Last Revised: July 8, 2020
This Privacy Notice explains how PicassoMD, LLC (“PicassoMD” or “we”) collects, uses, shares, and handles information about Individuals via the PicassoMD website, mobile app, and other services(collectively, “PicassoMD Services”). Individuals may include primary care providers, specialists, other users of PicassoMD Services, and patients of PicassoMD Clients who provide patient data to PicassoMD.By visiting PicassoMD.com or using any PicassoMD Service, Individuals accept the practices described in this Privacy Notice and consents to the collection, use and disclosure of information described herein.
PicassoMD collects Individuals’ information on behalf of primary care providers, specialists, insurers, medical practices, hospitals and health systems, or other companies that serve or may serve Individuals(collectively, “PicassoMD Clients”). Individuals may be patients, customers, or employees of PicassoMDClients. This information is collected, stored, used, and transmitted in compliance with the HealthInsurance Portability and Accountability Act (HIPAA) and the Privacy, Security, Breach Notification, andEnforcement Rules at 45 CFR Part 160 and Part 164 (collectively the HIPAA Rules). As PicassoMD evolves, we may update this Privacy Notice to reflect changes in the manner in which we deal with personal information, whether to comply with then applicable statutes, regulations and self-regulatory standards or otherwise. The Privacy Notice posted here will always be current. We encourage you to review this statement regularly. If we make a material change to the Privacy Policy, we will post a notice of the change on our website, PicassoMD.com.
This Privacy Notice does not limit collection, use, sharing, or handling by PicassoMD of aggregated, deidentified, or anonymized information, provided that the information cannot be associated with an individual.
If you have any questions or concerns about this Privacy Notice, e-mail PicassoMD at privacy@PicassoMD.com.
INFORMATION WE COLLECT
PicassoMD collects Personal Information from Individuals and Clients in order to administer and providePicassoMD Services to PicassoMD Clients and Individuals and for the other purposes identified in thisPrivacy Notice. Information that may be collected includes:
PicassoMD Services are not directed to children under the age of 18. PicassoMD does not knowingly collect or store personal information collected online from children under the age of 18.
HOW WE USE THE INFORMATION
We use the Personal Information that we collect to administer and provide our services to PicassoMDClients and Individuals. We may use Personal Information for the following purposes:
SHARING INFORMATION
Under the following circumstances, PicassoMD may provide third parties with the information that it has collected from a User, provided that the sharing is conducted for one of the following purposes:
COOKIES, WEB BEACONS, AND DO-NOT-TRACK
Cookies are bits of electronic information that can be transferred to your computer or other electronic device to uniquely identify your browser. When you use our website, we may place one or more cookies on your computer or other electronic device. We may use cookies to connect your activity on our website with other information we store about you in your account profile or your prior interactions with our website to, for example, store your preferences. PicassoMD uses cookies that are session based and persistent. Session-based cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. You have the ability to acceptor decline cookies by modifying the settings in your browser.
At any time, you may adjust your browser settings to refuse cookies according to the instructions related to your browser. Please note that if you disable your web browser’s ability to accept cookies, you will not be able to access all features and functions available on the PicassoMD website, and you may not be able to successfully use PicassoMD services or offerings. Unless you have adjusted your browser setting so that it will refuse cookies, our system will place cookies when you log on to our websites. For more information about how to manage cookies in your web browser, see http://www.aboutcookies.org.
Web beacons are transparent graphic images placed in emails or web pages to record the simple actions of users. Web beacons collect only limited information, such as time and date of a page being viewed, and a description of the page on which the web beacon resides (the URL). PicassoMD uses web beacons to support analytical programs like Google Analytics. PicassoMD uses cookies in conjunction with services such as Google Analytics to better understand Individuals’ experience with PicassoMD Services.
As described in this Privacy Notice, other parties may collect PicassoMD User personally identifiable information about an individual User’s online activities over time and across different Web sites when the User uses PicassoMD services. PicassoMD does not respond to Do-Not-Track signals.
INFORMATION SECURITY
We take reasonable security measures, in compliance with the HIPAA Rules, to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of personal information within our custody or control. These include security measures for and internal reviews of our data collection, storage, and processing practices. We also implement physical security measures to guard against unauthorized access to systems where we store personal data.
We restrict access to Personal Information to PicassoMD employees, contractors, and agents who need to know that information in order to operate, develop, or improve our services. These individuals are bound by confidentiality obligations, including HIPAA Business Associate Agreements that require them to comply with the HIPAA Rules, and they may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Please note that while we take reasonable security measures to protect against unauthorized access, no safeguard can fully guarantee security of personal information.
INTERNATIONAL TRANSFERS
PicassoMD is headquartered in the United States and, regardless of where you use our Services or otherwise provide information to us, your information may be transferred to, maintained, and processed by PicassoMD and our service providers in the United States or other jurisdictions in which we or they operate. Please note that privacy laws, regulations, and standards in the jurisdictions in which your information may be maintained and processed may not be equivalent to the laws in your country of residence and such information may be subject to lawful access by U.S. or other foreign courts, law enforcement, and governmental authorities.
