Privacy Policy

How we collect, use, and protect your personal and health information

← Back to Legal & Policies

ReAssure Med LLC Privacy Policy

This privacy policy (“Privacy Policy”) describes how ReAssure Med LLC (collectively with its affiliated companies and subsidiaries shall be referred to herein as the “Reassure Med”, “we”, “us” or “our”) collects, uses and discloses certain information, including Personal Data (as defined below) and the choices you can make about such information. This Privacy Policy governs the processing and transfer of Personal Data, directly or indirectly, when you sign up for and use our second opinion platform (“Platform”) available at https://www.reassuremed.com/privacy-policy.html either to receive remote second opinion consultation services (“Service” and “Patient” respectively) or to provide the Services (“Healthcare Professional”).

This Privacy Policy is an integral part of our terms and conditions as applies to you (“Terms”). Capitalized terms not defined herein shall have the meaning ascribed to them in the Terms, and unless otherwise stated herein, Patient and Healthcare Professional shall both be, collectively and separately, referred herein to as “you”.

Note, you are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.

This privacy policy governs the use, processing, and sharing of Personal Data that applies to all individuals worldwide; however, certain jurisdictions require that applicable disclosures be provided in a certain way and format, and therefore, additional notices will apply as follows:

  • Additional Information to California Residents: In the event you are a California resident, please also review our CCPA Privacy Notice to learn more about our privacy practices with respect to the California Consumer Privacy Act.
  • Additional Information to Colorado Residents: In the event you are a Colorado resident, please also review our CPA Notice to learn more about our privacy practices and your rights under the Colorado Privacy Act.
  • Additional Information to Connecticut Residents: In the event you are a Connecticut resident, please also review our CDPA Notice to learn more about your rights under the Connecticut Data Privacy Act.
  • Additional Information to Virginia Residents: In the event you are a Virginia resident, please also review our VCDPA Notice to learn more about our privacy practices and your rights under the Virginia Consumer Data Protection Act.
  • Additional Information to Utah Residents: In the event you are a Utah resident, please also review our UCPA Notice to learn more about your rights under the Utah Consumer Privacy Act.

A. Policy Amendments

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website and the update date will be reflected in the “Last Amended” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will take effect immediately unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

B. Contact Information and Data Controller Information

ReAssure Med, incorporated under the laws of the state of Wyoming, is the Controller (as such term is defined under the EU and the UK General Data Protection Regulations (“GDPR”) or equivalent privacy legislation) of the Personal Data as detailed herein below.

For any question, inquiry, or concern related to this Privacy Policy or the processing of your Personal Data, you may contact us as follows:

The Company's data protection point of contact:

By email: privacy@reassuremed.com

By mail: ReAssure Med / ONHealth Alliance, 440 Burroughs Street, Suite 150, Detroit, MI 48226

C. Data Processed by the Company

We may collect two types of information from you, depending on your interaction with us.

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from whom we have collected the Non-Personal Data. Non-Personal Data being gathered consists of technical information and may include, among other things, the type of operating system, browser, and device, and your actions on the Website or Services (such as session duration).

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information” as defined under the applicable data protection law).

Personal Data may also include “Personal Health Information” or “PHI”: means any information which relates to the Patients' medical or mental condition, the provision of healthcare services or otherwise; provided such PHI is not subject to any other governing regulation such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) in the United States of America or Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. To the extent your PHI is subject to HIPAA or PIPEDA, we have adopted the strict HIPAA and PIPEDA Rules in processing your PHI, as all detailed under the Notice of Privacy Practices.

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

The information below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations:

Type of Data

Online Identifiers and Usage Data

When you interact with our Platform, we may collect online identifiers associated with your browser or device, such as Internet Protocol (IP) address, Cookie ID, and additional unique identifiers (“Online Identifiers”).

Further, when you use the Platform, information regarding such use is automatically generated and collected, which may include clickstream data on the Platform, the time spent on each page or feature, crash data and analytics, how often you use the Service, etc. (“Usage Data”).

Online Identifiers and Usage Data are collected through our use of our own or third-party tools, such as cookies and similar technologies.

Online Identifiers and Usage Data are used to enable the operation and proper functionality of the Platform, enhance the Services, support security and fraud prevention, facilitate debugging, and resolve technical problems. For example, in order to automatically recognize you the next time you enter your Account, or to confirm you are a real person.

Online Identifiers, which are collected through cookies we implement and are strictly necessary for the proper and basic operation of the Platform and Services, will be processed on the basis of our legitimate interest. Online Identifiers and Usage Data used for fraud prevention, improving the Services, are subject to our legitimate interest.

