Last modified: August 7, 2020 (highlight most recent changes)
You are in control of your information
- You control who can access your personal health information. By default, you are the only user who can view and edit your information. If you choose to, you can share your information with others.
- You can completely delete your information at any time. Deletion will be initiated immediately, and your information will be purged from your account shortly thereafter. Additional backup copies of deleted information may persist for a short time. Ambra Health will not retain your information once deleted. Therefore you may want to print your information before deleting it.
- Ambra Health acknowledges that EU and Swiss individuals have the right to access the personal information/data that we maintain about them. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct a query to firstname.lastname@example.org. If requested to remove data, we will respond within a reasonable timeframe.
- Ambra Health is now working with FraudHL.com to support anonymous complaint reporting regarding fraud or ethics violations. These reports can be made via the web at www.fraudhl.com or by calling 1‐855‐FRAUD‐HL.
How Ambra Health® uses your information
- To store your information in Ambra Health, you will need an Ambra Health Account. When you create an Ambra Health Account, Ambra Health asks for your email address and a password, which is used to protect your account from unauthorized access. You can use an existing Ambra Health Account or create a new Ambra Health Account specifically for this purpose.
- Ambra Health's servers automatically record log information about your use of Ambra Health (such as number of sign-ins and number of times a link was clicked). This information is temporarily stored in association with your Ambra Health Account for two weeks, at which point it is aggregated with other data and is no longer associated with your account. The log information will be used to operate and improve the service and will not be correlated with your use of other Ambra Health services.
- Ambra Health periodically publishes trend statistics and associations (such as what is published in Ambra Health Trends). Ambra Health may use data from your Ambra Health Account as part of an aggregated data set when publishing these trends statistics and associations (e.g., Ambra Health has found that one gender uses some modalities more than the other gender). These aggregated data sets do not contain any personally identifiable information and cannot be linked to you.
- Certain features of Ambra Health can be used in conjunction with other Ambra Health products, and those features may share information to provide a better user experience and to improve the quality of our services.
- Types of Data Collected through the Ambra Health website:
Personal Information Collected
Personal information is information that identifies you as an individual. When you request information, subscribe to a mailing list, subscribe for a service, or respond to an online survey or otherwise contact us, we usually collect personal information such as your name, e-mail address(es), mailing address(es), and telephone numbers. We take your privacy and the quality of service we offer you very seriously. To ensure we provide the highest quality of service to our international visitors, we may forward your request for information and personal contact information to one of our regional partners. You opt into this sharing by filling out a form on our website; for example, by downloading an eBook or Requesting a Demo. To opt out of this sharing please email email@example.com with the same name and email address you used when you submitted our forms. You can also opt out of providing information by not entering it when asked and, if such information is required in order to allow us to respond to your inquiry, you will receive a notice advising you of this. If you do not provide us with some or all of the requested information we may not be able to provide services to you.
Other Information Collected
Sharing your information with people and services you trust
This section is specific to Ambra Health® products:
- If you share your information with others, you can view a list of who has access to your information and you can revoke sharing privileges at any time. When you revoke someone’s ability to read your health information, that party will no longer be able to read your information, but may have already seen or may retain a copy of the information.
- Some of these third-party service providers will be covered by federal and state health privacy laws (such as the Insurance Portability and Accountability Act, or “HIPAA”), and those laws will govern how they may use and share your information. HIPAA requires (as does Ambra Health) that you must authorize these providers to send information to your Ambra Health account. With that authorization, you also give them permission to send certain especially sensitive types of health information (such as mental health or substance abuse records) that are protected by federal and state laws and require special authorization. When you ask Ambra Health to send your health information to others, you will also be giving Ambra Health permission to send those sensitive types of health information.
- All entities or business associates covered by HIPAA are contractually required to comply with HIPAA's rules related to collection, use, and sharing of your information. All other third-party service providers are contractually required to abide by the Ambra Health Developer Policies, which require that they comply with strict privacy standards for how they collect, use, or share your information.
- Ambra Health’s accountability for personal data of EU and Swiss individuals that it receives under the Privacy Shield Framework and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Ambra Health remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Ambra Health proves that it is not responsible for the event giving rise to the damage.
EU General Data Protection Regulation (GDPR)
Ambra may use information provided from you as a user to send marketing and product information. This information is not sold to a third party and is based upon a previous legitimate interest in our products and services. You may revoke this right and have your data removed from these communication lists at any time by clicking the unsubscribe link in the communications or contacting the Ambra Customer Service Group at firstname.lastname@example.org
Your healthcare data will be stored in the Ambra Health system indefinitely, or until such time you request your data be removed or transferred to another system, or until your care provider terminates their account with Ambra.
Incorrect information in your records can be rectified through your care provider or contacting Ambra Health Customer Service.
Should you have additional questions, or would like more information on how your data is collected, stored, or processed, please contact our Data Protection Officer at the following address:
Attention: Data Protection Officer
199 Water Street, 34th Floor
New York, NY 10038
Additionally you may contact our European Union Representative at the following address:
Cimar UK Ltd
152 - 160 City Rd
London EC1V 2PD
+44 (0) 20 3904 0330
EU-US and Swiss Privacy Shield
Ambra Health complies with the EU-US Privacy Shield Framework (“Privacy Shield”) and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union member countries and Switzerland to the United States. Ambra Health has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability.
On July 16, 2020 the EU-US Privacy Shield was struck down by the European Court of Justice. The ruling does not stop data transfers between the EU and the US, as the court upheld the use of standard contractual clauses to allow specific consent for such transfers. Ambra Health rigorously maintains any and all data protection practices in place prior to July 16, 2020. In keeping with the US Department of Commerce Guidance published on the same day, Ambra Health continues to be a participant in the program and fully complies with Privacy Shield obligations.
The Ruling from the European Court of Justice does not impact the Swiss-US Privacy shield, with which Ambra Health continues to fully comply.
199 Water Street, 34th Floor
New York, NY 10038
Ambra Health has further committed to refer unresolved privacy complaints under the Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available to you before a Privacy Shield Panel as further explained in the Privacy Shield Principles in order to address residual complaints not resolved by any other means.
Ambra Health is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
If you have additional questions, please contact us any time. Or write to us at:Ambra Health
199 Water Street, 34th Floor
New York, NY 10038