Date: 3 SEPT 2020
At NOCTEM™ LLC, we take data protection seriously.
The safety of data collected from clients, providers, or end-users( collectively “you” or “system users”) is of paramount importance to us.
Please note that some of the information collected via NOCTEM apps and provider portals (collectively, the “NOCTEM systems”) may be regarded as protected health information under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) or other protected information under privacy laws in certain jurisdictions. NOCTEM seeks to comply fully with laws and related regulations.
Our contact information
218 Oakland Avenue
Pittsburgh PA 15213
What personal data does NOCTEM tools collect from clients and end-users who use NOCTEM’s tools?
We may collect some of all of the following personal and technical information from system users:
This information is used to produce evaluation data regarding the usability, adoption, and sustainability and impact of NOCTEM’s digital tools.
Where are data derived from?
Some of the data will be directly provided by you upon your registration for using Noctem’s systems.
Technical data may be collected automatically by the tracking functions of Noctem’s cloud-based portal.
Why do we collect and use these data?
We collect data to make sure the features and functions of our offerings meet the needs of system users for valid and effective support clinical decision support tools in behavioral sleep interventions. For this, we may process information regarding the use of NOCTEM’s tools. Whenever possible, we will do this using only aggregated, non-personally identifiable data.
Data provided by system users may be used:
(i) for providing personalized sleep recommendations and easy-to-review summary data from the morning and sleep logs
(ii) to enable us to communicate with providers
(iii) to enable us to offer support in the use NOCTEM’s systems,
(iv) to comply with our contractual, legal, and regulatory obligations; or
(v) to generate aggregated – non-personally identifiable—data for analytics and trend detection to assist us making improvements
NOCTEM will not ordinarily communicate with end users or otherwise intervene in relationships between providers and end users to whom they provide support.
Where is the data stored?
All of our servers are located and maintained within the United States, therefore NOCTEM stores and processes all users’ personal and technical data within the United States. Regardless of where users’ information is processed throughout our system, we apply the same protections described in this policy.
At NOCTEM, we will take steps to ensure that the users’ personal and technical data receive reasonable and appropriate levels of protection in the jurisdictions in which it is processed.
We provide adequate protection for the transfers of personal data to countries outside of the USA? through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements. We also strive to comply with other legal frameworks relating to the transfer of data, such as the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Will NOCTEM share data with third parties?
No. We may only share data within NOCTEM’s company or future NOCTEM subsidiaries. Otherwise we do not share identifiable data provided by system users with third parties outside of our organization unless necessary for purposes outlined below.
NOCTEM may share data with third parties outside our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests or safety of NOCTEM or our users in accordance with the law. Whenever possible, we will inform Users about such transfer and processing.
Please bear in mind that if you provide personal data directly to a third party, such as through a link on our website, the processing is typically based on their policies and standards.
If NOCTEM is involved in a merger, acquisition, or asset sale, we may transfer personal and technical data to the third party involved. However, we will continue to ensure the confidentiality of all data. We use reasonable efforts to provide timely notice to all system users if personal data will be transferred or become subject to a different privacy.
If it becomes necessary to share personally identifiable data with third parties outside NOCTEM’s organization for reasons other than those specified above, we will seek your consent to do so in advance. .
Are data identifiable?
How long does NOCTEM keep data?
NOCTEM will store aggregated and anonymized data indefinitely. Identifiable personal information will be kept for as long as you are an active user of the NOCTEM tools, and for up to 3 years thereafter.
You may request that your personally-identifiable data be deleted in writing, by contacting NOCTEM at the address provided above.
What rights do you have?
Under HIPAA, you have the right to access any personally identifiable health information (“PHI”) that we have collected or generated about you. Upon your request and within a reasonable time, we will inform you of the PHI collected or maintained on the NOCTEM systems.
You may terminate your use of the NOCTEM systems (and withdraw your consent for us to collect or use your PHI) at any time. Please note, if you are a client or provider who terminates your use of the NOCTEM systems while end users remain under your care, such termination (and withdrawal of consent) may limit or terminate access to the NOCTEM systems of both your and the end-user with who you are associated.
Under HIPAA, you also have the right to have correct or complete personal data we have stored about you (if such information is incorrect or incomplete). Under HIPAA, you also have the right to receive your PHI from us in a structured and commonly used format and to independently transmit those data to a third party. You can obtain a correction or update of your personal data, or a record of your data, by contacting NOCTEM by secure email at firstname.lastname@example.org.
How do I exercise these rights?
To exercise your rights, you can send a letter or a secure e-mail to NOCTEM at the physical and email addresses provided above. Please include the following information:
We may request the provision of additional information necessary to confirm your identity.
Does NOCTEM use data for direct marketing purposes?
We do not intent to use your data for the purpose of direct marketing. Should this change, we will ask your explicit consent before such change is implemented.
What precautions are taken by NOCTEM regarding data safety and security?
We do our best to keep your data safe and secure.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. We regularly test our Service, systems, and other assets for security vulnerabilities.
We ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislations.
In accordance with HIPAA, should a security breach occur that is likely to materially affect your privacy in a negative way, we will inform you and relevant authorities as required by law and regulation.