Responsible for processing
Ping Cares is operated by Ping Corporation of 965 W Chicago Ave, Chicago, IL 60642, USA (hereinafter referred to as "we" or "Ping"). You can e-mail us using firstname.lastname@example.org or call (773) 899-5645
Relevant legal basis
In accordance with the PIPA and the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:
consent, insofar as you have consented to the processing,
contract, insofar as the processing is necessary for the fulfillment of a contract or pre-contractual measures,
legal obligation, insofar as the processing is necessary for the fulfillment of a legal obligation incumbent upon us, and/or
legitimate interest, insofar as the processing is footed on our legitimate interest.
We take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the level of threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal information into account in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
However, you must understand that no web site or Internet transmission is completely secure. Therefore, we can never guarantee that unauthorized access, hacking, data loss and other incidents can be completely excluded.
Rights of data subjects Illinois Specific Rights If you are an Illinois resident, you have the following rights:
You have the right to:
request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell;
request that we delete personal information that we collect from you, subject to applicable legal exceptions;
“opt out” of the “sale” of your “personal information” to “third parties”;
In addition, Illinois residents who provide personal information to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain the information about data we hold about you or to opt-out, please contact us.
Do Not Track
Do Not Track is a privacy preference you can set in most browsers. We support Do Not Track because we believe that you should have genuine control over how your info gets used and our site responds to Do Not Track requests.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address, banking information, or phone records. In fact, we do not even share that type of information except with service providers who can use the information solely to provide a service on our behalf, when a consumer directs us to share the information. If applicable, you can choose whether you want this sharing or not. Remember, we don’t sell data that directly identifies you unless we have your explicit permission, no matter what choice you make. To make your choices, please contact us.
GDPR Specific Rights If you are a European Union Citizen, you have the following rights:
• You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.
• You have according to. Article 16 of the GDPR, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be corrected.
• In accordance with Art. 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 of the GDPR, to demand restriction of the processing of the data.
• You have the right to obtain the data concerning you that you have provided to us in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers.
• You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
• You have the right to revoke any consent you have given in accordance with Art. 7 (3) of the GDPR with effect for the future.
• You may object to the future processing of data relating to you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against the processing for purposes of direct advertising.
Data Subject Access Request
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
Where we store your data
Installation of our APP
Our APP can be downloaded from the APP stores "Google Play Store" and "Apple App Store". Downloading our APP may require prior registration with the respective APP store and installation of the APP store software.
The Health Insurance Portability and Accountability Act (HIPAA) establishes two important rules for in connection with the use of the Ping Cares APP: the security provision and the privacy provision, which are established under a general HIPAA category called the Administrative Simplification Act. Both provisions affect the transmission, storage, and management of patient information. In the security provision: the HIPAA security provision became effective on April 21, 2003. Its purpose is to protect confidential medical information. The security provision establishes guidelines to facilitate the storage, maintenance, and transmission of protected health information in a "secure electronic environment". This includes administrative procedures and physical safeguards, as well as technical measures to control and monitor access to protected health information and prevent unauthorized access to data during transmission. Privacy Rule: HIPAA's privacy rule addresses the use and disclosure of protected health information and became effective April 14, 2001. It required all practices to comply with the Privacy Rule as of April 14, 2003. The Privacy Rule requires to make reasonable efforts to limit the use and disclosure of such protected health information by staff to the "minimum necessary" to perform their jobs. Companies are further expected to limit the likelihood of "inadvertent disclosure" to individuals for whom there is no reasonable need to know as a matter of law. In addition, practices must maintain a log of disclosures of certain protected health information that is not directly related to the patient's care. Products and Services Ping’s Ping Cares APP and services are designed with specific features to comply with HIPAA regulations. Ping uses a relational database that employs a secured login process. This means users must have specific access rights, such as to edit or add data, or are denied access to certain data. When a user adds or changes data in the database, a record is created indicating the change. The revision log created in this way can be reviewed by authorized administrators. Customer Support Ping's support staff assists customers in using the Ping Cares APP in a HIPAA-compliant environment. All remote access by Ping support staff to personal information is secured via a fully encrypted protocol. Business partner HIPAA requires Companies to enter into specific "business associate" contracts with certain entities to which they disclose health information. These business associate contracts generally require the recipients of such information to take appropriate precautions to protect the health information they receive. To perform certain service and support tasks, Ping employees may need access to health information maintained by Ping customers. As a result, Ping may be considered a business associate ("Business Associate") of the customers who receive these services. Ping is providing a new Business Associate standard contract for its customers that meets HIPAA requirements. Ping's new Business Associate Agreement provides general assurances to customers that the company will use the health information they submit only to provide services and support and will protect that data against misuse. HIPPA Policy To implement these requirements for business associates and to protect the confidentiality and integrity of health information received, the HIPPA Policy sets forth the following: • It provides that the Company will retrieve and use confidential health information provided by its customers only to the extent necessary to perform customer service and support. • It restricts access to such data to those employees and agents who provide specific service and support. • It prohibits the disclosure of health information provided by customers to anyone who is not an employee or agent of the Company, unless specifically authorized by Ping and by the customer and/or patient, as appropriate. • It requires all Company employees and agents to report any use or disclosure of health information in violation of Ping's HIPPA Policy. • It provides that Ping will investigate all reports that health information has been used in a manner not permitted by Ping's HIPPA Policy and will impose appropriate sanctions on conduct prohibited by the policy. • It specifies that Ping employees who may come into contact with health information receive training on Ping's privacy and security policy and the importance of protecting the confidentiality and security of health information. • It provides for transferring health information provided by customers in a secured manner so that the integrity, confidentiality and availability of the data is protected. FTC's Security by Design Guidelines In addition to complying with HIPAA security recommendations, Ping adheres to the FTC's Security by Design Guidelines: • Data security is carefully assessed for each component of the Ping platform • Data is encrypted both in transit and at rest when communicating between the application, our servers and health care providers • Ping uses two-factor authentication for system administrators, platform operators and employees accessing our cloud servers • Ping is protected against common vulnerabilities • Our team keeps up to date with new vulnerabilities and keeps the software updated accordingly Network Protection Ping servers and supporting systems are protected from hackers and network intrusion by firewalls and other leading security measures. Controlled Employee Access Certain Ping staff and system administrators may need to access the Ping platform to provide operational / administrative support. Access rights are strictly controlled, and access is granted only to those who need it to support the Ping platform and its users. All Ping employees and subcontractors are required to sign confidentiality agreements. Access to the system is granted only after validation of the user's identification data, assigned role and system permissions.
Encryption provides users with a secure way to exchange information with websites through their web browsers by (scrambling) the information as it is transmitted. This makes it unusable for anyone who does not have a protected decryption key to (decrypt) the information. Ping provides encryption for user interactions through Secure Socket Layer (SSL) technology with a robust 256-bit encryption key. Ping also uses industry-proven encryption standards, TLS) when health information is transmitted into or out of Ping. Physical Security The Ping server and supporting systems are physically secured and protected in world-class data centers. Access to the physical systems is carefully controlled through security measures at multiple levels of authentication requirements (e.g., user keys, biometrics), security guard and registration checkin requirements, and state-of-the-art security monitoring and alert systems. Access tracking and disclosure In accordance with HIPAA standards, Ping logs relevant details each time health information is viewed, edited, or exported to ensure system integrity. Changes This policy and our commitment to protecting the privacy of your personal information can result in changes to this policy. Please regularly review this policy to keep up to date with any changes. Queries and Complaints Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.