Privacy Policy

1.0 Purpose & Scope

The purpose of this notice is to describe the privacy policy on the Early Access Care website as it defines external use of personal data.

Early Access Care is committed to protecting your privacy and safeguarding your personal information. We’ll use your personal information in accordance with Data Protection Legislation.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Please read this privacy notice, fair processing notice, or Early Access Care policy we may provide carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export and delete your information.

This privacy notice supplements the other notices and is not intended to override them.

2.0 Terms & References

Personal data shall mean information relating to an identified or identifiable living person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

General

This Privacy Policy describes our practices in connection with information that we or our service providers collect through the Web site or technology platform Early Access System. By providing personal information to us or by using the Site you agree to the terms and conditions of this Privacy Policy.

Information You Provide

Some areas of our website may ask you to submit personal information in order for you to benefit from the specified features (such as news updates). You will be informed what information is required and what information is optional at the point of collection.

You may also choose to submit personal information through the “Contact Us” part of the Site. As you navigate around the Site, certain information can be passively collected (e.g., gathered without your actively providing the information), using various technologies.

Early Access Care may also utilize third-party providers to assist us in processing your personal information. We may share your personal information, where it is lawful to do so, with the following organizations who provide us with assistance in delivering our products, applications, or services or where we are legally obliged to share information:

1. other companies within our group and our employees, consultants, agents, and professional advisers
2. our business partners
3. courts of law and government or regulatory authorities
4. third parties to which we outsource certain services such as couriers, IT systems or software providers, IT support service providers, and document and information storage providers
5. third-party service providers to assist us with client insight analytics, such as Microsoft, Google Analytics, DocuSign and Adobe
6. other organizations for the purposes of fraud/crime protection and investigation
7. anyone else with your permission

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

We will not sell, rent, or lease your personal data to any third party.

Your information may be transferred to and stored in locations outside the United States, including countries that may not have the same level of protection for personal information. If this becomes necessary, we will ensure it has an appropriate level of protection and that the transfer is lawful. We may need to transfer your information in this way to carry out our contract with you, to fulfil a legal obligation, to protect the public interest and/or for our legitimate interests.

Our third-party service providers may collect and use information in a variety of ways, including:

Through Your Browser

Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system version, and Internet browser type and version. We may also collect device type. This enables us to enhance the visual information you receive through the Site.

How We Use Your Information

We use and disclose information you provide to us as described to you at the point of collection. We may also use information from or about you:

1. to respond to your inquiries and fulfill your requests, such as to send you documents you request or email information;

2. to send you important information regarding our relationship with you regarding the site, change to our terms, conditions, and policies and/or other administrative information; and

3. for our business purposes, such as data analysis, audits, developing new products, enhancing our website, improving our products and services and identifying Site usage trends.

We may also disclose information collected through the Site to our third-party service provider who provides services such as website hosting and moderating, data analysis, infrastructure provision, IT services, customer service, auditing services, and other services, in order to enable them to provide services. In addition, we may use and disclose information collected through the Site as we believe necessary or appropriate or required under applicable laws, including laws outside your country of residence, to comply with legal process, to respond to requests from public and government authorities, including public and government authorities outside your country of resident, to enforce our terms and conditions, to protect our rights, privacy, safety or property and to allow us to pursue available remedies. We may also use and disclose information collected through the Site in other ways, with your consent.

Your Privacy Rights

We recognize that you have certain rights under applicable domestic and international privacy laws. We observe your rights which can include:

The right to be informed

As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy notice and any related communications we may send you.

The right of access

You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:

1. The purposes of the processing
2. The categories of personal data concerned
3. The recipients to whom the personal data has been disclosed
4. The The retention period or envisioned retention period for that personal data
5. When personal data has been collected from a third party, the source of the personal data

If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or unreasonable expense (which you may have to meet), we will inform you.

The right to rectification

If you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.

The right to erasure (the "right to be forgotten")

Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.

