Privacy Policy
Introduction
At NOCTEM™, we take data protection seriously.
The safety of data collected from clients, providers, or end-users( collectively “you” or “system users”) is of paramount importance to us.
Please note that some of the information collected via NOCTEM apps and provider portals (collectively, the “NOCTEM systems”) may be regarded as protected health information under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or other protected information under privacy laws in certain jurisdictions. NOCTEM seeks to comply fully with laws and related regulations.
Notes about this privacy policy
This Privacy Policy strives to provide system users who use NOCTEM digital tools with clear and transparent information about what we use and protect private information shared with us via those digital tools.
This Privacy Policy may be updated from time to time. We will not make substantial changes without prior notice. You can determine when this Privacy Policy was last revised by referring to the date at the top of this page.
Our contact information
NOCTEM Health
218 Oakland Avenue
Pittsburgh PA 15213
Email: support@noctemhealth.com
What personal data do NOCTEM tools collect from clients and end-users who use NOCTEM’s tools?
We may collect some or all of the following personal and technical information from system users:
E-mail address
Origin of registration
Occupation
Gender
Age
Height and weight
Phone number
IP address
User ID (randomly generated)
Metadata regarding the use of the apps and portals
Daily self-reports of sleep and wake behaviors
This information is used to produce evaluation data regarding the usability, adoption, sustainability, and impact of NOCTEM’s digital tools.
Where are data derived from?
Some of the data will be directly provided by you upon your registration for using NOCTEM’s systems.
Technical data may be collected automatically by the tracking functions of NOCTEM’s cloud-based portal.
Why do we collect and use these data?
We collect data to make sure the features and functions of our offerings meet the needs of system users for valid and effective support clinical decision-support tools in behavioral sleep interventions. For this, we may process information regarding the use of NOCTEM’s tools. Whenever possible, we will do this using only aggregated, non-personally identifiable data.
Data provided by system users may be used:
(i) for providing personalized sleep recommendations and easy-to-review summary data from the morning and sleep logs
(ii) to enable us to communicate with providers
(iii) to enable us to offer support in the use NOCTEM’s systems,
(iv) to comply with our contractual, legal, and regulatory obligations; or
(v) to generate aggregated – non-personally identifiable—data for analytics and trend detection to assist us in making improvements
NOCTEM will not ordinarily communicate with end users or otherwise intervene in relationships between providers and end users to whom they provide support.
Where is the data stored?
All of our servers are located and maintained within the United States, therefore NOCTEM stores and processes all users’ personal and technical data within the United States. Regardless of where users’ information is processed throughout our system, we apply the same protections described in this policy.
At NOCTEM, we will take steps to ensure that the users’ personal and technical data receive reasonable and appropriate levels of protection in the jurisdictions in which it is processed.
We provide adequate protection for the transfers of personal data to countries outside of the USA through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements. We also strive to comply with other legal frameworks relating to the transfer of data, such as the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Will NOCTEM share data with third parties?
No. We may only share data within NOCTEM’s company or future NOCTEM subsidiaries. Otherwise, we do not share identifiable data provided by system users with third parties outside of our organization unless necessary for the purposes outlined below.
NOCTEM may share data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of NOCTEM or our users in accordance with the law. Whenever possible, we will inform Users about such transfers and processing.
We may also share de-identified personal data with NOCTEM’s authorized service providers who perform services for us (including data storage, sales, marketing, and other support function services). Our agreements with our service providers include commitments that the service providers agree to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
Please bear in mind that if you provide personal data directly to a third party, such as through a link on our website, the processing is typically based on their policies and standards.
If NOCTEM is involved in a merger, acquisition, or asset sale, we may transfer personal and technical data to the third party involved. However, we will continue to ensure the confidentiality of all data. We use reasonable efforts to provide timely notice to all system users if personal data will be transferred or become subject to a different privacy.
If it becomes necessary to share personally identifiable data with third parties outside NOCTEM’s organization for reasons other than those specified above, we will seek your consent to do so in advance.
Is data identifiable?
We may aggregate and anonymize data collected via the NOCTEM portals and apps. Such data will be anonymous and cannot be connected to an individual user. Once data is anonymized, it will not be considered personal data subject to this Privacy Policy. We may use this type of anonymous data for analytics, statistics, research, communications, or PR purposes as well as for trend detection and benchmark data.
How long does NOCTEM keep data?
NOCTEM will store aggregated and anonymized data indefinitely. Identifiable personal information will be kept for as long as you are an active user of the NOCTEM tools, and for up to 3 years thereafter.
You may request that your personally-identifiable data be deleted in writing, by contacting NOCTEM at the address provided above.
What rights do you have?
Under HIPAA, you have the right to access any personally identifiable health information (“PHI”) that we have collected or generated about you. Upon your request and within a reasonable time, we will inform you of the PHI collected or maintained on the NOCTEM systems.
You may terminate your use of the NOCTEM systems (and withdraw your consent for us to collect or use your PHI) at any time. Please note, if you are a client or provider who terminates your use of the NOCTEM systems while end users remain under your care, such termination (and withdrawal of consent) may limit or terminate access to the NOCTEM systems of both your and the end-user with who you are associated.
Under HIPAA, you also have the right to have the correct or complete personal data we have stored about you (if such information is incorrect or incomplete). Under HIPAA, you also have the right to receive your PHI from us in a structured and commonly used format and to independently transmit that data to a third party. You can obtain a correction or update of your personal data, or a record of your data, by contacting NOCTEM by secure email at support@noctemhealth.com.
How do I exercise these rights?
To exercise your rights, you can send a letter or a secure e-mail to NOCTEM at the physical and email addresses provided above. Please include the following information:
Full name
Address
E-mail address
Phone number
We may request the provision of additional information necessary to confirm your identity.
Does NOCTEM use data for direct marketing purposes?
We do not intend to use your data for the purpose of direct marketing. Should this change, we will ask for your explicit consent before such change is implemented.
What precautions are taken by NOCTEM regarding data safety and security?
We do our best to keep your data safe and secure.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. We regularly test our Service, systems, and other assets for security vulnerabilities.
We ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislation.
In accordance with HIPAA, should a security breach occur that is likely to materially affect your privacy in a negative way, we will inform you and relevant authorities as required by law and regulation.