YOUR CALIFORNIA PRIVACY RIGHTS
On January 1, 2020, the California Consumer Privacy Act (CCPA) went into effect. The law requires companies to notify California residents about how their data is collected, used, and shared, and in some cases gives them rights to access and delete that data. This section provides PicassoMD’s disclosures as required by the CCPA. These disclosures supplement and incorporate the statements in the other portions of the Privacy Notice. This section applies to all visitors, users, and others who reside in the State of California.
Information We May Collect
PicassoMD collects Personal Information from Individuals and Clients in order to administer and provide PicassoMD Services to PicassoMD Clients and Individuals and for the other purposes identified in thisPrivacy Notice. We may collect the following categories of information, as defined in the CCPA. The examples listed are only illustrative of potential types of data within each category, and PicassoMD does not necessarily collect that data about every individual.
Category
Examples
Collected
Purpose of Collection
Identifiers
Real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure User accounts
Categories of personal information described inCal. Civ. Code 1798.80(e)
Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure accounts
Characteristics of protected classifications under California or federal law
Age (40 years or older),race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex(including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure accounts
Commercial information
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure accounts
Biometric information
Imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information
Yes
Internet or other electronic network activity information
Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure accounts
Geolocation data
Physical location or movements
Yes
Sensory data
Audio, electronic, visual, thermal, olfactory, or similar information
No
Professional or employment-related information
Current or past job history or performance evaluations
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure accounts
Non-public education information (per theFamily Educational Rights and Privacy Act (20 U.S.C.Section 1232g, 34 C.F.R.Part 99))
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
No
Inferences drawn from other personal information
Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Yes
To deliver services requested by the Individual and/or Client
To respond to inquiries from the Individual and/or Client
To create, maintain, customize, and secure accounts
Sources of California Personal Information
We obtain the above categories of personal information from the following categories of sources:
Use of California Personal Information
We may use any of the above categories of collected Personal Information to provide services requested from Users or Clients, maintain and improve our services, communicate with Individuals and Clients about PicassoMD Services and affiliated third-party services, market PicassoMD Services, prevent potentially illegal activities, protect the rights and property of PicassoMD and third parties, respond to inquiries of PicassoMD Clients and Individuals, and for any other purpose to which the User has consented. Our use and disclosure of California Personal Information is more fully described above, in the section entitled “How We Use This Information”.
Sharing California Personal Information
We may disclose your personal information to your healthcare provider, insurer, or to another third party, as more fully described in the section above entitled “Sharing Information). The vast majority of data that PicassoMD collects and discloses to its clients is in its capacity as a service provider, as defined by CCPA. Accordingly, PicassoMD does not “sell” CCPA-covered personal information.
In the past 12 months, PicassoMD has disclosed the following categories of personal information for a business purpose:
In the past 12 months PicassoMD has disclosed personal information to the following categories of third parties:
Your rights under the CCPA
Most of the rights provided under the CCPA do not currently apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals. The CCPA also currently exempts personal information reflecting a written or verbal business-to-business communication from many of its requirements.
Moreover, PicassoMD typically acts as a service provider to its Clients. The Clients solely determine the purposes and means of processing Clients’ personal information. To the extent that PicassoMD collects or processes CCPA-covered personal information in its capacity as a service provider, requests for access to CCPA-covered data and deletion must be directed to the PicassoMD Client. For instance, if you want to access data collected via PicassoMD, you must contact the appropriate PicassoMD Client (such as your healthcare provider or insurer), which will then work with PicassoMD to process your request.
In the rare instance that the CCPA rights apply to the personal information and PicassoMD does not collect or process data in its capacity as a service provider, you have the following rights:
Access to Personal Information Collected or Sold and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see “ExercisingYour Rights” section), we will disclose to you:
Deletion of Personal Information: You have the right to request deletion of personal information. If you wish to do so, please contact us at any method listed below. The right to deletion is subject to certain exceptions, such as if we need the personal information to provide Services or comply with legal obligation.
No Discrimination: You will not be subject to discrimination for exercising any of your privacy rights.To exercise any applicable access, data portability, and deletion rights, please submit a verifiable consumer request by: sending an email to privacy@PicassoMD.com or sending mail to PicassoMD, Inc.,5237 River Road #359, Bethesda, MD 20816.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We use good faith efforts to respond to a verifiable consumer request within forty-five (45) days after its receipt. If we need more time (up to 90 days), we will inform you of the reason and the needed extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
information from one entity to another entity without hindrance.We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request
You may designate an authorized agent to make a request under the CCPA on your behalf.
The California Shine the Light Law, Cal. Civ. Code Section 1798.83, requires companies to disclose certain information about information shared with third parties that is used for the third parties’ direct marketing purposes. These disclosure requirements only apply if PicassoMD were to share personal information with third parties for the third parties to market their own services and products directly to consumers. If you are a California resident, you may request information about the disclosure of your personal information to third parties for the third parties’ direct marketing purposes by emailing privacy@PicassoMD.com or sending mail to PicassoMD, Inc., 5237 River Road #359, Bethesda, MD20816.
CONTACT US
If you have any questions about this Privacy Notice or our privacy practices, please contact us at privacy@PicassoMD.com or write to us at:
PicassoMD, Inc. 237 River Road #359
Bethesda, MD 20816