you give us so that we can process your request. We store correspondence with you for 6 years after your account is deleted. Information processing when entering into services provided by us Personal information will continue to be collected and processed if you provide it to us for the performance of a contract. We store and use the information provided by you for the purpose of processing the contract. After complete execution of the contract, your information will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to a further use of your information or a legally permitted further use of information was reserved by our side, about which we inform you accordingly below. Administration, financial accounting, office organization, contact management We process information in the context of administrative tasks as well as organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In this regard, we process the same information that we process in the course of providing our contractual services. The deletion of information with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities. In this context, we disclose or transfer information to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers. Furthermore, based on our business interests, we store information on suppliers, event organizers and other business partners, e.g., for the purpose of contacting them at a later date. This information, most of which is company-related, is generally stored permanently. Push messages When using the Ping Cares APP, you will receive so-called push messages from us, even if you are not currently using the Ping Cares APP. These are messages that we send you as part of the performance of the contract, but also service and usage related information. You can adjust or stop receiving push messages at any time via the device settings of your device. How we share information Our goal is to help you connect with people. User information is, of course, mainly shared with other users with your consent. We also share some user information with service providers and partners who help us operate the Services, and in some cases with legal authorities. • We use third parties to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer support, payment processing, and security measures. • We may also share information with partners who distribute our services and assist us with advertising. For example, we may share limited information about you in hashed, non-human readable form with advertising partners. • We follow a rigorous vetting process before engaging a service provider or working with a partner. All our service providers and partners should commit to strict confidentiality. Privacy Policy • We may transfer your information if we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control. • We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person. • We may also disclose information: (i) if disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users, business partners or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, suspected fraud or other misconduct. • We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information. Uninstall You can stop the collection of information by the Ping Cares APP by uninstalling it using the standard uninstall procedure for your device. When you uninstall the app from your mobile device, the unique identifier associated with your device will still be stored. If you reinstall the Ping Cares APP on the same mobile device, we may again associate that identifier with your previous transactions and activities. Storage period Unless a more specific retention period is stated within this privacy policy, we will retain your personal information until the purpose for processing it no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal information (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.
Data Breaches/Notification Databases or data sets that include Personal information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered. Authorizations and Access We may request access or permission to certain functions from your mobile device (Media library: microphone, speaker, contacts, and Push notifications). The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can your permissions at any time via Settings (iOS) or Settings Menu (Android). Updating your information If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so within your user account or contact us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. Also, we may not Privacy Policy be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore. Obligation to provide personal information You are not obliged to provide us with personal information. However, depending on the individual case, the provision of certain personal information may be necessary for the provision of the above services. If you do not provide us with this personal information, we may not be able to provide the service. HIPPA In addition, Ping takes all reasonable steps to keep the use or disclosure of protected health information to an absolute minimum in order to provide the promised services to its customers. Ping works hard so that its products and services meet or exceed industry standards with respect to the U.S. Health Insurance Portability and Accountability Act ("HIPAA") of 1996.
