APTITUDE HEALTH PRIVACY POLICY

Last Updated: 04/01/24

INTRODUCTION

This privacy policy applies to all services, products, websites, and other (automated) communication (hereinafter: “services”) provided by Aptitude Health, LLC (Atlanta, GA, United States), Aptitude Health BV (The Hague, the Netherlands), Aptitude Health UK Limited (London, United Kingdom) and Bamboo Medical Communications Limited (London, United Kingdom), together, “Aptitude Health”. Websites subject to this Privacy Policy are: aptitudehealth.com, aptitude-health.com, globalcanceracademies.com, globalleukemiaacademy.com, globalmmacademy.com, globallungcanceracademy.com, globalbreastcanceracademy.com, bamboo-medical.com, and any other websites or registration pages operated by Aptitude Health (“Websites”).

 

At Aptitude Health we value the people we work for and work with. This includes the use of personal data of individuals. As Aptitude Health has offices in the US, the EU and the UK, Aptitude Health has made its privacy policy compliant with the General Data Protection Regulation (GDPR) and UK GDPR standards.

 

In this privacy policy we explain what we do with your personal data. Please note that this privacy policy forms part of our Terms of Use

 

This policy applies to information we collect

  • On the Websites
  • In email, text, and other electronic messages between you and Aptitude Health
  • When you participate in any virtual or live meetings, conferences, or events organized or presented by us, or programs managed for our clients
  • Offline

 It does not apply to information collected by

  • Any third party, including but not limited to, any application or content (including advertising) that may link to or be accessible from or through the Websites

 Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. This policy may change periodically Your continued use of the Websites after changes are made is deemed acknowledgement of those changes, so please check the policy periodically for updates. The latest version is published on our Websites and takes effect from the day of publication.

 

DEFINITIONS

For a proper understanding of this privacy policy, some knowledge of legal definitions is helpful.

 

What are “personal data”?

Personal data refers to any information related to an identified or identifiable natural person. There are also special categories of personal data, which are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, genetic data, biometric data that may identify you as a unique person, and data concerning a person’s sex life or sexual orientation. All other data that may identify you as a natural person are generally referred to as personal data. In this privacy policy we use the general term “personal data” or “data,” unless otherwise specified.

 

What is “processing” of personal data?

Processing means any operation, whether or not automated, that is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, making available, combination, restriction, erasure, or destruction. In this privacy policy and for reasons of readability, we use the words “collect(ing),” “use/using,” and “process(ing)” to refer to the legal definition of processing.

 

What is a “data subject”?

A data subject is any living natural person whose personal data are processed. For reasons of readability, we use the words “person” and “you(r)” to indicate the data subject.

 

What is a “controller”?

A controller is the legal person who determines the purposes and means of the processing of personal data. In this privacy policy, that is us (hereinafter referred to as: “Aptitude Health” or “we/us/our”).

 

What is a “processor”?

A processor is a legal person who processes personal data on behalf of and at the instruction of the controller.

 

What does “GDPR” mean?

GDPR is General Data Protection Regulation, the European regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, adopted by the European Parliament and the European Council on April 27, 2016, and current as of May 25, 2018.

 

What is the “UK GDPR”?

UK GDPR is the GDPR as incorporated into United Kingdom law by operation of section 3 of the European Union (Withdrawal) Act 2018, and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.

 

COLLECTING PERSONAL DATA

 

What personal data do we collect?

Aptitude Health collects personal data directly from you or indirectly from third parties, such as our clients or third-party vendors.

 

Personal information you disclose to us

 

The personal data we collect are always and solely connected to you in your professional capacity. The data we collect include your name (first name, last name), gender, title, company and company address, email address, telephone numbers, degrees, professional specialties, special professional interests, billing data such as credit card numbers or bank account numbers, possible billing address, and personalized registration numbers for events. If you ask us to book a flight or a hotel, we also collect location data (travel data). If you are a faculty member who contributes to one of our services (symposia, meetings, etc), we assess whether there are relevant financial relationships that may influence the content of your contribution and/or our services. We sometimes ask faculty members to provide us with recent photographs to use in our promotional materials.

 

We do not collect special categories of personal data, except for—at your request—dietary information or special needs that may (or may not) relate to your health or religious beliefs.

 

Information automatically collected

 

We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.

 

Like many businesses, we also collect information through cookies and similar technologies. Please refer to our Cookies Policy for further information.

 

When do we collect personal data?

