AdvaHealth Solutions Pte. Ltd. (hereafter, “we,” “us,” “our,” or “AHS”) has developed AdvaPACS, a software-as-a-service application (the “Application”) which hospitals, clinics, and other healthcare providers may use to provide PACS (Picture Archiving and Communications System) for storing, indexing, and retrieving medical imaging. In connection with access and use of the Application by our customers, their clinicians, registered patients, and/or authorized proxy of a registered patient, certain personal information, such as those of a customer’s registered patient or their authorized proxy, will be collected and processed by us.

If you have or will be accessing and using the Application, including under the AdvaPACS Clinician Portal and AdvaPACS Patient Portal (hereafter “Account”), this Data Protection Notice (“Notice”) explains how we handle personal information when you access and use the Application, your rights and choices, and how you can contact us about our data protection practices.

Who are we?

We are a company based in the United States.

We are the provider of the Application which is intended for use by our customers, and access by our customers’ clinicians, registered patients, or those acting on their behalf. This means that in most cases:

  • We are collecting and processing personal information on our customer’s behalf as a data processor / data intermediary.
  • Our customer is the controller of the personal information we process and how we use it.

What information do we collect?

Information of our users

In most cases, we collect and process information that you provide to us. These include:

  • Information about an individual: Some information includes but is not limited to the following:
    • Name of the Individual;
    • Social Security Number, passport, or other identification number;
    • Phone Number;
    • Residential Address;
    • Email Address;
    • Image data; and
    • Any other information relating to any individual which you have provided us in any forms (including in the form of biometric data).
  • Business contact information: Information that you provide when you register for and/or add users under an Account. Such information includes:
    • Business Name;
    • Email Address;
    • Phone Number;
    • Business Address; and
    • Tax Number.
  • Payment information: Such as your billing address.
  • Marketing preferences.
Information of patients

We collect and process certain personal information about patients (“Patient Information”) on our customers’ behalf and only when provided and instructed by our customers. Patient Information includes the following:

  • Patient demographic information;
  • Clinical scans and medical images;
  • Diagnostic reports;
  • DICOM files (the worldwide standard for medical imaging and communication) that you upload to the Application; and
  • Other types of files (text, PDF, etc.) that you upload where the Application allows it.
Information that we collect automatically

When you use or interact with the Application, we automatically collect or receive certain non-personally identifiable information through our system and other technologies (e.g., cookies) about your use of the Application. Such information includes:

  • Device data: Information about your computer or other device used to access the Application, such as your IP address, device type, and browser type.
  • Log files: Requests for diagnostic and auditing purposes, which may contain information about what was accessed and from which IP addresses.
  • Location data: Relating to your device.
  • Cookies: We currently only use functional cookies which are necessary for the Application to work properly. If you delete the functional cookies, the Application may not work properly.

Where do we store your information?

Patient Information: When you register for an Account as a customer, you will be asked to select the region where you want your Account to be located (e.g., Hong Kong, Singapore, Australia, the United Kingdom, or Europe). Your Patient Information will be stored on cloud servers in the selected region. Where applicable, you are responsible as a customer for ensuring that your Patient Information may be stored in the selected region and complying with any laws and regulations regarding your Patient Information.

All other information: All other information that we receive, such as user information and payment information, may be stored on servers outside of the selected region, but these will never contain any Patient Information.

How do we use your information?

We use and process the personal information that we collect for the following purposes:

  • Providing the Application and its tools and services.
  • Administering your Account and use of the Application.
  • Communicating with you about the Application, such as sending service and other notifications.
  • Performing our obligations and enforcing our Terms of Service and other policies.
  • Developing and improving the Application.
  • Sending marketing communications if you have opted to receive them.
  • For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and features, and identifying usage trends.
  • Complying with our legal obligations under applicable laws.

You are under no obligation to provide personal information to us. However, if you choose to withhold the requested personal information, you may not be able to use certain aspects of the Application.

Who do we share information with?

We may share personal information with:

  • Our affiliates and third-party service providers who assist us in providing the Application and perform functions on our behalf.
  • Parties involved in a transaction involving the purchase, sale, lease, merger, or any other acquisition, disposal, or financing of our business.
  • Other parties if required by law or if we believe disclosure is necessary to prevent fraud or crime or to protect the application or safety of any person.
  • Any other person provided you have given consent to the disclosure.

International data transfers

Patient Information is stored and processed in the customer’s selected region (please see Section 3 of this Notice). Patient Information will never be transferred out of the selected region.

Depending on your location, all other information which you provide to us may be stored and processed in a country other than where you are located. These countries may have data protection laws different from your own. Regardless of location, we will take measures to ensure that:

  • All transfers of personal information comply with applicable data protection laws.
  • Your personal information will be protected to the standard required under applicable data protection laws.

How long do we keep your information?

We will process and store your information (including any Patient Information) for no longer than necessary. Please refer to our Terms of Use for more information on this point.

Security

We take the security of the personal information which you provide to us seriously. To safeguard personal information against unauthorized access, collection, use, disclosure, or modification, we have implemented robust administrative, physical, and technical measures. In addition, all Patient Information is encrypted at rest and in transit.

While we make every effort to ensure our system is as secure as possible, no electronic transmission or storage technology is 100 percent secure. The security of the Application and your Account also depends on you. You must ensure that users under your Account:

  • Take steps to secure your computer and other devices.
  • Make full use of all tools we provide to secure your Account, such as two-factor authentication and IP restrictions.
  • Use secure passwords and maintain their confidentiality.

Third party sites

The Application may contain links to platforms and sites operated by third parties with different data protection policies. We encourage you to read the policies of these platforms. We have no control over personal information submitted through these third-party sites.

Your rights and choices

You may access, review, change, and/or delete personal information associated with your use of the Application by signing into the respective portals and editing your information.

You may opt out of receiving marketing communications by using the unsubscribe link provided in the communication. However, we may still send service-related notifications from which you may not unsubscribe, though you may adjust some settings within your Account.

If you have any questions about your rights and choices, please contact us at compliance@advapacs.com. We take each request seriously and will comply to the extent required by applicable law. If you have not received a satisfactory response, you may consult with the data protection authority in your country.

Changes to this Notice

We reserve the right to modify this Notice at any time to reflect changes in the Application, applicable laws, or other reasonable grounds. The current version applies each time you access the Application.

If we make material changes to this Notice or how we use personal information, we will post a prominent notice and notify you via email. We encourage you to review this Notice periodically.

Contacting Us

If you have any questions or comments on this Notice, please email our data protection officer at compliance@advapacs.com.