Collection, Use and Security of Personal Information
A. AH Collection of Personal Information
1. AH will collect Personal Information on an individual only if the individual provides the information to AH. AH also may collect information about a person who has been referred to the website to send them emails regarding AH's efforts or a person to whom AH has been asked to send emails regarding AH's programs or efforts. If a person purchases products provided by AH, then AH may collect sensitive Personal Information such as the purchaser's credit card number, card type, expiration date and keep a record of the financial transaction.
AH may collect Aggregate and Transactional Information and add to its database every time a person visits an AH Web Site. Also, AH collects Aggregate Information for research purposes.
2. Types of information: "Personal Information" is "Demographic Information" and/or "Transactional Information" which identifies a specific individual with a minimal degree of effort. Demographic Information includes name, address, city and other similar information. Medical Information includes Blood Glucose readings and history, Blood Pressure readings and history, Pulse readings and history and Weight readings and history. Transactional Information is data collected on an individual based on the individuals' interactions with AH, which may include sensitive information such as credit card information and Medical Information. Aggregate Information is information presented in summary or statistical form which does not contain data that would permit the identification of a specific individual without extraordinary effort.
B. AH Use of Personal Information
1. When an individual provides Personal Information to AH, AH may use the Personal Information for its programs and research.
2. AH uses Transactional Information for research purposes for the development or implementation of its programs, products and services. The presumption is that, since Transactional Information is highly proprietary, it will not be disclosed to third parties.
3. AH will disclose all information as required by law.
4. AH will make every effort to discontinue the use of an individual's Personal Information as soon as practicable if requested by that individual. AH may need to retain Information in its archives and records to comply with law, resolve disputes, analyze problems, assist with any investigations, enforce AH's User Agreement and other policies, and take other actions otherwise permitted or required by law.
C. Specific Requirements
a. AH will take reasonable and appropriate measures to keep Personal Information confidential and in a secure environment, including taking appropriate action in the event of unauthorized disclosure.
b. Access to Personal Information will be restricted to only those personnel with a legitimate business purpose.
c. AH owns all Personal Information provided to it by individuals and collected in accordance with this Policy. When an individual provides Medical Information to AH, AH will ensure that the individual acknowledges their assignment of the right to use the data to AH.
2. Scientific Research
Any research funded by AH that involves human subjects (e.g., information collected on individuals) must be endorsed by the sponsoring institution's committee on clinical investigation or other appropriate body, and conform ethically to the guidelines prescribed by the National Institutes of Health, which includes obtaining informed consent from each individual.
3. Third Party Disclosure
Permission is required before AH discloses Personal Information to a third party. No permission is necessary for Aggregate Information, since Aggregate Information does not identify a specific individual.
a. For disclosure of Medical Information, Informed Consent is required before AH discloses Medical Information to a third party. Informed Consent occurs when an individual has sufficient facts about the disclosure, comprehends those facts, and voluntarily consents to the disclosure. Where a third party such as the employer or healthcare provider of an individual requires the individual to participate in an AH program which collects Medical Information, AH will require the employer or healthcare provider to procure Informed Consent before AH will release Medical Information to that employer or healthcare provider.
b. From time to time, there is a benefit in allowing a third party to use collected Personal Information on individuals. However, unless an individual gives permission, AH will not disclose Personal Information collected by AH to any third party. AH sometimes engages third parties to provide certain operational services to AH or on its behalf. AH may disclose Personal Information to those third parties on a "need to know" basis under a written contract.
c. AH uses and allows third parties to use Aggregate Information for research purposes for the development or implementation of its programs, products and service
Our network is composed of access controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests. When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as AH itself provides. Additionally, we conduct security awareness training for our staff and volunteers.
While AH uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats.
A cookie is a small text file stored on a user's computer by a web browser. Cookies are used by web sites to authenticate users, to store user site preferences, to capture the contents of a shopping cart, for tracking a user's session, and/or for storing other essential textual information.
Review or request removal of your information
You may review or request removal of your personal information by providing us your name, address and e-mail address to one of the following:
- e-mailing Ambio Health at firstname.lastname@example.org
- calling us at (or)
- writing us at Soundview Plaza- Suite 700R, 1266E Main Street, Stamford, CT 06902