Your personal data are collected when you

  • Voluntarily provide to us when you express and interest in obtaining information about is or our products and services
  • Create an account on our Websites
  • Register (or are registered with your consent) for one of our events and/or other services
  • Subscribe to our newsletters
  • Contribute to symposia, publications, meetings, boards, presentations, or surveys, and/or you contact us or we contact you to do so
  • Are reimbursed for any contribution to our services
  • Ask us to provide extra services, such as booking flights or hotels
  • Engage with us on or through social media (by mentioning/tagging us or by contacting us directly)
  • Are included in a list of personal data from one of our clients and/or third-party vendors, to provide specific services
  • Confirm intent to participate as chair or faculty member in one of our programs

 

Do we collect data of patients?

No, we do not. If any patient data are inadvertently received, we delete or anonymize such data.

 

Do we collect data of children?

No, we do not. Our business is not targeted at children. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we delete that information. If you believe we may have any information from or about a child under 16, please contact us.

 

USE OF PERSONAL DATA

 

How do we make use of personal data?

We use the personal data that we collect to provide you with the information and services that you expect and/or request from us. This may be business intelligence, medical communications, medical publication, promotional, or any of the other services we may—now and in the future—provide. Some of these data are also used for the receipt of newsletters and emails, or changes to products and services, that inform you about our business activities.

 

Whenever you register for one of our events or other services, we use your personal data to meet our obligations to provide you with the information and services you ask for. Whenever this includes billing or reimbursement, we use the billing data you provide to exercise our financial rights and obligations.

 

Your personal data are also used for our internal business purposes, such as improving our services and communication, data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, enhancing our Websites, and monitoring the use of our Websites to ensure they are kept safe and secure (e.g. fraud monitoring and threat prevention). Data such as specialties, special interests, and degrees, combined with (general) data such as name and (email) address, are used for direct marketing purposes (see below).

 

We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information.

 

We rarely use special categories of personal data (see definition above). These are only used in the event that you respond to our questions concerning dietary requirements and/or special needs that may relate to your health and/or religious beliefs.

 

Is this use lawful?

Yes, it is. Pursuant to the GDPR and UK GDPR, there are various legal grounds for processing personal data. Insofar as is relevant, these are:

  • You have given us consent to use your personal data for specific purposes
  • We need the personal data for the performance of the contract (or entering into a contract) between you and us
  • There is a legal obligation to process the personal data
  • We, or a third party we work with, have a legitimate interest to process these data

 

In most cases, we have asked for your consent directly as a data controller, and may use third-party data processors. In other cases, your personal data are provided to us by a client (eg, the party that has asked us to organize an event or render other services) or by clients who may compile lists of professionals for whom our services may be of interest or in regard to client programs. In these 2 cases, Aptitude Health acts as processor rather than controller. On some occasions, it may be that the client and Aptitude Health jointly determine the purposes and means of the processing of personal data. In that case, Aptitude Health and the client are joint controllers (Article 26 GDPR or UK GDPR, as applicable). Please note in that case, this privacy policy is fully applicable. Whenever you as data subject wish to exercise one of your rights, please contact Aptitude Health, who is the designated contact point.

 

Since our core business is providing you with the knowledge, information, and other services you ask for, we need these data for performance of the agreement we have or will enter into. Without these data, access to our services, information, and knowledge is not possible.

 

Moreover, it may happen that we (need to) make use of these data to comply with a legal obligation to which Aptitude Health is subject, for example fiscal or medical (accreditation) legislation, court orders, or criminal charges.

 

Finally, we also rely on our legitimate interests as a basis on which to process personal  data, which include the interests of our clients. These legitimate interests are improving our services, our communication, and our website, and business development. Our legitimate interests involve profiling for direct marketing purposes. If you wish to opt out of our direct marketing activities, see below.

 

As for the processing of special categories of personal data (dietary requirements and/or special needs), this takes place only after you give your explicit consent. With that explicit consent, we have met the legal obligation for the processing of special categories of personal data.

 

SHARING PERSONAL DATA

Since Aptitude Health consists of several companies, all our group entities share personal data with other entities within the Aptitude Health group, to assist with the purposes set out in this privacy policy (see ‘Use of Personal Data’ above). All entities within the group collect and use the same data for the same purposes.