Contact Information

If you contact us with any inquiries, by email or any other means of communication available to you, you will be asked to provide your full name and email address. In addition, you can provide us with additional information as part of your correspondence with us (“Contact Information”).

We will process the Contact Information you provide to respond to your inquiry.

The correspondence with you may be processed and stored by us in order to improve our customer service, and in the event that we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable). We will process the Contact Information in accordance with our legitimate interest.

Account Information

When creating an Account, you may be requested to provide us with certain information, such as your full name, email address, telephone number, date of birth, etc., and designate, or otherwise be provided with, credentials (“Account Information”).

We use the Account Information to create your Account, authenticate you, provide Account management (including billing and invoices), customer support, and the Services.

In addition, we may use your email address to provide you with marketing-related communications, such as new features, additional offerings, special opportunities, or other information we believe you will find valuable (“Direct Marketing”).

We process your Account Information to perform our contract with you or, depending on your interactions with us, to take steps prior to entering into such a contract. Where we use your email address for Direct Marketing purposes, such processing is subject to our legitimate interest. Note, you can opt out at any time from Direct Marketing through the “unsubscribe” link within the emails we send you. Note, however, that if you choose to opt out of direct marketing, we will further maintain a suppression file – meaning lists of applicable email addresses that have requested to opt out, under our legitimate interest and to ensure we comply with such preference and choice.

PATIENTS — Payment Information

When you make a payment through the Platform, you will be asked to submit certain information (depending on the payment method) such as credit card number and ancillary details, full name, phone number, etc. (“Payment Information”).

We process your Payment Information to provide you with the Services you requested.

We currently use Helcim Inc. to process and collect your payments on our behalf. Your Payment Information will be handled in accordance with and subject to a Data Processing Agreement signed between us. Certain information will be kept by the payment processor and is subject to their privacy policy, which you can review during the checkout page. We process your Payment Information to perform our contract with you.

PATIENTS — Medical Records

When using the Platform and Services, Patients are required to upload their past and current medical records, a description of symptoms, a medical history, lifestyle descriptions, any imaging or other diagnostic test results, and other relevant medical information and documentation (“Medical Records”).

We will collect and process your Medical records solely to create your Account and provide you with the applicable Services.

We collect and process your Medical Records only with your explicit consent, which you may withdraw at any time by contacting us as outlined above.

Notwithstanding the above, the Company reserves the right to de-identify your Medical Records for the Company's internal use, including research, services’ improvement, commercial use or otherwise.

HEALTHCARE PROFESSIONALS — License and Permits

As part of the Company's KYC (Know Your Client) processes, Healthcare Professionals will be required to present their licenses and permits for the provision of the Services as will be required by the Company, including CV, certificates, board certification, and ancillary data, etc. (“Licenses and Permits”).

The Company will use your Licenses and Permits to conduct KYC prior to or during our engagement with you.

We will use your Licenses and Permits in order to conclude the contract between us.

Please note that the actual processing operation for each purpose of use and lawful basis detailed in the table above may differ. Such processing operations usually include automated operations, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the Data Transfer Section below, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Platform and Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability, or defend a claim. Such processing is based on our legitimate interests.

D. How We Collect Information

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:

  • Information you provide us directly – for example, when you register and create an account, correspond with us, or provide us with your Medical Records.
  • Information we receive from third parties – for example, if you authorize us to contact your healthcare clinic in order to receive certain records as required for the Services.
  • Information we receive automatically – we will collect your Online Identifiers and Usage Data, including analytics data (or use third-party measurement and marketing tools) automatically. For more information on the cookies we use and how to opt out of third-party collection of this information, please see Section E below, “Cookies & Tracking Technologies”.

E. Cookies & Tracking Technologies

We use “cookies” (or similar tracking technologies) when you access and interact with the Platform. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, and for advertising purposes.

You can find more information about our use of cookies in our Cookie Policy, and change your settings and preferences at any time using the cookie settings tool available in our Platform footer.

F. Sharing Data with Third Parties

We share your Personal Data with third parties, including our service providers that help us provide our Services. You can find information about the categories of such third-party recipients.

Service Providers — All Types of Personal Data

We employ other companies and individuals to perform functions on our behalf, such as sending communications, support, processing payments, image processing, analyzing data, identifying errors and crashes, conducting customer relationship management, etc. These third-party service providers have access to the Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purpose other than providing the requested services.

Affiliated Companies — All Types of Personal Data

We may share certain information with our affiliated companies, which will provide us with certain required services and, for internal compliance and measurement, etc.