The Health Insurance Portability and Accountability Act (HIPAA) establishes two important rules for in connection with the use of the Ping Cares APP: the security provision and the privacy provision, which are established under a general HIPAA category called the Administrative Simplification Act. Both provisions affect the transmission, storage, and management of patient information. In the security provision: the HIPAA security provision became effective on April 21, 2003. Its purpose is to protect confidential medical information. The security provision establishes guidelines to facilitate the storage, maintenance, and transmission of protected health information in a "secure electronic environment". This includes administrative procedures and physical safeguards, as well as technical measures to control and monitor access to protected health information and prevent unauthorized access to data during transmission. Privacy Rule: HIPAA's privacy rule addresses the use and disclosure of protected health information and became effective April 14, 2001. It required all practices to comply with the Privacy Rule as of April 14, 2003. The Privacy Rule requires to make reasonable efforts to limit the use and disclosure of such protected health information by staff to the "minimum necessary" to perform their jobs. Companies are further expected to limit the likelihood of "inadvertent disclosure" to individuals for whom there is no reasonable need to know as a matter of law. In addition, practices must maintain a log of disclosures of certain protected health information that is not directly related to the patient's care. Products and Services Ping’s Ping Cares APP and services are designed with specific features to comply with HIPAA regulations. Ping uses a relational database that employs a secured login process. This means users must have specific access rights, such as to edit or add data, or are denied access to certain data. When a user adds or changes data in the database, a record is created indicating the change. The revision log created in this way can be reviewed by authorized administrators. Customer Support Ping's support staff assists customers in using the Ping Cares APP in a HIPAA-compliant environment. All remote access by Ping support staff to personal information is secured via a fully encrypted protocol. Business partner HIPAA requires Companies to enter into specific "business associate" contracts with certain entities to which they disclose health information. These business associate contracts generally require the recipients of such information to take appropriate precautions to protect the health information they receive. To perform certain service and support tasks, Ping employees may need access to health information maintained by Ping customers. As a result, Ping may be considered a business associate ("Business Associate") of the customers who receive these services. Ping is providing a new Business Associate standard contract for its customers that meets HIPAA requirements. Ping's new Business Associate Agreement provides general assurances to customers that the company will use the health information they submit only to provide services and support and will protect that data against misuse. HIPPA Policy To implement these requirements for business associates and to protect the confidentiality and integrity of health information received, the HIPPA Policy sets forth the following: • It provides that the Company will retrieve and use confidential health information provided by its customers only to the extent necessary to perform customer service and support. • It restricts access to such data to those employees and agents who provide specific service and support. • It prohibits the disclosure of health information provided by customers to anyone who is not an employee or agent of the Company, unless specifically authorized by Ping and by the customer and/or patient, as appropriate. • It requires all Company employees and agents to report any use or disclosure of health information in violation of Ping's HIPPA Policy. • It provides that Ping will investigate all reports that health information has been used in a manner not permitted by Ping's HIPPA Policy and will impose appropriate sanctions on conduct prohibited by the policy. • It specifies that Ping employees who may come into contact with health information receive training on Ping's privacy and security policy and the importance of protecting the confidentiality and security of health information. • It provides for transferring health information provided by customers in a secured manner so that the integrity, confidentiality and availability of the data is protected. FTC's Security by Design Guidelines In addition to complying with HIPAA security recommendations, Ping adheres to the FTC's Security by Design Guidelines: • Data security is carefully assessed for each component of the Ping platform • Data is encrypted both in transit and at rest when communicating between the application, our servers and health care providers • Ping uses two-factor authentication for system administrators, platform operators and employees accessing our cloud servers • Ping is protected against common vulnerabilities • Our team keeps up to date with new vulnerabilities and keeps the software updated accordingly Network Protection Ping servers and supporting systems are protected from hackers and network intrusion by firewalls and other leading security measures. Controlled Employee Access Certain Ping staff and system administrators may need to access the Ping platform to provide operational / administrative support. Access rights are strictly controlled, and access is granted only to those who need it to support the Ping platform and its users. All Ping employees and subcontractors are required to sign confidentiality agreements. Access to the system is granted only after validation of the user's identification data, assigned role and system permissions.
Encryption
Encryption provides users with a secure way to exchange information with websites through their web browsers by (scrambling) the information as it is transmitted. This makes it unusable for anyone who does not have a protected decryption key to (decrypt) the information. Ping provides encryption for user interactions through Secure Socket Layer (SSL) technology with a robust 256-bit encryption key. Ping also uses industry-proven encryption standards, TLS) when health information is transmitted into or out of Ping. Physical Security The Ping server and supporting systems are physically secured and protected in world-class data centers. Access to the physical systems is carefully controlled through security measures at multiple levels of authentication requirements (e.g., user keys, biometrics), security guard and registration checkin requirements, and state-of-the-art security monitoring and alert systems. Access tracking and disclosure In accordance with HIPAA standards, Ping logs relevant details each time health information is viewed, edited, or exported to ensure system integrity. Changes This policy and our commitment to protecting the privacy of your personal information can result in changes to this policy. Please regularly review this policy to keep up to date with any changes. Queries and Complaints Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.