The right to restrict processing

You may ask us to stop processing your personal data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:

1. The accuracy of the personal data is contested
2. Processing of the personal data is unlawful
3. We no longer need the personal data for processing, but the personal data is required for part of a legal process
4. The right to object has been exercised and processing is restricted pending a decision on the status of the processing

The right to data portability

You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

The right to object

You have the right to object to our processing of your data under one of the following conditions:

1. Processing is based on legitimate interest
2. Processing is for the purpose of direct marketing
3. Processing is for the purposes of scientific or historic research
4. Processing involves automated decision-making and profiling

California residents

To the extent you are subject to the California Consumer Privacy Act, we act as a data controller and process personal data collected accordingly. California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.

Privacy Rights of Residents of the European Union, United Kingdom, and Switzerland

We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (together the “DPF”) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. We have also certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

EU, UK, and Swiss data protection law makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). With regard to your personal data, we are a data controller of information that we collect when you enter your information into the “Contact Us” section of the Website and with respect to any Website Use Data or Device Connectivity and Configuration Data considered to be personal data under the law. Otherwise, we generally serve as a data processor with respect to the personal data we collect through the Website and otherwise through our services.

To exercise any of these rights with respect to personal data collected by us as a data controller, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

For Residents of the 27 EU countries, the UK, and Norway and Iceland in The European Economic Area (EEA), and Switzerland please contact DataRep, appointed by Early Access Care, as its Data Protection Representative for the purposes of GDPR by contacting our Data Protection Representative HERE.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Early Access Care commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Binding Arbitration: Under certain circumstances you may exercise your option to enter into binding arbitration to determine if we have violated our obligations under this DPF Principles and whether such violation has been fully or partially remediated. Eligibility for arbitration and the arbitration procedures are described in the Data Privacy Framework Annex I: Arbitral Model available at Data Privacy Framework Annex I.

Children

Protecting the privacy of minors is especially important to us. For that reason, no part of our website is structured to attract and collect or maintain information at our website from any Visitor that we have actual knowledge is a minor under thirteen (13) years of age. We do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA.

Security

We use appropriate organizational, technical, and administrative measures to protect personal information we process. No data transmission over the Internet or data storage system can be guaranteed to be 100 percent secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately of the problem by contacting us in the "Contact Us" section below. All parties have the right to access their personal data at any time. An individual may request that their information on the Early Access Care LLC website be changed or removed at any time by emailing dataprotection@earlyaccesscare.com. In the case you believe your data privacy has been used outside of what you have consented, you have the right to contact the relevant supervisory authority or invoke binding arbitration.

International Transfers

Your personal information may be stored and processed in any country where we have facilities or service providers, and by using our Site or providing consent to use (where required by law), you agree to the transfer of information to countries outside of your country of residence, including the United States, which may provide for different data protection rules than in your country. Where we do transfer your personal information to our affiliates or contracted services providers based outside of your country of residence, we ensure, by means such as contracts and personal data transfer agreements, that your personal data is reasonably protected in accordance with applicable privacy laws, regulations or binding codes.

Early Access Care complies with the EU-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.

Early Access Care has self-certified to the Department of Commerce that it complies with the principles of the U.S. Data Privacy Framework. In order to protect consumer privacy in the US and EU the Federal Trade Commission has committed to make enforcement of the Framework a high priority and therefore, Early Access Care and your data are subject to investigatory and enforcement powers of the Federal Trade Commission.

In the case that Early Access Care comes under the scrutiny of public authorities, Early Access Care may be required to disclose your personal data in order to meet national security or law enforcement requirements.

If you have questions about this Privacy Policy, please contact us by mail at:

Early Access Care LLC, 40 Mungertown Road Madison, CT 06443

Or contact Early Access Care via Email at Data Protection.

Swiss Data Protection Authority HERE

You may also contact our Data Protection Officer, at GRCI Law Limited at: dpoaaS@grcilaw.com. Our EU, UK and Swiss Data Protection Representatives can be contacted HERE.

We may, from time to time, make and implement changes to this privacy policy. Any changes will be effective immediately upon posting of the revised version to our website. Your continued use of our website will indicate your acknowledgement of our privacy and data protection procedures.