PRIVACY POLICY
Fred R. Moss MD, Inc., d/b/a Dr. FredTM and Welcome to HumanityTM (the “Company” “we” “us” or “our”), and its affiliates and subsidiaries, really respects your privacy and we are committed to protecting your Personal Data.
As an organization that cares about you, it is our desire and duty to comply with the various applicable regulations around the world that govern the collection and processing (using) of your Personal Data.
Protecting the personal rights and privacy of each individual that visits or uses our websites and APPs is at the center of our concern in our relationship with you.
So we recognize the need for appropriate safeguards and management practices in relation to the collection and use of your Personal Data. We want to ensure that you understand what information we collect about you and how we use it.
This Privacy Policy sets out the principles the Company follows when we collect and process your Personal Data through your use of our services or when you otherwise engage with us. It also applies to our suppliers, website-users and/or APP users and anyone who participates in our programs, services or similar activity.
Our websites and our APPS are not intended for children and we do not knowingly collect data relating to children.
We may amend this Privacy Policy from time to time so please visit this page occasionally to ensure that you understand any amendments. If we need your consent to process your Personal Data in a different way, we will seek your permission in advance.
Please use the Definitions provided at the end of this Policy to help you understand the meaning of some of the terms we use here. If you have any questions regarding this Policy, contact us at: legal@drfredmoss.com and please write “Questions on your Privacy Policy” in the subject line of your email.
Who We Are
This Privacy Policy is issued on behalf of the the Company as a whole. When we mention the “Company”, “we”, “us” or “our”, we are referring to the relevant the Company entity responsible for collecting or processing your data.
Unless specified otherwise in this Privacy Policy, the Company is the controller of your Personal Data which means that the Company decides why and how your Personal Data is processed (i.e. used). Unless otherwise stated, the Company entity you are engaging with will be the controller of your data.
Fred R. Moss MD, Inc. is the legal data controller and responsible for our websites and related APPs.
THE COMPANY DATA PRIVACY CONTACTIf you have any questions about this Privacy Policy, including any requests to exercise any of your legal rights, please contact us using the details set out below.
CONTACT DETAILSOur full details are:
Full name of legal entity: Fred R. Moss MD, Inc.Address: 111 Bank Street, #260 Grass Valley, CA 95945
ATTN: Legal Department.Email address: legal@drfredmoss.com
What Personal Data We Collect and How We Collect It“Personal Data” is defined as any information about an individual from which that person can be identified. It might include your name, mailing address, email address, telephone number, company, title, website or APP username or website or APP password. It does not include data where your identity has been removed (anonymous data).
We collect, store and process your Personal Data by different methods in connection with your use of our services, such data may include: account data, your personal profile data, your personal data that are provided in the course of the use of our services, information that you post for publication on our website or through our services, information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website or APPs, information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters, and information contained in or relating to any communication that you send to us.WHERE YOU ARE A WEBSITE OR APP USER:
When you are using our websites or APPs, which may include when you download content or contact us via our websites or APPs, here is how we generally collect your data:- You may provide Personal Data by completing online registration forms, by applying for services via our website or APPs, or when you create or update any of your marketing preferences; and
- We may collect your data automatically via cookies, in line with your cookie consent, server logs and other similar technologies, preferences and settings in your browser;
- For more information on how we use cookies please see our cookie policy below.
How We Use Your Personal Data
We collect, process or disclose your Personal Data for our legitimate business purposes including:- To provide our services to APP or web users or to fulfill our contractual obligations;
- To any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this Policy.
- To market events, promotions, competitions, webinars, reports, our services, news or relevant Policy updates. Depending on which jurisdiction you are in, we may be required to give you an option to “opt-in” and we will always provide you with an option to “opt-out” with each marketing communication;
- As required by law or regulation;
- For our business purposes, such as data analysis, audits, fraud monitoring and prevention;
- To develop new products, services and offerings, or to enhance, improve or modify our products and services; or
- To record your usage of our website and Apps in accordance with our cookie policy.
