Privacy Notice HealthSuite Digital Platform 

Last updated: June 15, 2018 

Philips Electronics Nederland B.V., Boschdijk 525, 5621JG, Eindhoven, the Netherlands (“Philips”), wants you to be familiar with how we collect, use and disclose information. You are encouraged to read the Philips Global Privacy Notice, which applies to the personal data of individuals that is collected or used by Philips or its affiliates or subsidiaries.

 

This Privacy Notice describes our practices in connection with information that we collect when you register for an account with HealthSuite Digital Platform (HSDP) and use Services through websites operated by us from which you are accessing this Privacy Notice (the “Websites”), through the software APIs made available by us for use on or through computers and mobile devices (the “APIs”), as well as through HTML-formatted email messages that we send to you that link to this Privacy Notice (collectively, including the Websites and the APIs, the “Initiative”).

 

Interactions with applications hosted on HealthSuite Digital Platform will be governed by applications' respective Privacy notices. These applications will have their own Privacy Notices. It is suggested that the users of these applications read and familiarize the content of the respective applications Privacy Notice.


What Personal Data are collected?

 

 

Personal Data” are information that identify you as an individual or relate to an identifiable individual, including:

• Name;

• Address;

• Telephone number;

• Email address;

• Picture (optional);

• Gender;

• Birthdate; and

• If you decided to create a HSDP Account with your social media account, we may receive the social media profile details which you choose to share with us.

 

We may need to collect and process these types of Personal Data in order to allow you to participate in the Initiative, or because we are legally required to do so. If you do not provide the information that we request, you may not be able to participate in the Initiative.

 

How are Personal Data collected?

 

We and our service providers may collect Personal Data in a variety of ways, including:

 

Through the Initiative: We may collect Personal Data through the Initiative, e.g., when you sign up for an account, or for a newsletter. HealthSuite Digital Platform collects and stores content that you create, input, submit, post, upload, transmit, or store in the process of using our services. Such content may include any personal or other sensitive information provided when using our services, such as personal health information. HSDP collects other data that you may submit to our Services or us directly, such as when you request customer support or communicate with us via email or other electronic methods; and

From other sources: We may receive your Personal Data from other sources, for example if you elect to connect your social media account to your website account, certain Personal Data from your social media account will be shared with us, which may include Personal Data that are part of your profile or your friends’ profiles. This is publicly accessible. HealthSuite Digital Platform also collects information regarding your use of our services, including web logs and analytics information. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, name of Internet service provider, URLs of referring / exit pages, operating system name and version, date and time stamp, information you search for, locale and language preferences, name of your mobile carrier, and system configuration.

 

If you disclose any Personal Data about other people to us or to our service providers in connection with the Initiative, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

 

What is the purpose of the collection of Personal Data?

 

We and our service providers may use Personal Data for our legitimate business interests, including the following:

 

• To fulfill Service obligations under a contract you are a party to;

• To conduct scientific research related to the Initiative;

• To respond to your inquiries and fulfill your requests and provide you with related customer service;

• To send administrative information to you, such as changes to our terms, conditions and policies, as well as marketing communications that we believe may be of interest;

• To allow you to participate in sweepstakes, contests and similar promotions and to administer these activities, some of which may have additional rules containing information about how we use and disclose your Personal Data;

• To personalize your experience in the Initiative, and to facilitate social sharing functionality; and

• process non-personally identifying information for other business purposes, including research, data analytics, product and service development.

 

With whom are Personal Data shared?

 

We may disclose your Personal Data:

 

• To other Philips entities, business partners or third party application providers in the course of delivering our Services, for the purposes described in this Privacy Notice;

• On message boards, chat, profile pages and blogs and other areas where you post information and content. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public;

• To our third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provisions, customer service, email delivery, auditing and other services;

• To third parties, to permit them to send you marketing communications, consistent with your choices;

• To third-party sponsors of sweepstakes, contests and similar promotions; and

• By connecting your Initiative account and your social media account, you authorize us to share information with your social media account provider, and you understand that the use of the information we share will be governed by the social media provider’s privacy policy.

