Carestream Privacy Notice
Carestream Health, Inc. and its subsidiaries (collectively, Carestream) are committed to protecting personal information. This Privacy Notice is intended to give you confidence in the privacy and security of any personal information that is entrusted to Carestream.
This Privacy Notice explains our practices with regard to the “Personal Information” we collect from healthcare professionals, customers, website visitors and other individuals with whom we interact.
For information about how we protect the privacy of patient information that we receive from our customers for processing, please see our Privacy Statement for Patient Information.
This Privacy Notice is effective as of May 10, 2018.
- Types of Personal Information Collected by Carestream
- How Carestream Uses Personal Information
- Why Personal Information Is Disclosed by Carestream to Others
- Cookies and Other Data Collection Technologies
- Third Party Advertising Companies and Browser Tracking Information
- Social Media Interactions
- Mobile Applications
- Forums and Other Public Areas
- Your Choices
- Access and Correction
- International Transfers
- Important Information for EEA Residents
- Information Security
- Privacy Policies of Third Parties
- Job Applicants
- Changes to this Privacy Notice
- How to Contact Us
Personal Information is any information that can be used to identify, locate or contact you. It also includes other information that may be associated with your Personal Information. We collect the following types of Personal Information:
- Contact Information that allows us to communicate with you, such as your name, username, mailing address, telephone number, email address or other addresses that allow us to send you messages.
- Relationship Information that helps us to do business with you. This includes your professional credentials and affiliations and the products and services that may interest you or your business.
- Transaction Information about how you interact with Carestream, including your purchase history, payment information, information about your use of our products, customer account information and information about how you use our websites and applications.
In many cases, we collect Personal Information directly from you. We will ask you for Personal Information when you interact with us, such as registering on our websites, signing up to receive materials electronically, or making a purchase. We also collect Personal Information when you contact us, such as for customer service purposes.
We may collect information from your company when a hospital provides us with information about healthcare professionals who are authorized to receive support or services. We may also collect information about you from third party data suppliers who enhance our files and help us better understand our customers, or through publicly-available social media sites, such as LinkedIn or Twitter.
Carestream also collects certain non-personal information directly from our imaging equipment and printers. This Device Information may include the location (IP address) of equipment, product usage information (such as film consumption), and other data for support and service. Device information does not contain any Personal Information, but we treat it as Personal Information if it is associated with other information that can be used to identify, locate or contact a healthcare professional.
We use your Personal Information to:
- Enable you to register for an account with an online service offered by Carestream (such as the Carestream Partner Site or the VIBE User Group);
- Provide you with the products, services and transactional communications requested by you or your company and for related activities, such as customer service, product service and support, account management, training, reporting and to provide other services related to your company’s account:
- Subject to your preferences, provide you with marketing communications and offers for products and services from Carestream and our partners, including personalized offers, and to manage your communication preferences;
- Provide you with additional information that may be of interest, such as Carestream news and announcements;
- Administer surveys and other promotional events;
- Determine if you are eligible for certain products, services or offers, such as rebates or warranty support;
- Understand how you use our products, content and services, including associating you with different devices that you may use to access our content, for analytics and product development purposes, as well as, personalize offers that we make to you; and
- Manage our everyday business needs, such as payment processing and financial account management, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance.
3. Why Personal Information Is Disclosed by Carestream to Others
We will not sell or otherwise disclose your Personal Information to other companies for their own use unless we have your permission or we are required to disclose the information by law. We will only share your Personal Information as follows:
- If you are affiliated with one of our commercial customers, we may share your Personal Information with that customer. For example, we may include Personal Information on invoices and other reports that we provide our customers about their commercial accounts;
- We may share your Personal Information with our service providers. These providers are bound by law or contract to protect your Personal Information and only use your Personal Information in accordance with our instructions;
- We may share your Personal Information with partners that provide services to you through Carestream, but only to the extent you have a relationship with such partner or you authorize the sharing. Additionally, we may share certain Transactional Information with our partners as needed to validate referrals and operate the platforms; and
Please note that we may anonymize and/or aggregate your Personal Information to allow us to disclose information that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data. These reports do not contain any information that would enable the recipient to contact, locate or identify you.
