+1-855-573-2663 support@secondopinions.com

Privacy Policy

Privacy policy Last Amended: December 11, 2023

This privacy policy (“Privacy Policy”) describes how USARAD Holdings Inc. (collectively with its affiliated companies and subsidiaries shall be referred to herein as the “USARAD”, “we”, “us” or “our”) collects, uses and discloses certain information, including Personal Data (as defined below) and the choices you can make about such information. This Privacy Policy governs the processing and transfer of Personal Data, directly or indirectly, when you sign up for and use our second opinion platform (Platform“) available at: https://www.secondopinions.com/privacy-policy.html either to receive remote second opinion consultation services (“Service” and “Patient” respectively) or to provide the Services (“Healthcare Professional”).

This Privacy Policy is an integral part of our terms and conditions as applies to you (“Terms”). Capitalized terms not defined herein shall have the meaning ascribed to them in the Terms, and unless otherwise stated herein, Patient and Healthcare Professional shall both be, collectively and separately, referred herein to as “you”.

Note you are not required by law to provide us with any Personal Data. Sharing Personal Data with us is entirely voluntary.

This privacy policy governs the use, processing and sharing of Personal Data that applies to all individuals world-wide, however, certain jurisdictions require that applicable disclosures will be provided in a certain way and format, and therefore additional notices will apply as follows:

Additional Information to California Residents: In the event you are a California resident– please also review our CCPA Privacy Notice to learn more about our privacy practices with respect to the California Consumer Privacy Act.

Additional Information to Colorado Residents: In the event you are a Colorado resident – please also review our CPA Notice to learn more about our privacy practices and your rights under the Colorado Privacy Act.

Additional Information to Connecticut Residents: In the event you are a Connecticut resident– please also review our CDPA Notice to learn more about your rights under the Connecticut Data Privacy Act.

Additional Information to Virginia Residents: In the event you are a Virginia resident– please also review our VCDPA Notice to learn more about our privacy practices and your rights under the Virginia Consumer Data Protection Act.

Additional Information to Utah Residents: In the event you are a Utah resident – please also review our UCPA Notice to learn more about your rights under the Utah Consumer Privacy Act.

A.Policy amendments

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website and the update date will be reflected in the “Last Amended” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

 

B.Contact information and data controller information

USARAD incorporated under the laws of the state of Delaware, is the Controller (as such term is defined under the EU and the UK General Data Protection Regulations (“GDPR”) or equivalent privacy legislation) of the Personal Data as detailed herein below.

For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact as follows:

The Company’s data protection point of contact:

By email: dpo@nanox.vision

By mail: Nano-X Imaging Ltd., Communication Center Neve-Ilan 9085000, Israel.

 

C.Data processed by the company

We may collect two types of information from you, depending on your interaction with us.

The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your actions in the Website or Services (such as session duration).

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data” or “Personal Information” as defined under the applicable data protection law).

Personal Data may also include “Personal Health Information” or “PHI”: means any information which relates to the Patients’ medical or mental condition, the provision of healthcare services or otherwise; provided such PHI is not subject to any other governing regulation such as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). To the extent your PHI is subject to HIPAA, we have adopted the strict HIPAA Rules in processing your PHI, as all detailed under the Notice of Privacy Practices.

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

The table below details the types of Personal Data we process, the purpose, lawful basis, and our processing operations: 

Type of Data

Purposes and Operation

Lawful Basis under the GDPR

Platform Interaction:

When you interact with our Platform, we may collect online identifiers associated with your browser or device, such as Internet Protocol (IP) address, Cookie ID and additional unique identifiers (“Online Identifiers”).

Further, when you use the Platform, information regarding such use is automatically generated and collected, which may include the click stream within the Platform, the time spent on each page or feature, crash data and analytics, how often you use the Service, etc. (“Usage Data“).

Online Identifiers and Usage Data are collected through our use of our or third party’s tools such as cookies and similar technologies.

Online Identifiers and Usage Data are used to enable the operation and proper functionality of the Platform, enhance the Services, for security and fraud prevention purposes, debugging purposes and to resolve technical problems. For example, in order to automatically recognize you by the next time you enter your Account or to confirm you are a real person.

Online Identifiers which are collected through cookies we implement, and which are strictly necessary for the proper and basic operation of the Platform and Services, will be processed subject to our legitimate interest.

Online Identifiers and Usage Data used for fraud prevention, improving the Services are subject to our legitimate interest.

Contact Information:

In the event you contact us with any inquiries, by sending us an email or by any other means of communications available to you, you will be requested to provide us with your full name and email address. In addition, you can choose to provide us with additional information as part of your correspondence with us (“Contact Information“).

We will process the Contact Information to provide you with a response to your inquiry.

The correspondence with you may be processed and stored by us in order to improve our customer service and in the event, we believe it is required to continue to store it, for example, in the event of any claims or in order to provide you with any further assistance (if applicable).

We will process Contact Information subject to our legitimate interest.