 

Other uses and disclosures

 

We may also use and disclose your Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, which may include laws outside your country of residence, to respond to requests from public and government authorities, which may include authorities outside your country of residence, to cooperate with law enforcement or for other legal reasons; (b) to enforce our terms and conditions; and (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

 

Certain information about you may be de-identified and aggregated with information about other individuals, which may be shared with third parties without restriction for the purpose of data analytics, population health management or future product development.

 

In addition, we may use, disclose or transfer your information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

 

Security

 

HealthSuite Digital Platform HSDP maintains an Information Security Management System (ISMS) foundation which is based on an ISO 27001 and 27018 standards which can be easily mapped to many other standards and regulations including NIST 800‐53, and HIPAA. ISO 27018 certification as a means to demonstrate EU GDPR compliance. ISO 27018 assists in meeting compliance by providing a common compliance framework for public cloud service providers, in particular those that operate in a multinational market. HSDP is committed to a third‐party assessed code of practice that enables global operations by focusing on protection of personal data in the cloud.

 

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “How can you contact us?” section below.

 

Cloud

 

Philips may store your personal data in a cloud. This means that your personal data may be processed on behalf of Philips by a cloud service provider and could be stored in different locations around the world. Philips makes use of organizational and contractual measures to protect your personal data and to impose similar, but in no way less restrictive, requirements on our cloud services providers, including requirements that your personal data be processed exclusively for the purposes mentioned above.

 

What are my rights?

 

If you would like to submit a request to review, correct, update, suppress, restrict, object or delete Personal Data that you have previously provided to us, or if you would like to submit a request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us at privacy@philips.com. We will respond to your request consistent with applicable law.

 

In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database, or otherwise let us know what limitations you would like to put on our use of your Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

 

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Data provided until after the completion of such purchase or promotion). There may also be residual information that will remain within our databases and other records, which will not be removed.

 

While HealthSuite Digital Platform is not generally targeted at children under the age of 13, it is Philips policy to comply with the law when it requires parent or guardian permission before collecting, using or disclosing personal data of children. If you are under 13 and a registered user of the Initiative, you may ask us to remove content or information that you have posted to the Initiative by writing to privacy@philips.com. If a parent or guardian becomes aware that his or her child who is under the age of 13 has provided us with his or her personal data, please contact us at privacy@philips.com.

 

Local specific information: Your California Privacy Rights

 

California Civil Code Section 1798.83 permits our customers who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please send an e-mail to privacy@philips.com

 

How long will the Personal Data be kept?

 

We will retain your Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you to participate in the Initiative; (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

 

Use of the Initiative by minors

 

The Initiative is not directed to individuals under the age of thirteen (13), and we do not knowingly collect Personal Data from individuals under 13.

 

Jurisdiction and cross-border transfer

 

The Initiative is controlled and operated by us from the Netherlands and is not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the Netherlands. Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Initiative you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.

 

If you are located in the EEA, your Personal Data may be transferred to our affiliates or service providers in non-EEA countries that are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as our Binding Corporate Rules for Customer, Supplier and Business Partner Data and/or standard contractual clauses adopted by the European Commission to protect your Personal Data. You may obtain a copy of these measures by following the link above or contacting privacy@philips.com.

 

Sensitive Personal Data

 

We ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Initiative or otherwise to us.

 

Updates to this Privacy Notice

 

We may change this Privacy Notice. The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Initiative. Your use of the Initiative following these changes means that you accept the revised Privacy Notice.

 

How can you contact us?

 

If you have any questions about this Privacy Notice or about the way Philips uses your Personal Data, please contact our Data Protection Officer at privacy@philips.com. Alternatively, you have the right to lodge a complaint with a supervisory authority competent for your country or region.