 

In order to provide our services to you, we acquire personal data from third parties periodically. To these categories of data, this privacy policy, as well as all security measures we take, are equally applicable. When we collect personal data for the provision of services to our clients, we sometimes transfer or sell the personal data we collect for the rendering of our services to these clients. Otherwise, we never sell your personal data to any third party with whom we do not work.

 

We always work with trusted service providers who help us to carry out our services, improve our work and our (online and offline) communication, and act as processors. Examples include payment processing, email delivery, report and publication delivery, hosting services, customer service, marketing efforts, audio visual services and other processors who assist Aptitude Health with facilitating live and virtual events. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data on our behalf about how you interact with our Website over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.

 

Since these service providers have skills and capabilities we may not have, it is in our and your interest that we collaborate with these third parties. These service providers are never allowed to process the personal data of Aptitude Health for (commercial or noncommercial) purposes other than the purposes previously defined by us.

 

Where appropriate, we share your personal data with third parties, such as local event organizers, agencies and hotels/hotel booking agencies, credit card companies, and banks, for the performance of contractual obligations.

 

If necessary, we also share personal data to meet legal obligations, such as combating fraud, adhering to medical law and accreditation regulations, and maintaining compliance with the EFPIA Code and Sunshine Act.

 

On our website you will find buttons for social media, such as Facebook, Twitter, and LinkedIn. When you use these features, these social media may collect your IP address and information about the pages you visit on our website, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our website. Please note that this privacy policy does not apply to these features. Your interactions with these features are governed by the privacy policies of the companies providing them.

 

DATA MINIMIZATION, ACCURACY, AND STORAGE LIMITATION

Aptitude Health complies with the principles of data minimization, accuracy, and storage limitation. In short, this means that we merely retain the personal data for as long as necessary, and that we clean our databases containing personal data periodically. Because we use personal data for different purposes, our retention periods may vary.

How long we keep your personal data varies and may depend on criteria that includes:

  • the date of your last interaction with us;
  • whether retention is necessary or advisable due to applicable statutes of limitations, litigation, or other legal, regulatory, accounting or reporting obligations; or
  • any relevant retention requirements under applicable laws or in agreements with you or others.

 

Along with our responsibility in this regard, you may at all times exercise your rights concerning the accuracy of the personal data we collect from you (see below).

 

SECURITY

We do our utmost to keep the security of your personal data up-to-date. This includes technical and organizational measures such as encryption techniques, login procedures, firewalls, and regular updates of our technical infrastructure.

 

As part of these measures, we ensure that access to personal data is restricted to employees who actually work with these data. An account with access to (part of) our systems is created for an employee only after authorization.

 

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Websites, you are responsible for keeping this password confidential. We ask you to not share your password with anyone.

 

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Websites. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Websites.

 

YOUR RIGHTS AS DATA SUBJECT

As data subject, you are entitled to be informed about what happens with your personal data. This means that you can exercise the following rights

  • The right to be informed about the way we process your personal data (as in this privacy policy)
  • The right to have access to the personal data we collect about you
  • The right to know the source when these data are not directly collected from you
  • The right to know with whom your data are shared by us
  • The right to have your personal data rectified when these are incomplete, out-of-date, incorrect, or otherwise inaccurate
  • The right to have your personal data erased (the “right to be forgotten”)
  • The right to have the use of your personal data restricted for a limited period of time
  • The right to have your personal data transferred to another service provider in a structured, commonly used and machine-readable format (the “right to data portability”)
  • The right to object to automated decision-making, including profiling (see below)

 

Whenever you wish to exercise one of the above-mentioned rights, please contact us. The information you request will be provided by us in a commonly used electronic form.

 

DIRECT MARKETING

You have the right to object at any time to the processing of your personal data for direct marketing purposes. Whenever you do, we will no longer use your data for direct marketing. However, this does not mean that we will no longer use these data for other specified, explicit, and legitimate purposes.

 

If you created an account on our Websites, you can simply amend your preferences or follow the “unsubscribe” links provided in our direct marketing emails and our other direct marketing communication. If you do not wish to see personalized marketing content, you can clear the cookies in your browser settings. See Cookie Policy.

 

If you have any difficulties or complaints regarding our direct marketing activities that cannot be solved in the above-mentioned way, please contact us.

 

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Aptitude Health operates in the United States, the European Union, the United Kingdom, and throughout the world. Personal information may be transferred, accessed, and stored globally as necessary for the uses stated above in accordance with this notice, and in compliance with local regulations.