4. Cookies and Other Data Collection Technologies
When you visit our website or use our mobile applications, we collect certain Transaction Information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons.
In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Information. For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns.
- Keeping track of the materials you upload and download;
- Remembering you when you login to the places on our site which require membership;
- Remembering your country and language preferences;
- Helping us understand the size of our audience and traffic patterns, and to manage and present site information;
- Delivering information specific to your interests; and
- Managing site information displayed on your computer.
When you visit our website, we place cookies on your computer. Cookies are small text files that websites send to your computer, or other Internet-connected device, to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud. In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser. All browsers are different, so visit the “help” section of your browser to learn about cookie preferences and other privacy settings that may be available.
We may use Flash Cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. A Flash cookie is a small data file placed on a computer using Adobe Flash technology. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation.
We use Flash cookies to personalize and enhance your online experience and to deliver content for Flash players. We may also use Flash cookies for security purposes, to gather certain website metrics and to help remember settings and preferences. Flash cookies are managed through a different interface than the one provided by your web browser. To manage Flash cookies, please visit Adobe’s website at: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html. If you disable Flash cookies or other similar technologies, please be aware that you may not have access to certain content and product features.
Pixel Tags and Web Beacons
Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.
Server Logs and Other Technologies
We collect many different types of information from server logs and other technologies. For example, we may collect information from the device you use to access our website, i.e., your operating system type, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. Our server logs also record the IP address of the device you use to connect to the Internet. An IP address is a unique identifier that devices use to identify and communicate with each other on the Internet. We may also collect information about the website you were visiting before you came to Carestream and the website you visit after you leave our site.
We have relationships with third party advertising companies to place advertisements on this website and other websites, and to perform tracking and reporting functions for this website and other websites. These third party advertising companies may place cookies on your computer when you visit our website or other websites so that they can display targeted advertisements to you.
These third party advertising companies do not collect Personal Information in this process, and we do not give any personal information to them as part of this process. However, this Privacy Notice does not cover the collection methods or use of the information collected by these other companies. For more information about third party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org. To opt out of being targeted by many third party advertising companies visit: www.networkadvertising.org/consumer/opt_out.asp or http://preferences.truste.com/truste/.
Our websites use some of Google’s analytics tools. For information on how Google Analytics uses data, please visit “How Google uses data when you use our partners’ sites or apps”, located at: www.google.com/policies/privacy/partners/.
Although our websites currently do not have a mechanism to recognize the various web browser Do Not Track signals, we do offer our customers choices to manage their cookie preferences as described in the previous section. To learn more about browser tracking signals and Do Not Track, please visit http://www.allaboutdnt.org/
Our websites may enable you to interact with us and others via social media platforms, such as Facebook, Twitter, and Instagram. While we respect all social media platform’s privacy policies, we may collect Personal Information about you and your friends if you choose to use these tools. We use the information to facilitate an interactive social experience.
We may display interest-based ads to you when you are using platforms such as Facebook and Google. These platforms allow us to personalize the ads that we display to you. We do not share any of your Personal Information with these platforms, although we may convert your email address into a unique number which can be matched by the platform with its user to allow delivery of the advertising. Although we do not provide any personal information to these platforms, they may gain insights about individuals who respond to the ads we serve.
We offer mobile applications that allow you to access your account, interact with us online and receive other information via your smartphone. All Personal Information collected by Carestream via our mobile applications is protected by the terms of this Privacy Notice.
When you download our mobile applications, you may choose to allow us to obtain your precise location from your mobile device. We use this information to deliver personalized content to you for our internal analytics purposes. We may also offer automatic (or "push") notifications. We will provide push notifications only to those individuals who opt-in to receive such notifications from us. You do not have to provide location information to us or enable push notifications to use any of our mobile apps. If you have questions about location and notification privacy, please contact your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
9. Your Choices
You can always limit the information you provide to us. You can also limit the communications that we send to you. To opt-out of emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you. To revoke permissions that you may have given to send text messages, text STOP in response to any message.
Please note that even if you opt-out of commercial emails, we may still need to contact you with important transactional information about your account. For example, even if you opt-out of emails, we may still send you activity confirmations.