- To our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- On certain pages on our websites or APPs you may see ‘share’ or ‘social buttons’. These enable you to share or bookmark pages on our websites or APPs. These may include buttons for: Twitter, LinkedIn, Pinterest, Facebook, Instagram or other social media platforms. In order for us to implement these buttons on our websites or APPs and connect them to the relevant social networks and external sites, there are scripts that are executed from domains owned by third-parties and outside of our control. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on our websites or APPs. So if you click on any of these buttons, these sites will be registering that action and may use that information. In some cases these sites will be registering the fact that you are visiting our website, and the specific pages you are on, even if you don’t click on the button but are already or automatically logged into their services, like Google and Facebook. We recommend that you check the respective policies of each of these sites to see how exactly they use your personal information and to find out how to opt out, or delete, such personal information if you wish to.
- Necessary for entering into, or performing, a contract – to perform obligations that we undertake in providing a service to you, or to take steps at your request to enter into a contract with us;
- Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Personal Data. We may also be obliged by law to disclose your Personal Data to a regulatory body or law enforcement agency;
- Necessary for the purposes of Legitimate Interests – we, or a third party, will process your Personal Data for the purposes of our (or a third party's) Legitimate Interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Personal Data protected. Our Legitimate Interests include responding to requests and enquiries from you or a third party, optimizing our websites, APPs and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
- Consent – in some circumstances, we may ask for your consent to process your Personal Data;
- Necessary to protect the vital interests of you the data subject or of another natural person.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at: legal@drfredmoss.com and clearly write “New Data Processing purpose Question” in the subject line of your email.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or seek your consent, providing you with a clear, conspicuous and readily available mechanism for you to exercise your choice.
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
How We Share Your Personal DataWe will not sell or rent to anyone the Personal Data provided to us or obtained by us.
In certain circumstances we will share your Personal Data with other parties. We share your data with other entities within the Company acting as joint controllers or processors. We do this to provide sales and marketing, IT, system administration services, product development and undertake internal reporting. We will also share your Personal Data across the Company entities to improve our customer service and to make our services more valuable to you.
We also share your Personal Data with the following third parties:
- Service providers acting as processors who provide IT and system administration services, including, for example: Amazon AWS, or other cloud service providers, etc.;
- Professional advisers acting as processors or joint controllers;
- Regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances;
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable laws. We do not allow our third party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
We also collect, use and share aggregated data such as statistical or demographic data for our legitimate business purposes. Aggregated data is not Personal Data as this data does not directly or indirectly reveal your identity.
International Transfers of DataWe share your Personal Data within the Company. We may transfer the Personal Data we collect about you to countries outside of the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy.
TRANSFERS OUT OF THE EEAIf you are located in the European Economic Area (EEA) this may involve transferring your Personal Data outside of the EEA. Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.
GENERAL SAFEGUARDS-
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
The Company uses industry standard physical, technical, and administrative controls to protect your Personal Data by:
- Not collecting or retaining excessive amounts of data;
- Protecting Personal Data from loss, misuse, unauthorized access and disclosure. Any employees, agents, contractors or third parties who are so authorized act on our instructions are subject to a duty of confidentiality;
- Keeping Personal Data up to date;
- Storing and destroying it securely;
- Ensuring that appropriate administrative, technical and physical safeguards are in place to protect Personal Data. These measures include measures to deal with any suspected data breach; and
- Regularly reviewing our information collection, storage and processing practices, including physical security measures.
You should note that this website and our APPs may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their content or privacy statements. When you leave our websites or Apps, we encourage you to read the privacy notice of every website you visit.
COOKIESThe Company uses "cookies" on its sites and APPs. A cookie is a piece of data stored on a site visitor's system that help us improve your access to our site and identify repeat visitors to our site or APPs.
Cookies can also enable us to track and target the interests of our users to enhance their experience on our sites and APPs. Except where contacts elect to identify themselves for purposes of receiving information from the Company, or inquiring as to a business relationship with the Company, cookies are not linked to any personally identifiable information.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. You can disable or remove any cookies already stored on your computer, but these may stop our websites or APPs from functioning properly.