 

Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA) and UK, some of which have not been determined by the European Commission or UK Government to have an adequate level of data protection, such as the United States. In respect of personal data subject to European and UK data protection laws, we take measures designed to provide the level of data protection required in the EU and UK, which includes ensuring that transfers are subject to appropriate safeguards, such as (i) Standard Contractual Clauses adopted by the European Commission (available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en), (ii) the UK International Data Transfer Addendum issued by the Information Commissioner’s Office (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/), or (iii) another adequate transfer mechanism.

 

When we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so, before any personal data are disclosed.

 

You may direct any inquiries or complaints related to our GDPR and UK GDPR compliance (including any requests for information on the appropriate safeguards used to transfer your personal data) here.

 

YOUR STATE PRIVACY RIGHTS

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

 

CCPA/CPRA Privacy Policy and Notice of Collection for California Residents

This Privacy Policy for California Residents supplements the information contained in Aptitude Health’s Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA), effective January 1, 2023, and any terms defined in the CCPA or the CPRA have the same meaning when used in this Policy. As of January 1, 2023, any terms defined in the CPRA will govern, to the extent they conflict with the CCPA.

 

This Policy does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors, or similar individuals (see California Employee Privacy Notice contained herein).

 

Where noted in this Policy, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.

 

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA’s scope, such as
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

 

In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

 

 

 

Category Examples Collected
A. Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, or other similar identifiers YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information

Some personal information included in this category may overlap with other categories

YES
C. Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information) NO
D. Commercial information Records of products or services purchased or obtained from us YES
E. Biometric information Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data NO
F. Internet or other similar network activity Browsing history on our websites, search history on our websites, information on a consumer’s interaction with our websites, application, or advertisement YES
G. Geolocation data Physical location or movements NO
H. Sensory data Audio, electronic, visual, thermal, olfactory, or similar information NO
I. Professional or employment-related information Current or past job history or performance evaluations YES
J. Nonpublic education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records NO
K. Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, abilities, and aptitudes YES

 

We obtain the categories of personal information listed above from the following categories of sources

  • Directly from you, eg, from forms you complete or products and services you purchase

 

Use of Personal Information

We may use or disclose the personal information we collect for one (1) or more of the following purposes

  • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns
  • To provide, support, personalize, and develop our Websites, emails, products, and services
  • To create, maintain, customize, and secure your account with us
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses
  • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law)
  • To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business
  • For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA or the CPRA
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users or clients is among the assets transferred

 

We do not collect additional categories of personal information or use the personal information we collect for materially different, unrelated, or incompatible purposes without providing you notice.

 

Sharing Personal Information

We may share your personal information by disclosing it to a third party for a business purpose. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Company has disclosed personal information for a business purpose to some of the categories of third parties indicated in the chart below.

 

We do not sell personal information. In the preceding twelve (12) months, Company has not sold the following categories of personal information to the categories of third parties indicated in the chart below. For more on your personal information sale rights, see Personal Information Sales Opt-Out and Opt-In Rights, herein.

 

 

 

 

 

 

Personal Information Category Category of Third-Party Recipients

 

Business Purpose Disclosures Sales
A: Identifiers ·         Service suppliers

·         Social media companies that use the information to identify which of our clients use their platform(s)

·         Other unaffiliated parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments

·         Information technology and security service suppliers

·         Lawyers, consultants, and others who provide professional services

None
B: California Customer Records personal information categories ·         Service suppliers

·         Other unaffiliated parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments

·         Information technology and security service suppliers

·         Lawyers, consultants, and others who provide professional services

None
C: Protected classification characteristics under California or federal law None None
D: Commercial information ·         Service suppliers as needed to complete the transactions

·         Information technology and security service suppliers

·         Other unaffiliated parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments

None
E: Biometric information None None
F: Internet or other similar network activity ·         Information technology and security providers, including companies such as network security services that retain information on malware threats detected

·         Other unaffiliated parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments

None
G: Geolocation data None None
H: Sensory data None None
I: Professional or employment-related information ·         Information technology and security providers, including companies such as network security services that retain information on malware threats detected

·         Other unaffiliated parties (including government agencies) as required by law, such as pursuant to legally binding subpoenas, court orders, and similar instruments

·         Clients

·         Other Axess Network members

None
J: Nonpublic education information None None
K: Inferences drawn from other personal information None None

 

Deidentified Patient Information

We do not sell deidentified patient information exempt from the CCPA to third parties.