Account Information

When creating an Account you may be requested to provide us with certain information such as your full name, email address, telephone number, date of birth, etc., and designate, or otherwise be provided with, credentials (“Account Information“).

We use the Account Information to create your Account, authentication, provide Account management (including billing and invoices), customer support and to provide the Services.

In addition, we may use your email address in order to provide you with marketing related communication such as new features, additional offerings, special opportunities or any other information we think you will find valuable (“Direct Marketing”). 

We process your Account Information for the performance of our contract with you or, depending on your interaction with us, in order to take steps prior to entering into such contract.

Where we use you email address for Direct Marketing purposes, such processing is subject to our legitimate interest. Note you can opt-out at any time from Direct Marketing through the “unsubscribe” link within the emails we send you. Note however that if you choose to opt-out from Direct Marketing, we will further maintain a suppression file – meaning lists of applicable email addresses that have requested to opt-out, under our legitimate interest and to ensure we comply with such preference and choice.

PATIENTS

Payment Information

When you make a payment through the Platform, you will be asked to submit certain information (depending on the payment method) such as credit card number and ancillary details, full name, phone number, etc. (“Payment Information“).

We process your Payment Information in order to provide you with the Services as your requested.

We currently use Cybersource Corporation to process and collect your payments on our behalf. Your Payment Information will be handled in accordance with and subject to a Data Processing Agreement signed between us. Certain information will be kept by the payment processor and is subject to their privacy policy which you can review during the checkout page.

We process your Payment Information for the purpose of performing our contract with you.

Medical Records:

When using the Platform and Services, Patients are required to upload their past and current medical records, a description of symptoms, a medical history, lifestyle descriptions, any imaging or other diagnostic test results, and other relevant medical information and documentation (“Medical Records”).

We will collect and process your Medical records for the sole purpose of creating your Account and providing you with the applicable Services.

We collect and process your Medical Records subject to your explicit consent which can be withdrawn at any time by contacting us as outlined above.

Notwithstanding the above, the Company reserves the right to de-identify your Medical Records for the Company’s internal use, including research, services’ improvement, commercial use or otherwise.

HEALTHCARE PROFFESIONALS

License and permits:

As part of the Company’s KYC processes, Healthcare Professionals will be required to present their licenses and permits for the provision of the Services as will be required by the Company, including CV, certificates, board certification and ancillary data, etc. (“Licenses and Permits”).

The Company will use your Licenses and Permits in order to conduct a KYC prior to or through our engagement with you.

We will use your Licenses and Permits in order to conclude the contract between us.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the Data Transfer section below, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Platform and Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability, or defend a claim. Such processing is based on our legitimate interests.

D.How we collect information

Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:

  • Information you provide us directly – for example, when you register and create an account, correspond with us or provide us your Medical Records.
  • Information we receive from third parties – for example, if you authorize us to contact your healthcare clinic in order to receive certain records as required for the Services.
  • Information we receive automatically – we will collect your Online Identifiers and Usage Data including analytics data (or use third-party measurement and marketing tools) automatically. For more information on the cookies we use and how to opt out of third-party collection of this information, please see our Section 5 below “Cookies & Tracking Technologies”.

 

E.Cookies & tracking technologies

We use “cookies” (or similar tracking technologies) when you access to and interact with the Platform. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, as well as for advertising purposes.

You can find more information about our use of cookies under our Cookie Policy, as well as change your settings and preferences at any time by using the cookie settings tool available on our Platform footer.

 

F.Sharing data with third parties

We share your Personal Data with third parties, including our service providers that help us provide our Services. You can find in the table below information about the categories of such third-party recipients.

CATEGORY OF RECIPIENT

DATA THAT WILL BE SHARED

PURPOSE OF SHARING

Service Providers

All types of Personal Data

We employ other companies and individuals to perform functions on our behalf, such as sending communications, support, processing payments, image processors, analyzing data, identifying errors and crashes, conducting customer relationship management, etc. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than providing us with requested services.

Affiliated Companies

All types of Personal Data

We may share certain information with our affiliated companies, which will provide us with certain required services and, for internal compliance and measurement, etc.

Any acquirer of our business

All types of Personal Data

We may share all types of Personal Data in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In such event, our affiliated companies or acquiring company will assume the rights and obligations as described in this Privacy Policy.

Governmental agencies or authorized third parties

Subject to law enforcement authority request.

We may share certain data when we believe it is appropriate to do so in order to comply with the law enforcement, governmental agencies or authorized third parties, or protect the rights, property, or security of the Company, our customers, partners, or others.

We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.

G.Your rights related to your personal data

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

In the table below you can review your rights depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard, any specification per geo-location or territory are available below the table:

Right to be informed

You have the right to be provided with information regarding our Personal Data collection and privacy practices. All is detailed under this Privacy Policy

Right to know; access rights

You have the right to confirm whether we collect Personal Data about you, know which Personal Data we specifically hold about you, and receive a copy of such or access it.

if you wish to receive a copy of the Personal Data, please submit a Data Subject Request form (“DSR”) as available here.