If you have any questions about your choices or if you need any assistance with opting-out, please contact us via email to firstname.lastname@example.org. You can also write us at the address noted in the How to Contact Us section below. If you send us a letter, please provide your name, address, email address, and information about the communications that you do not want to receive.
We respect your right to reasonably access and correct your Personal Information. If you have an online account, you can log into your account at any time to access and update the information you have provided to us. Additionally, Carestream complies with all laws regarding access and correction. If you need assistance updating your Personal Information, please contact us via email to email@example.com.
Your personal information may be transferred to, stored at or processed in the United States or other countries which may not have equivalent privacy or data protection laws. However, regardless of where your personal information is transferred, we will protect it in accordance with this Privacy Notice and applicable law. Personal information transfers from the European Economic Area (EEA) and other countries with data transfer restrictions will be authorized by approved model contracts or other appropriate means.
Carestream has a supplemental privacy notice to give individuals in the EEA the additional information required by the EU General Data Protection Regulation. These provisions, together with the statements in this Privacy Notice, explain our practices with regard to EEA personal data. Please click here to read our EEA Privacy Notice Supplement.
We have implemented reasonable technical, physical and administrative safeguards to help protect your personal information against unauthorized access or loss. For example, when we ask users to provide payment information (such as credit card number), the data is protected during transmission to us using industry-standard encryption.
This Privacy Notice only addresses the use and disclosure of information by Carestream, Inc. and its affiliates. Other websites that may be accessible through this website have their own privacy policies and data collection, use and disclosure practices. We encourage you to familiarize yourself with the privacy statements provided by all third parties prior to providing them with information or taking advantage of an offer or promotion.
15. Job Applicants
If you have applied for employment with Carestream, the Personal Information submitted with your job application will be used only for recruitment and other customary human resources purposes.
From time to time, we may update this Privacy Notice to reflect new or different privacy practices. We will place a notice online when we make material changes to this the Privacy Notice. Additionally, if the changes will materially affect the way we use or disclose previously-collected Personal Information, we will notify you about the change by sending a notice to the primary email address associated with your account.
Please contact us if you have any questions or comments about our privacy practices or this Privacy Notice. You can always reach us online at: firstname.lastname@example.org. You can also reach us via mail to:
Carestream Health, Inc.
Privacy Office/Legal Department
150 Verona Street
Rochester, NY 14608
Carestream is committed to protecting the privacy and security of all personal information that we process in order to provide services to our healthcare professional customers and their patients. This notice explains our practices with regard to the personal information we receive from our customers as a data processor.
Carestream will collect and process patient personal information only as instructed by our customers. We will not use or disclose patient information for our own purposes. Carestream will at all times maintain reasonable and appropriate security controls to protect patient information.
Carestream will disclose patient information to our customers and to other entities (including other healthcare professionals) when instructed by our customers. We may disclose patient information to our affiliates and approved data processors as needed to provide the services that our customers have requested. These entities are all contractually bound to limit use of your personal information as needed to perform the services. We may also disclose patient information when required by law.
For patients based in the United States, patient information is classified as protected health information under the US health privacy law known as the Health Insurance Portability and Accountability Act (“HIPAA”). Carestream will collect and process protected health information only as required or permitted by our business associate agreements and applicable laws, including HIPAA. Carestream will at all times maintain reasonable and appropriate security controls to protect the information as required by HIPAA.
For patients based outside of the United States, your personal information is always processed in accordance with applicable law. Patient information may be transferred to Carestream affiliates and data processers in the United States and elsewhere in the world. Carestream will always protect the privacy and security of patient information, regardless of where it is processed. Patient information transfers from the European Economic Area and other countries with data transfer restrictions authorized by approved model contracts or other appropriate mechanisms.
If you have questions about your privacy rights, please contact your healthcare provider. If you believe that Carestream has not handled your personal information properly, you may also contact Carestream’s Privacy Office at: privacy@Carestream.com.
Carestream Health is providing this supplemental privacy notice to give individuals in the European Economic Area (EEA) the additional information required by the EU General Data Protection Regulation. These provisions, together with the statements in the Carestream Privacy Notice, explain our practices with regard to EEA personal data.
1. Information about Carestream
This notice is being provided by Carestream Health, Inc. and its affiliates.