 

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

 

Right to Know and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you

  • The categories of personal information we collected about you
  • The categories of sources for the personal information we collected about you
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom we share that personal information
  • If we sold or disclosed your personal information for a business purpose, two (2) separate lists disclosing
  • Sales, identifying the personal information categories that each category of recipient purchased; and
  • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
  • The specific pieces of personal information we collected about you (also called a data portability request)

 

We do not provide a right-to-know or data portability disclosure for B2B personal information.

 

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete, herein), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.

 

  1. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

 

  1. Debug products to identify and repair errors that impair existing intended functionality.

 

  1. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

 

  1. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq).

 

  1. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

 

  1. Enable solely internal uses that are reasonably aligned with consumer expectations on the basis of your relationship with us.

 

  1. Comply with a legal obligation.

 

  1. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

 

We do not provide these deletion rights for B2B personal information.

 

Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request to:

https://www.aptitudehealth.com/contact-us/

 

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.

 

You may only submit a request to know twice within a twelve (12)-month period. Your request to know or delete must

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include
  • Valid Government-Issued Identification
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it

 

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

 

You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account.

 

We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.

 

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the ten (10)-day time frame, please contact us at:

https://www.aptitudehealth.com/contact-us/

 

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another forty-five [45] days), we will inform you of the reason and extension period in writing.

 

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

 

Any disclosures we provide cover only the twelve (12)-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

 

Nondiscrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not

  • Deny you goods or services
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
  • Provide you a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

 

COMPLAINTS

If you have any complaints about our way of processing your personal data or if you wish to speak to us about our privacy policy, please contact us at https://www.aptitudehealth.com/contact-us/.

 

If you feel that we did not handle your complaints satisfactorily, you may apply to:

 

 

 

 

Changes to Our Privacy Policy

We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we post the updated notice on the Website and update the notice’s effective date. Your continued use of our Websites following the posting of changes constitutes your acceptance of such changes.

 

Contact Information

USA:
Aptitude Health
Attention: Chief Privacy Officer
5901-B Peachtree Dunwoody Road
Suite 415
Atlanta, GA 30328

 

Europe:
Laan van Nieuw Oost-Indië 133 F
25953 BM The Hague
the Netherlands

 

UK:
2 Kingdom Street
W2 6BD London
United Kingdom

 

aptitudehealth.com/contact-us

 

If you need to access this Policy in an alternative format to accommodate a disability, please contact us at aptitudehealth.com/contact-us.

 

CALIFORNIA EMPLOYEE PRIVACY NOTICE

The California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (CPRA), effective January 1, 2023, impose specific obligations on businesses processing personal information of California residents. Pursuant to the CCPA and the CPRA, Aptitude Health, LLC and Aptitude Health BV (“Aptitude Health,” “we,” or “us”) are required to provide employees who are California residents (“California Persons”) a notice, used at or before the point of collection of such personal information, that identifies the categories of personal information that may be collected and why Aptitude Health collects such information.

This California Employee Privacy Notice (“Notice”) is intended to provide California Persons with the CCPA- and CPRA-required notice.

 

Updates

This Notice is updated periodically to reflect changes in our business, legal, or regulatory obligations, so please check this Notice for changes by reviewing this Privacy Policy. Aptitude Health will not collect additional categories of your personal information or use your personal information already collected for additional purposes without providing you a notice of our intent to do so. Any changes to this Notice will be effective from the date they are communicated to you.

 

Definitions

“Personal information” has the meaning as defined in the CCPA, and includes information that is collected by Aptitude Health about you in the course of employment for employment-related purposes and encompasses any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you.

 

“Process,” “processed,” or “processing” means any operation or set of operations performed on personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal information.

 

“Employees,” “employee,” or “you” means an identified or identifiable natural person who is a California resident and who is acting as an Aptitude Health job applicant, employee, or contractor. In this context, “job applicant” refers to any person who has submitted their candidacy with Aptitude Health; “employee” refers to any person who is employed at Aptitude Health as a full- or part-time employee or temporary worker, and “contractor” means a natural person who provides any service to a business pursuant to a written contract.

 

Personal Information We Collect About You

Listed below are the categories of personal information that Aptitude Health may process about employees:

  1. Identifiers, including real name, alias, postal address, unique personal identifiers, email, account name, social security number, driver’s license number, passport number, or other similar identifiers. In this context, a “unique personal identifier” means a persistent identifier that can be used to recognize an employee, or a device that is linked to an employee, over time and across different services, including, but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, or similar technology; unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers.

