Privacy Policy
- Introduction and Scope
This Privacy Policy applies to all personal and health information collected by BioWound Solutions LLC (“BioWound”, “we”, “us”, “our”) through our website, products, and services. It governs the collection, use, and disclosure of information from users (“you”, “your”) globally, with particular attention to compliance with laws in the United States, European Union, and Canada.
- Definitions and Key Terms
- Personal Health Information (PHI): Information about an individual’s health status, healthcare services, or payment for healthcare.
- Personal Data: Information relating to an identified or identifiable individual.
- Sensitive Data: Special categories of data that require higher protection, such as health conditions or genetic data.
- Data Processing: Any operation performed on personal data, whether or not by automated means.
- HIPAA Compliance (U.S)
We adhere to the Health Insurance Portability and Accountability Act (HIPAA) standards for protecting sensitive PHI. We ensure patient rights are maintained as per HIPAA, including the right to access and request amendments to their PHI.
- GDPR Compliance (EU)
In alignment with the General Data Protection Regulation (GDPR), we commit to principles like lawfulness, fairness, transparency, purpose limitation, data minimization, and ensuring data accuracy and security.
- PIPEDA Compliance (Canada)
Our practices are consistent with the Personal Information Protection and Electronic Documents Act (PIPEDA), following principles such as accountability, consent, limiting collection, and ensuring data accuracy and safeguards.
- Personal Health Information Collection and Use
We collect PHI such as medical history, test results, and treatment information for purposes like providing healthcare services and processing payments. We ensure that data collection and use are lawful, ethical, and in accordance with relevant privacy laws.
- Consent and Choice
We obtain consent for collecting, using, and disclosing your PHI. You have the choice to manage your preferences and consent, ensuring that your data is used in a manner consistent with your expectations and legal rights.
- Data Access and Portability
Under GDPR and other privacy laws, you have the right to access your personal data and request its transfer to another service provider in a structured, commonly used format.
- Data Accuracy and Quality
We take steps to ensure the accuracy and completeness of the data we collect. You have the right to request correction of your data if it is inaccurate or incomplete.
- Data Minimization and Purpose Limitation
We collect only the data necessary for the identified purposes and ensure that it’s not processed in a manner incompatible with these purposes, adhering to data minimization principles.
- Storage Limitation and Data Retention
Our data retention policies comply with GDPR’s storage limitation principle, ensuring data is not kept longer than necessary and is securely disposed of when no longer needed.
- Data Security and Protection
We implement rigorous security measures, including encryption and access controls, to protect your data against unauthorized access, alteration, and loss.
- Incident Response and Data Breach Management
In case of a data breach, we have established incident response procedures to promptly address and mitigate any potential harm, including notifying affected individuals and relevant authorities.
- Third-Party Data Processors and Sharing
We maintain strict control over third-party data processors and sharing of personal health information. Legally binding agreements are in place with third parties to ensure they adhere to our privacy standards and comply with applicable laws.
- International Data Transfers
We ensure that international data transfers comply with GDPR and other relevant laws, using mechanisms like standard contractual clauses or obtaining explicit consent for transferring data outside the European Economic Area (EEA).
- Anonymization and Pseudonymization
We employ anonymization and pseudonymization techniques to protect patient privacy, balancing the need for data utility in research with minimizing re-identification risks.
- Training and Education
Regular training and education programs for healthcare staff on GDPR, HIPAA, and other privacy regulations are in place to ensure compliance and protect patient privacy.
- Rights of Individuals
We respect and uphold patients’ rights under GDPR and other privacy laws, including the right to be informed, access, rectification, erasure, restriction of processing, data portability, and the right to object.
- Handling Individual Rights Requests
Processes are established to facilitate patients’ requests for access, rectification, and erasure of their data, ensuring timely and secure handling of such requests.
- Risk Assessment and Management
We conduct regular risk assessments and audits to identify potential vulnerabilities in data handling and storage, implementing necessary measures to mitigate identified risks.
- Policy Updates and Changes
Our Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, or advances in privacy protection technologies. We will communicate any significant changes to you through our website or via direct communication. We encourage you to review this policy regularly to stay informed about how we are protecting your information. By continuing to use our services after these changes are posted, you agree to the revised policy.
- Complaints and Contact Information
If you have any concerns or complaints about our handling of your personal health information, or if you believe your privacy rights have been violated, you can contact us using the details provided on our website. We take all complaints seriously and will investigate them promptly and thoroughly, ensuring confidentiality throughout the process. Additionally, we provide a designated contact person responsible for addressing privacy matters, ensuring accountability and transparency in our privacy practices.
- Legal and Regulatory Compliance Monitoring
We actively monitor legal and regulatory developments in privacy and data protection to ensure our practices remain compliant with current laws. This includes adapting our policies and procedures in response to new legislation or guidance from regulatory authorities. Our commitment to legal compliance reflects our dedication to maintaining the highest standards of privacy and data protection.
- Conclusion and Affirmation
In conclusion, BioWound Solutions LLC is dedicated to protecting the privacy and security of our users’ personal and health information. This Privacy Policy affirms our commitment to upholding the highest standards of data protection, respecting users’ rights, and ensuring transparency and accountability in our data handling practices. Your trust is important to us, and we are committed to continuously improving our privacy and data protection measures.