Privacy Policy

Effective July 22, 2015 – Last amended January 30, 2018

Zephyr Health, Inc.

Zephyr Health, Inc. (“Zephyr Health“) and its subsidiaries, help Life Sciences companies organize and visualize global health data to better connect their therapies to people in need.

Zephyr Health is committed to protecting all personal information that is provided to us and personal information which we may collect and process.

The following sections describe the type of personal information we collect, how we use it, and the options available for making changes to that information. This Privacy Policy applies to https://zephyrhealth.com (our “Website”), to the Zephyr Platform and Applications and to the Zephyr Network (collectively referred to as our “Services”). Please check our Website regularly for updates of this policy at: https://zephyrhealth.com/privacy-policy/.

EU-US Privacy Shield Statement

Zephyr Health aims to comply with the EU-US Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.  Zephyr Health strives to adhere to the Swiss-US Privacy Shield and the EU-US Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access and recourse, enforcement and liability.

To learn more about the EU-US Privacy Shield and Swiss-US Privacy Shield programs please visit https://www.privacyshield.gov.

For the European market, Zephyr Health collects and processes European data taking into account the European General Data Protection Regulation (GDPR).

Personal Information that We Collect

Zephyr Health collects several types of personal information from website visitors, platform users, employees, customers, suppliers, services providers, advisers, consultants, other professional experts, complainants and enquirers.

How We Use the Personal Information that We Collect

We use personal information to:

  • Support the processing of our Services
  • Maintain our customer accounts and records
  • Carry out our contractual and legal obligations
  • Support and manage our employees
  • Send emails, newsletters, and marketing communications
  • Send a one-time email to the designated email address when a user chooses to share news articles via email
  • Respond to questions and concerns from customers or data subjects
  • Improve our Website and marketing efforts

Zephyr Health may share personal information with contracted third parties such as our service providers.

Web Tracking Technologies

We use web tracking technology to understand usage of our Services and IP addresses. More broadly, technologies such as cookies, beacons, tags and scripts are used by Zephyr Health and our online service and marketing providers. These technologies are used in analyzing trends, administering the Website, tracking users’ movements around our Website, and to gather demographic information about our website user base as a whole.

We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. We use cookies to remember users’ settings (e.g. region preference) and for internal analytics usage.

Users can control the use of cookies at the individual browser level. If a user rejects cookies, they may still use our Website, but their ability to use some features or areas of our site may be limited. As is true of most Websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.  We may combine this automatically collected log information with other information we collect about website users. We do this to improve services we offer, to improve marketing, analytics, or Website functionality.

Advertising

We partner with a third party to display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites to provide you advertising based on your browsing activities and interests. If a user wishes to block this information from being used for the purpose of serving interest-based ads, they may opt out by clicking here (US/CAN) or by using this link for European opt outs. Please note that this is not an opt out for being served ads, but rather an opt out for receiving targeted ads that use personal information. Users may continue to receive generic ads.

Making Changes to Personal Information and Opt-Out

Where Zephyr Health receives personal information for use in our services in the EU or Switzerland, Zephyr Health will provide individuals with an opportunity to opt-out to prevent such personal information being disclosed to a third-party. Users may request a change to their personal information or to opt-out by sending us a written explanation to privacy@zephyrhealth.com. Where information cannot be changed or removed, we will tell the user the reason(s). We will provide confirmation that the request has been processed within (30) days upon receipt of the request.

Protection of Personal Information

Zephyr Health classifies personal information as confidential. We maintain reasonable security measures to protect confidential information from loss, destruction, misuse, and unauthorized access or disclosure. Our Website and Services use transport layer security (TLS) technology.  Please note that no method of transmission over the Internet, or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If users of our services have any questions about security on our Website and Services, they can email us at security@zephyrhealth.com.

Retention of Personal Information

Zephyr Health retains personal information for only as long as needed to comply with our legal obligations, resolve disputes, enforce our agreements, or as otherwise reasonably necessary for our business purposes.

Disclosure of Personal Information

We sometimes share the personal information we process with the data subject themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of data protection legislation of the applicable domains of operation e.g. the UK Data Protection Act (DPA) and European GDPR. We may disclose personal information:

  • as required by law, such as to comply with a subpoena or similar legal process;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
  • if Zephyr Health is involved in a merger, acquisition, or sale of all or a portion of its assets. In this case users will be notified via email and/or a prominent notice on our Website of any change in ownership or uses of personal information, as well as any choices data subjects may have regarding their personal information.

Social Media Features

Our Website includes social media features, such as the “Share This” button or interactive mini-programs that run on our Website. These features may collect the website visitors IP address and the pages visited on our Website, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Website. Interactions with these features are governed by the privacy policy of the company providing it.

Links to Other Websites

Our Website may contain links to other Internet sites, such as Twitter, and they may ask for different personal information. We do not accept any responsibility or liability for the privacy practices of third-party websites. If a website visitor submits personal information to any of those sites, his or her information is governed by their privacy policies. We encourage website visitors to carefully read the privacy policy of any website visited.

Changes to this Privacy Policy

This Privacy Policy and our practices are internally reviewed on an annual basis for compliance.

If we make any material changes to this policy we will notify impacted data subjects by email or by means of a notice on this Website. We encourage users to periodically review this page for the latest information on our privacy practices.

The Zephyr Illuminate Platform, Applications and the Zephyr Network (Services)

As a primary business purpose we conduct research and analysis into healthcare markets and as part of that we may collect publicly available information about professionals working in the health care sector. This may include openly available data on hospitals, professional places of work and contact information for health care professionals (e.g. name, email address, phone number, work address, and the professional focus activities of the person whose personal information we are processing). We may also process the relevant text and categorisations relating to articles, guidelines, publications etc. In addition, data may be licensed and/or purchased (e.g. national registries, contact databases).

Zephyr Health analyses the data and displays profile information. This data may then be shared through the Zephyr platforms via a secure Login with customers. In these cases, the use of information collected through our services shall be limited to the purpose of providing the service for which the customer has engaged Zephyr Health.

Zephyr Health collects information under the direction of its customers, and has no direct relationship with the individuals whose personal information it processes. Before using our Services, we enter into a written agreement with our customers which address the handling of personally identifiable data. Zephyr Health typically use EU compliant model contract clauses with its EU customers as part of adequately safeguarding data subjects’ rights. Customers should ensure that they have sufficient rights to allow Zephyr Health to process the personal information provided to us.

Individuals who do not wish to have their personal information collected or who seek to access, correct, or delete personal information should either contact our customers directly for guidance on opting out or email Zephyr Health at privacy@zephyrhealth.com.

We may transfer personal information only for limited and specified purposes to companies that help us provide our services.

We will retain the personal information we process on behalf of our customers for as long as needed to provide services to our customer, comply with our legal obligations, resolve disputes, and enforce our agreements.

Contact Us

Questions or concerns regarding our Privacy Policy should be raised by emailing us at privacy@zephyrhealth.com.

Dispute Resolution Related to This Policy

Individuals may file a complaint concerning our processing of their personal information with our Chief Information Security & Privacy Officer, whose contact information is below. We will respond to the complainant within 45 days and take steps to remedy any issues arising out of a failure to comply with our Privacy Policy.

Individuals may file a complaint by emailing us at privacy@zephyrhealth.com or mailing us at: Zephyr Health, Inc. Attn: Chief Information Security & Privacy Officer 450 Mission Street, Suite 201 San Francisco, CA 94105 USA