 

  1. Characteristics of Protected Classifications Under California or Federal Law, including the following: race, skin color, national origin, religion (includes religious dress and grooming practices), sex/gender (includes pregnancy, childbirth, breastfeeding and/or related medical conditions), gender identity, gender expression, sexual orientation, marital status, medical condition (such as genetic characteristics, cancer, or a record or history of cancer), disability (such as mental and physical, including HIV/AIDS, or cancer), military or veteran status, request for family care leave, request for leave for an employee’s own serious health condition, request for pregnancy disability leave, and age.

 

  1. Internet or Other Electronic Network Activity Information, including browsing history, search history, application access location and information regarding an employee’s interaction with an internet website, application or advertisement, time and geolocation data related to use of an internet website, application or physical access to an Aptitude Health office location.

 

  1. Professional or Employment-Related Information, including job-related data, maintained as part of the employment relationship that is present in: a job application or résumé; an employment contract; a contractor agreement; a performance review; a disciplinary record; photos; payroll- and benefits-related data; internal and external contact information; or information captured from video, audio, systems, or other forms of monitoring or surveillance.

 

  1. Education Information, including information about an employee’s educational background, such as education records, report cards, and transcripts that is not publicly available.

 

Purposes for Collecting Your Personal Information

Aptitude Health collects the personal information identified above for the reasons listed below:

  1. To Recruit Employees, including to conduct employment related background screening and checks.

 

  1. To Administer Benefits, such as medical, dental, optical, commuter, and retirement benefits, including recording and processing eligibility of dependents, absence and leave monitoring, insurance and accident management, and provision of online total reward information and statements.

 

  1. To Pay and Reimburse for Expenses, including salary administration, payroll management, payment of expenses, to administer other compensation-related payments, including assigning amounts of bonus payments to individuals, administration of departmental bonus pools, and administration of stock option payments.

 

  1. To Conduct Performance-Related Reviews, including performance appraisals, career planning, skills monitoring, job moves, promotions, and staff restructuring.

 

  1. To Monitor Work-Related Licenses and Credentials, including provisioning software licenses for use in the course of an employee’s work-related responsibilities, ensuring compliance, training, examination, and other requirements are met with applicable regulatory bodies.

 

  1. To Provide Our Employees with Human Resources Management Services, including providing employee data maintenance and support services, administration of separation of employment, approvals and authorization procedures, administration and handling of employee claims, and travel administration.

 

  1. To Administer International Assignments, including relocation services, documenting assignment terms and conditions, obtaining relevant immigration documents, initiating vendor services, fulfilling home/host country tax administration and filing obligations, addressing health requirements, and populating the International Mobility global system.

 

  1. To Maintain Your Contact Information, including altering your details across relevant entities within Aptitude Health.

 

  1. To Assist You in Case of Emergency, including maintenance of contact details for you, and your dependents in case of personal or business emergency.

 

  1. To Monitor Eligibility to Work in the US, UK or the EU, which means monitoring and ensuring compliance of employees’ ability to work in the US, UK or EU.

 

  1. To Conduct Healthcare-Related Services, including conducting pre-employment and employment-related medical screenings for return-to-work processes and medical case management needs; determining medical suitability for particular tasks; identifying health needs of employees to plan and provide appropriate services, including operation of sickness policies and procedures; and providing guidance on fitness for travel and fitness for expatriation.

 

  1. To Facilitate Better Working Environment, which includes conducting staff surveys, providing senior management information about other employees, and conducting training.

 

  1. To Ensure a Safe and Efficient Working Environment, which includes Aptitude Health actions relating to disciplinary actions, and code-of-conduct processes and investigations.

 

  1. To Maintain Security on Aptitude Health Websites and Internet-Connected Assets, which includes hosting and maintenance of computer systems and infrastructure; management of Aptitude Health’s software and hardware computer assets; systems testing, such as development of new systems and end-user testing of computer systems; training; and monitoring email and Internet access.

 

  1. To Comply With Applicable Law or Regulatory Requirements, such as legal (state and federal) and internal company reporting obligations, including headcount, management information, demographic and health, safety, security, and environmental reporting.

 

If you have any questions regarding this statement, please contact:

 

USA:

Aptitude Health

Attention: Chief Privacy Officer

5901-B Peachtree Dunwoody Road

Suite 415

Atlanta, GA 30328

 

aptitudehealth.com/contact-us