Cookies are also delicious treats, especially good with a glass of warm milk (think Santa Claus) or for dipping in coffee.
Data RetentionWhere we collect your Personal Data, the length of time for which we retain it depends on the type of data, the purpose for which we use that data and our accounting, regulatory and legal data retention obligations. We do not retain Personal Data in an identifiable format for longer than is necessary.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will retain your Personal Data on our systems unless we have not had any meaningful contact with you (or, where appropriate, the company you are working for or with) for two or more years (or for such longer period as we believe in good faith that the law, statute or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected and we will delete or destroy it.
In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Children’s PrivacyAs noted above, our websites and Apps and all related services are not directed to or intended for use by minors. Consistent with the requirements of the US Children’s Online Privacy Protection Act, if we learn that we have received information directly from a child under age 13 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our websites and Apps and any related services. Subsequently, we will make commercially reasonable efforts to delete such information.
Your Legal Rights Under certain circumstances, by you have the right to:- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
- Object to processing of your personal information where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and/or
- Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your Personal Data, or request that we transfer a copy of your personal information to another party, please contact us by email at: legal@drfredmoss.com and clearly write “Personal Data Request” in the subject line of your email.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
WHAT WE MAY NEED FROM YOUWe may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENTIn the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please send us an email at: legal@drfredmoss.com – and write “Personal Data Consent Withdrawal” clearly written on the subject line of your email. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to without undue delay, unless we have another legitimate legal basis for doing so.
OUR RESPONSE TIMESWe try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is incomplete and we need to write to you for more information or is particularly complex or you have made several requests. In these cases, we will notify you and keep you updated.
IN THE EU, THE RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITYIn the EU, if you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your principle residence, your place of work or the place of the alleged infringement.
Please see “How to make a complaint” below.
How to Make a ComplaintData privacy laws are constantly evolving and we endeavor to maintain best practices. However, we recognize that we may not always get it right and if you are not satisfied in the way we handle your Personal Data or you wish to discuss our processes then we would like to hear from you.
THE COMPANY COMPLAINT PROCESSIf you believe that there is something which we have not done correctly with your Personal Data then we would appreciate the chance to deal with your concerns before you approach a Supervisory Authority, so please contact us in the first instance at: legal@drfredmoss.com and please clearly write “Data Complaint” in the subject line of your email.
Definitions of Terms used in this PolicyConsent means your agreement which must be freely given, specific, informed and be an unambiguous indication of you, the Data Subject’s wishes, by which you, by a statement or by a clear positive action, signifies agreement to the Processing of Personal Data relating to you.
Data Controller means the person or organization that determines when, why and how to process your Personal Data. It is responsible for establishing practices and policies in line with the GDPR. For example, we are the Data Controller of all Personal Data relating to our Company Personnel and Personal Data used in our business for our own commercial purposes.
Data Subject means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have various legal rights regarding their Personal Data.EEA means the 28 countries in the EU, and Iceland, Liechtenstein and Norway.
Explicit Consent means consent which requires a very clear and specific statement (that is, not just action).General Data Protection Regulation (GDPR) means the European Union General Data Protection Regulation ((EU) 2016/679). Applicable Personal Data is subject to the legal safeguards specified in the GDPR.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).Personal Data means any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Category (Sensitive) Personal Data and pseudonymized Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behavior.
Privacy Notices or Privacy Policy Notices means separate notices setting out information that may be provided to Data Subjects (such as you) when The Company collects information about them. These notices may take the form of general privacy statements applicable to a specific group of individuals (for example, APP related privacy notices or the website privacy policy notices) or they may be stand-alone, one-time privacy statements covering Processing related to a specific purpose.Processing or Process means any activity that involves the use of your Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.
Special Category or Sensitive Personal Data: information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.Thanks for taking the time to review our Policy!
This Privacy Policy was last revised on: December 21, 2020