Our Commitment to You
Axit Health is Personal Health Record (PHR) platform as well as an Organizational Health Management System, both hereinafter referred to as “The Platform”. AX-IT LLC is the parent company and The Developer (“The Developer”) of Axit Health.
Collection of Information
We may collect the following kinds of information when you use the Axit Health Services:
Information you provide directly to us. For certain activities, such as when you register, use our telemedicine services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:
- Contact information, such as your full name, email address, mobile phone number, and address;
- Username and password;
- Payment information, such as your credit card number, expiration date, and credit card security code;
- Personal health information, including information about your diagnosis, previous treatments, general health, health insurance and information which you have stored in other connected health applications on your mobile device or watch; and
- Any other information you provide to us.
We may combine such information with information we already have about you.
Information we collect automatically. We may collect certain information automatically when you use our Axit Health Services, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the Axit Health Services, the date and time of your visit, information about the links you click and pages you view within the Axit Health Services, and other standard server log information. We may also collect certain location information when you use our Axit Health Services, such as your computer’s IP address, your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.
We may also collect technical data to address and fix technical problems and improve our Axit Health Services, including the memory state of your device when a system or app crash occurs while using our Axit Health Services. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using the Axit Health Services, you are consenting to the collection of this technical data.
Information we obtain from your health care providers, organizations and other sources. In connection with your treatment, we may collect medical records from your past, current, and future health care providers. This may include, but not limited to, information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, medical histories, medications, allergies, any family history of illness, and records about phone calls, emails or any sort of communication related to your illness.
Some of our users, including the Providers, are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the 21st Century Cures Act, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), Ley Federal de Protección de Datos Personales en Posesión de los Particulares, applicable Norma Oficial Mexicana (NOM) related to health care and electronic health records, and the regulations adopted thereunder (collectively “Regulatory Policies”). When we store, process, share or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of the Provider who has entered a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, Axit Health is prohibited from using individually identifiable health information in a manner that the Provider itself may not. Axit Health is required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such Providers. Axit Health is subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA in the United States and Ley Federal de Protección de Datos Personales en Posesión de los Particulares in Mexico, and any of the Regulatory Policies, when it operates as a business associate of a healthcare provider.
We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the Axit Health Services to login to the Axit Health Services or to share information about your experience on the Axit Health Services with others, we may collect information from these third-party services.
Legal Basis (GDPR EU/UK)
For personal information that is subject to the General Data Protection Regulation (GDPR), we rely on the following legal bases for collecting and using your personal information:
- Your consent
- Our legitimate interests (which are not overridden by your privacy rights), such as operating our business, understanding and improving our Services, direct marketing related to our Services, communicating with our Providers and users about our Services, events or related resources, improving our websites and protecting our legal rights and interests.
You may withdraw your consent at any time from Axit Health PHR and/or stop sharing information with any of our Providers. Where we are using your personal information for our legitimate interests, you have the right to object to that use. See below under Your Rights for how to withdraw consent or object.
If you have chosen to share your information with any of our Providers, please contact that Provider if you have any questions about the legal basis for collecting and using your personal information. Our Providers may have a different legal basis for collecting and using a patient’s personal information, such as providing health care or treatments as a regulated healthcare professional.
You as a Patient
Patient Data. Providers use The Platform to collect personal information from their patients/users and create patient/user records. These records may include a person’s name, address, health insurance and billing information, medical charts, appointment history and other patient data (“Patient Data”). If you are a patient, Patient Data is collected from you when you visit your Provider. When you set up an account on the Axit Health mobile app and you choose to share that information to the Provider, you are providing the information directly to the Provider.
Provider’s Role. Providers retain sole control over Patient Data that they collect or enter and may be referred to as a “health information custodian”, a “covered entity” or a “controller” of such information depending on their location and the privacy laws applicable to them. The Provider may choose to make this information available to you, the Patient/User, on your PHR. Providers determine the following for their custody:
- What Patient Data to collect;
- How the Provider will use the Patient Data;
- Who has access to Patient Data;
- How long the Provider will store Patient Data; and
- On what basis the Provider may delete Patient Data.
Providers are responsible for complying with laws and regulations governing the use of Patient Data, and for determining the legal basis for such use.
Axit Health’s Role. Axit Health is the Owner of the data stored in the PHR as well as a service provider to Providers and may be referred to as a “business associate” of the Provider, or the Provider a third-party organization that has contracted with Axit Health. We store Data in our secure data centers and make it available to Users and Providers through The Platform.
If you upload images to the website you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded Content from Other Websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Use of Information
We generally use the information we collect online to:
- Provide and improve the Axit Health Services;
- Contact you;
- Fulfill your requests for products, services, and information;
- Send you information about additional clinical services or general wellness from us or on behalf of our Providers, affiliates and trusted third-party partners;
- Analyze the use of the Axit Health Services and user data to understand and improve the Axit Health Services;
- Customize the content you see when you use the Axit Health Services;
- Conduct research using your information, which may be subject to your separate written authorization;
- Prevent potentially prohibited or illegal activities and otherwise in accordance with our Terms of Service (which can be found at https://axithealth.com/terms/); and
- For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
We may use the information collected through the Axit Health Services to investigate potential or suspected threats to the Axit Health Services or to the confidentiality, integrity or availability of the information Axit Health stores and maintains.
By using the Axit Health Services you agree to receive texts, phone calls, notifications, and/or emails from us at the phone numbers and email addresses you provided to us for informational and customer service-related purposes.