Right to correction/ rectification

You have the right to correct inaccuracies in your Personal Data, taking into account the nature and purposes of each processing activity. Please submit a DSR as available here.

Right to be forgotten; Right to deletion

In certain circumstances, you have the right to delete the Personal Data we hold about you. For specifications regarding this right and its exclusions, or if you wish to ask to exercise this right, please submit a DSR as available here.

Right to portability

You have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please submit our DSR as available here.

Right to opt out under the EU (i.e., withdraw consent or restrict the processing), and specifically in the US the right to opt out from:

(i) selling personal data;

(ii) right to opt out from targeted advertising; and

(iii) right to opt out from profiling and automated decision making

Direct Marketing: You have the right to opt-out from Direct Marketing, by unsubscribing through the email received.

Cookies: When you no longer wish for cookies to track your behavior for analytic purpose, you are able to change your preferences through the cookie settings available on our footer.

Note you may have the right to authorize another person acting on your behalf to opt out (including by technical tools and opt out signals).

Right to appeal or lodge a complaint

If we decline to take action on your request, we shall so inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the EU you have the right to lodge a complaint with the supervisor authority or the Information Commissioner in the UK.

Non-discrimination

Such discrimination may include denying a service, providing a different level or quality of service, or charging different prices. We do not discriminate our customers or users.

H.Data retention

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.

Other circumstances in which we will retain your Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

 

I.Security

We design the Platform and Services while your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards.

Please contact us at: dpo@nanox.vision, if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.

 

J.Data transfer

Your Personal Data processed by the Company is also processed and stored by other entities, services providers, legal authorities, etc. as detailed above. Therefore, your Personal Data might be transferred to jurisdictions other than the jurisdiction from which you accessed the Platform, including Israeli and the U.S.; and while the data is in the other jurisdiction, it may be accessed by the courts, law enforcement, and national security authorities. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer. You may exercise your rights, where applicable, to receive information regarding the transfer mechanism that was used during such transfer. If and where Personal Data collected within the EEA is transferred outside the EEA, we will do so pursuant with the standard contractual clauses approved by the European Union (“SCCs“). Additionally, following the withdrawal of the United Kingdom (UK) from the European Union on January 31, 2020, the UK is no longer considered to be a part of the EEA and therefore, the transferring of Personal Data from the EEA to the UK will also be subject to the SCCs or other contractual clauses that will ensure the security of the Personal Data (pending an adequacy decision from the European Commission).

 

K.Children

Our Website and Services are intended for general audience and is not directed to individuals under 18 years old. If you become aware that a child has provided us with Personal Data, please contact us immediately at: dpo@nanox.vision.

L.Jurisdiction-specific notices

M.Additional information for colorado residents

This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context).

Under the Colorado Privacy Act (“CPA”), the Company is required to provide a privacy notice that identifies the following: in Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 7 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising, if applicable.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@nanox.vision and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

N.Additional information for connecticut residents

This section applies to Connecticut residents acting only as an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity).

Under the Connecticut Data Privacy Act (“CDPA”), the Company is required to provide you with a clear and accessible privacy notice that includes the following: in Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 7 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising, if applicable.

We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 days response period, together with the reason for the extension. If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@nanox.vision and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

O.Additional information for virginia residents

This section applies to Verginia residents acting only as an individual or household context (and not in an employment or commercial context).

The Virginia Consumer Data Protection Act (“VCDPA”) requires the Company to disclose the following: In Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 7 to this Privacy Policy details and discloses your rights and Personal Data shared or sold for targeted advertising, if applicable.

We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at dpo@nanox.vision and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

P.Additional information for utah residents

This section applies to Utah residents acting only as an individual or household context (and not in an employment or commercial context).

Under the Utah Consumer Privacy Act (“UCPA”), the Company is required to provide you with a clear and accessible privacy notice that includes the following: in Section 3 to the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, Section 6 to this Privacy Policy details and discloses the categories of third-parties we share for business purposes. Section 7 to this Privacy Policy details and discloses your rights if and to the extent applicable under the UCPA.

We will respond to your request within 45 days after receipt of your request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, we will provide with the reasoning for our refusal.

If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request.

Any disclosures we provide will only cover the 12-months period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

For your peace of mind
About the Company
Our Services
Legal
Contact Us

This website is an informative site that aims to offer its users find helpful information regarding a second opinion services that will be suitable for their medical condition. The content provided in this website is not and shall not be taken as expert or professional medical advice for any matter and is not an alternative to an in-person physician consultation. Our services are different from the diagnostic service typically provided by a physician, as the physicians do not have the benefit of information that would be obtained by examining you in person, observing your physical condition, or conducting diagnostic testing to the specifications of the physician. Therefore, the physician may not be aware of facts or information that would affect the physician ́s medical opinion of your condition. In some cases, these facts may be critical to the opinion. USARAD is not responsible for potential errors in opinion resulting from missing, incomplete, poorly translated or illegible records, or poor-quality images