Carestream Health, Inc. is based in the United States. Our representative in the EEA is:
Carestream Health Netherlands, B.V.
3755 BZ Eemnes
You may contact the Carestream Global Privacy Office by emailing email@example.com or by writing to:
Carestream Health, Inc.
Privacy Office/Legal Department
150 Verona Street
Rochester, NY 14608
2. The Purposes and Legal Basis for Processing, including Legitimate Interests
Carestream’s Privacy Notice explains the reasons why we process your Personal Information. We only process Personal Information when we have a legal basis for the processing, such as:
- To fulfill a contract with you or with your company (including providing support and service);
- For closely-related purposes, such as payment processing, account management, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance; and
- With your consent (or provided you have not objected, as may be applicable), to respond to requests for information and to provide you with marketing communications.
We may also process your Personal Information for the purposes of our legitimate interests, provided that such processing shall not outweigh your rights and freedoms. In particular, we may process your Personal Information as needed to:
- Provided you have not objected, send you our own marketing materials;
- Protect you, Carestream or others from threats (such as security threats or fraud);
- Comply with the laws that are applicable to us around the world,
- Enable or administer our business, such as for quality control, analytics, consolidated reporting, and product development;
- Manage corporate transactions, such as mergers or acquisitions; and
- Understand and improve our business or customer relationships generally.
3. Automated Decision-Making and Profiling
We may use analytics for product development purposes, such as to understand product usage, or for security purposes, such as to identify unauthorized login attempts. We will not make automated-decisions about you that may significantly affect you, unless (1) the decision is necessary as part of a contract that we have with you, (2) we have your explicit consent, or (3) we are required by law to use the technology.
4. When You are Required to Provide Personal Information to Carestream
In most cases, you are not required by law to provide any Personal Information to Carestream. You are required to provide certain Personal Information to enable us to enter into a contract with you, so that you can use our products and services. Our registration forms indicate which data elements are required for our contracts. If you do not provide these data elements, we cannot do business with you.
5. Your Rights
As noted in the Carestream Privacy Notice, you always have the right to object to our marketing communications. To opt-out of emails, simply click the link labeled “unsubscribe” at the bottom of any email we send you. To revoke permissions that you may have given to send text messages, text STOP in response to any message.
Carestream also respects the rights of EEA residents to access, correct and request erasure or restriction of their Personal Information as required by law. This means:
- You generally have a right to know whether or not Carestream maintains your Personal Information. If we do have your personal information, we will provide you with a copy (subject to the rights of others). If your information is incorrect or incomplete, you have the right to ask us to update it.
- You have the right to object to our processing of your Personal Information. If we are processing your Personal Information based on your consent, you have the right to withdraw your consent at any time.
- You may ask us to delete or restrict your Personal Information.
To exercise these rights, please contact the Carestream Global Privacy Office, and a member of our Privacy Team will assist you. Please understand that we may need to verify your identify before we can process your request. If Carestream is processing your Personal Information as a data processor, we will refer you to our customer (such as your healthcare professional) for assistance with these requests. Carestream supports its customers in responding to requests as required by law.
If you believe that we have processed your Personal Information inappropriately, you may also contact the Carestream Data Protection Officer or other supervisory authority. You may reach our Data Protection Officer by writing to the DPO at the Carestream Global Privacy Office address set forth above.
6. International Transfers
As noted in the Carestream Privacy Statement, your Personal Information may be transferred to, stored at or processed in the United States and other countries which may not have equivalent privacy or data protection laws.
We generally use approved Standard Contractual Clauses to assure that Personal Information is adequately protected when it is transferred out of the European Economic Area or Switzerland, but we may also make transfers to recipients with approved Binding Corporate Rules or to recipients in the United States who have certified to the EU-US and/or Swiss-US Privacy Shield Framework.
Please contact the Carestream Global Privacy Office if you would like more information about cross-border transfers or to obtain a copy of the Standard Contractual Clauses.
7. Data Retention
We will retain your Personal Information for as long as the information is needed for the purposes set forth in Section 3 above and for any additional period that may be required or permitted by law. You may request that we delete your Personal Information by contacting Carestream Privacy Office. Unless we have a compelling interest in retaining your information, it will be deleted it within 30 days of your request.