Additionally, we may send an email to the email address you provide us in order to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance. We may also send you marketing emails if you request more information about our products and services. Emails are often transactional or relationship messages, such as appointment requests, reminders and cancellations and other notifications. Axit Health may not offer you the option of opting out of receiving some of these messages although Axit Health may allow you to modify how often you receive such messages. If you opt-in to receiving marketing announcements from Axit Health, we will allow you to opt-out of receiving those announcements.
Electronic Notices. By using the Axit Health Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Axit Health Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Axit Health Services or sending a text, notification or email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please contact us.
We may anonymize and aggregate any data collected through the Axit Health Services, and use it for business purposes, including specific market trends and market research. For example, we may use such data for evaluating and profiling the performance of the Axit Health Services, including analyzing usage trends and patterns and measuring the effectiveness of content, features, or services.
Sharing of Information
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
- Healthcare providers, insurance companies, and other healthcare-related entities. We may share your information with other health care providers, laboratories, government agencies, insurance companies, organ procurement organizations, medical examiners or funeral directors, and other entities or individuals relevant to providing you with treatment options and support.
- Authorized third-party, organizations, vendors and service providers. We may share your information with third-party organizations, vendors and service providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct-mail, mobile marketing, optimization and retargeting), performance monitoring, hosting, and data processing. These third-party, organizations, vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
- Research partners. We may share your information with our research partners to conduct health-related research; such sharing may be subject to your separate written authorization.
- Corporate affiliates. We may share your information with our corporate affiliates that are subject to this policy.
- Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- Legal purposes. We may disclose information to respond to subpoenas, warrants, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of Axit Health and AX-IT LLC, our affiliates, users, or the public. If we are legally compelled to disclose information about you to a third-party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
- With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
If you access third-party services, such as Facebook, Google, or Twitter, through the Axit Health Services to login to the Axit Health Services or to share information about your experience on the Axit Health Services with others, these third-party services may be able to collect information about you, including information about your activity on the Site, and they may notify your connections on the third-party services about your use of the website, in accordance with their own privacy policies.
We protect your personal information, including Patient Data stored in The Platform, by:
- Using industry standard security controls such as encryption and an SSL (Secured Sockets Layers) certificate to ensure information is transmitted over a secured connection between your browser and our web server.
- Using state-of-the-art data centres with appropriate security and compliance certifications, such SOC 2 and EU-US Privacy Shield that are HIPAA compliant.
- Having our personnel sign strict confidentiality agreements to ensure they understand the confidential nature of the data we process, and only accessing your account when you request assistance from us.
- Requiring password protection of your user account with a password set by you. We cannot access or identify your password. The only way to recover a password is for you to initiate a reset via our recover password functionality on the website or mobile app.
We use reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we take steps to ensure security on our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
If Axit Health learns of a security system’s breach, Axit Health maintains an incident response policy that includes notifications consistent with applicable law.
By using the Axit Health Services or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this website.
You may opt out of receiving general health and wellness or treatment options that may be relevant to you by emailing us at firstname.lastname@example.org. You may also request that we delete your personal information by sending us an email at email@example.com.
You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Axit Health Services may no longer be available to you.
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.
Third-Party Advertising, Links and Content
Some third parties collect information about users of our Axit Health Services to provide interest-based advertising on our Axit Health Services and elsewhere, including across browsers and devices. These third parties may use the information they collect on our Axit Health Services to make predictions about your interests in order to provide you ads (from us and other companies) across the internet. Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving ads that are tailored based on your online activities. Due to differences between using apps and websites on mobile devices, you may need to take additional steps to disable targeted ad technologies in mobile apps. Many mobile devices allow you to opt out of targeted advertising for mobile apps using the settings within the mobile app or your mobile device. For more information, please check your mobile settings. You also may uninstall our apps using the standard uninstall process available on your mobile device or app marketplace.
To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our Axit Health Services may be degraded.
Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
Third-Party Browser Extensions. Extensions are small software programs, developed by third parties, that can modify and enhance the functionality of your browser. Extensions may have privileges, including the ability to read, record and/or modify your private data, including PHI. These extensions are installed by individual users into the browser on their computers and are utilized at users’ own risk. Further, such extensions are not affiliated with The Developer and The Developer does not have visibility into which extensions any user may use. The Developer assumes no risk of loss of data or breach of such data due to your use of browser extensions.
Prior to using the Axit Health Services, if you have one (or more) of these extensions enabled in your browsers, The Developer recommends completely removing all of these extensions immediately as disabling the extensions may not be sufficient to protect your PHI. We recommend that you only access the Axit Health Services from supported browsers that have all plugins and extensions removed.
Further, installing any third-party software on your operating system may also subject you to the same risks as using browser extensions. The Developer has no liability to you due to damages caused by any third-party software, including, without limitations, browser extensions.
We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Axit Health Services.
Without limiting the above, the axithealth.com website and Axit Health mobile app do allow persons above the age of 18 years—such as Providers, parents and guardians—to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility over the submission, use and transmission of such information.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
As an Axit Health Services User, you have the opportunity to disassociate yourself or stop sharing information with any and all Providers that you have chosen to share information with. When you stop sharing information with any organization, it means that any information you update on The Platform will no longer appear in that organization’s records and whatever information you shared prior to that would remain static. It is your responsibility to contact that organization and refer to their own privacy policies on retention or deletion.
If you have an account on The Platform, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Additionally, Users may exercise certain rights regarding their Data and how it is processed by the Owner. They include:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated and corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing. Where Personal Data is processed for the public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to the processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights. Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
151 Calle de San Francisco Ste 200
San Juan, PR 00901
Effective Date: July 7, 2020