Any Acquirer of Our Business — All Types of Personal Data

We may share all types of Personal Data in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). In such an event, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.

Governmental Agencies or Authorized Third Parties — Subject to Law Enforcement Authority Request

We may share certain data when we believe it is appropriate to do so in order to comply with law enforcement, governmental agencies, or authorized third parties, or protect the rights, property, or security of the Company, our customers, partners, or others.

We may disclose Personal Data to enforce our policies and agreements, to defend our rights, including investigating potential violations thereof, alleged illegal activity, or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.

G. Your Rights Related to Your Personal Data

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls regarding your information. Depending on your relationship with us, your jurisdiction, and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

Right to opt out under the EU (i.e., withdraw consent or restrict the processing), and specifically in the US and Canada, the right to opt out from:

  • (i) selling personal data;
  • (ii) right to opt out from targeted advertising; and
  • (iii) right to opt out from profiling and automated decision-making

Direct Marketing: You have the right to opt out of Direct Marketing by unsubscribing through the email received.

Cookies: When you no longer wish for cookies to track your behavior for analytical purposes, you can change your preferences through the cookie settings available in our footer.

Note, you may have the right to authorize another person acting on your behalf to opt out (including by technical tools and opt-out signals).

Right to appeal or lodge a complaint: If we decline to take action on your request, we shall so inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the EU, you have the right to lodge a complaint with the supervisory authority or the Information Commissioner in the EU.

Non-discrimination: Such discrimination may include denying a service, providing a different level or quality of service, or charging different prices. We do not discriminate against our customers or users.

H. Data Retention

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt out.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

I. Security

We design the Platform and Services with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards.

Please contact us at privacy@reassuremed.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

J. Data Transfer

Your Personal Data processed by the Company is also processed and stored by other entities, service providers, legal authorities, etc., as detailed above. Therefore, your Personal Data might be transferred to jurisdictions other than the jurisdiction from which you accessed the Platform, including Canada and the U.S.; while the data is in the other jurisdiction, it may be subject to access by courts, law enforcement, and national security authorities. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer. You may exercise your rights, where applicable, to receive information regarding the transfer mechanism that was used during such transfer.

If and where Personal Data collected within the EEA is transferred outside the EEA, we will do so pursuant with the standard contractual clauses approved by the European Union (“SCCs”). Additionally, following the withdrawal of the United Kingdom (UK) from the European Union on January 31, 2020, the UK is no longer considered to be a part of the EEA and therefore, the transferring of Personal Data from the EEA to the UK will also be subject to the SCCs or other contractual clauses that will ensure the security of the Personal Data (pending an adequacy decision from the European Commission).

K. Children

Our Website and Services are intended for a general audience and are not directed to individuals under 18 years old. If you become aware that a child has provided us with Personal Data, please contact us immediately at: privacy@reassuremed.com.

L. Additional Information for Colorado Residents

This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context).

Under the Colorado Privacy Act (“CPA”), the Company is required to provide a privacy notice that identifies the following: in Section C to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored, or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary, provided that consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period by contacting us at privacy@reassuremed.com and stating that you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account to submit a request.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

M. Additional Information for Connecticut Residents

This section applies to Connecticut residents acting only in an individual or household context (and not in a commercial or employment context or as a representative of a business, non-profit, or governmental entity).

Under the Connecticut Data Privacy Act (“CDPA”), the Company is required to provide you with a clear and accessible privacy notice that includes the following: in Section C to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section F of this Privacy Policy details and discloses the categories of third parties to whom we share information for business purposes.

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests, and we will inform you of such extension within the initial 45-day response period, together with the reason for the extension. If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. If we refuse to take action on a request, you may appeal our decision within a reasonable period by contacting us at privacy@reassuremed.com and stating that you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

N. Additional Information for Virginia Residents

This section applies to Virginia residents acting only as an individual or household context (and not in an employment or commercial context).

The Virginia Consumer Data Protection Act (“VCDPA”) requires the Company to disclose the following: In Section C to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section F to this Privacy Policy details and discloses the categories of third-parties we share for business purposes.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@reassuremed.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

O. Additional Information for Utah Residents

This section applies to Utah residents acting only as an individual or household context (and not in an employment or commercial context).

Under the Utah Consumer Privacy Act (“UCPA”), the Company is required to provide you with a clear and accessible privacy notice that includes the following: in Section C to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section F to this Privacy Policy details and discloses the categories of third-parties we share for business purposes.

We will respond to your request within 45 days after receipt of your request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, we will provide with the reasoning for our refusal.

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

Legal Hub·Terms of Use·Terms of Service·Patient Consent