Effective Date: March 27, 2025
Med Dimensions, LLC (hereinafter referred to as “Med Dimensions”, “Company”, “we”, “us”, or “our”) is committed to protecting the privacy of individuals whose information we process, including visitors to our website, registered users of our services, and patients whose data may be processed through our services. This Privacy Policy outlines our practices concerning the collection, use, disclosure, retention, and protection of Personal Information and Sensitive Data.
- Definitions
- Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This includes information you provide directly and information collected automatically.
- Sensitive Data: A subset of Personal Information that may include government identifiers, account log-ins, financial account details, precise geolocation, racial or ethnic origin, religious beliefs, health information, sex life or sexual orientation, genetic data, biometric data, and contents of communications where we are not the intended recipient. Patient Information (defined below) falls into this category.
- Website Visitors: Individuals Browse our public website.
- Registered Users: Individuals (e.g., Clinicians, representatives of Organizations) who register for an account to use our services.
- Patients: Individuals whose data, including potentially Sensitive Data related to health, is submitted to our services by Registered Users.
- Services: The products, software, and services provided by Med Dimensions.
- Information We Collect
We collect different types of information depending on your interaction with us:
(a) Information from Website Visitors and Registered Users:
- Contact and Identification Information: Name, email address, phone number, occupation, organization name, address. Provided directly by you.
- Account Information: Username, password, email address, user preferences. Provided when you create or manage your account.
- Payment Information: Credit card number, billing address, shipping address, and related transaction details. Provided when making a purchase. Note: Full payment card details are typically processed directly by our third-party payment processors.
- Usage Data: Information about how you interact with our website and Services (pages visited, features used, searches performed, time spent). Collected automatically.
- Device Data: IP address, browser type, operating system, device type, unique device identifiers. Collected automatically.
- Location Data: Approximate location (e.g., city, state derived from IP address). Collected automatically. We will ask for explicit consent before collecting precise geolocation data.
- Search & Browse History: Searches performed and pages visited within our Services. Collected automatically.
- Clickstream Data: Links clicked within our website and Services. Collected automatically.
- Social Media Data: Information shared with us if you interact with our social media pages (profile information, publicly available posts). Collected via social media platforms subject to their privacy policies and your settings.
- Advertising Data: Information about ads you see or interact with on our Services (impressions, clicks). Collected automatically or via advertising partners.
- Third-Party Data: We may receive information about you from third-party sources like data brokers, marketing partners, or public databases, subject to applicable laws.
(b) Information Relating to Patients (Submitted by Registered Users):
Registered Users (Clinicians, Organizations) may submit Sensitive Data about Patients through our Services. This is done solely to enable Med Dimensions to provide the requested Services. This information may include, but is not limited to:
- Medical images (e.g., CT scans, MRI scans, X-rays, DICOM files)
- Patient identifiers (e.g., full name, date of birth, identification numbers assigned by the provider)
- Demographic information (e.g., gender)
- Clinical information (e.g., surgical history, medical history, diagnoses)
- Genetic data
- Other sensitive health information relevant to the Service provided.
Important Note on Patient Information:
- Registered Users are responsible for ensuring they have the necessary rights, consents, and legal permissions to provide Patient Information to us for processing according to the terms of their agreement with Med Dimensions and applicable laws.
- We process this Patient Information based on instructions from the Registered User.
- De-identification: Where feasible and appropriate for the Service or secondary uses described below, we aim to de-identify Sensitive Patient Data. We employ methods designed to remove or obscure personally identifying information according to recognized statistical standards. The specifics of when and how de-identification occurs will be governed by our agreements with Registered Users and the nature of the Service.
(c) Information about Clinicians and Organizations:
We collect professional information about Registered Users and their associated organizations, which may include:
- Clinician’s name, specialty, license number, NPI number.
- Organization’s name, address, phone number, website, tax information.
- How We Use Your Information
We use the collected information for the following purposes:
- Providing and Improving Services: To operate, maintain, enhance, and provide features of our website and Services, process transactions, and fulfill requests.
- Communication: To communicate with Registered Users about their accounts, transactions, security alerts, support, and administrative messages.
- Marketing and Promotions: To send promotional communications (like newsletters) about our products and Services, subject to your opt-out rights and applicable consent requirements (e.g., opt-in for certain electronic marketing in the EU). We may display targeted ads on our Services or work with partners for advertising on other sites.
- Personalization: To personalize your experience on our Services.
- Analytics and Usage Insights: To understand how our Services are used, monitor aggregate metrics, diagnose technical issues, and improve user experience.
- Security and Fraud Prevention: To maintain the security and integrity of our Services, prevent fraud, enforce our terms, and comply with legal obligations.
- Educational and Research Purposes: We may use de-identified or aggregated information derived from Patient Information and other data for medical research, educational materials, publications, and improving healthcare generally. We will obtain specific consent where required by law or agreement.
- Development and Training of AI Tools and Database Building: We may use de-identified or aggregated information derived from Patient Information and other data to develop, train, and improve artificial intelligence tools related to medical imaging, diagnostics, or treatment planning, and to build related databases for these purposes. We will obtain specific consent for such uses where required by law or agreement.
- Compliance with Law: To comply with applicable legal requirements, court orders, subpoenas, or other legal processes.
- Other Purposes with Consent: For other purposes disclosed to you at the time we collect your information or pursuant to your explicit consent.
- Sharing and Disclosure of Information
We do not “sell” your Personal Information in the traditional sense of exchanging it for monetary payment to third parties for their independent marketing use. However, the definitions of “sale” and “sharing” under laws like the CCPA can be broad and may include sharing for other valuable consideration.
We may share information under the following circumstances:
- Service Providers: With third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., payment processing, data hosting (AWS, Azure, Google Cloud), analytics (Google Analytics), customer support platforms (Zendesk), marketing automation (Mailchimp)). These providers are contractually obligated to use the information only to provide services to us and protect its confidentiality.
- With Registered Users/Organizations: Information related to a Patient submitted by a Registered User may be accessible to that User or their Organization as part of the Service. Clinician information may be shared with their Organization.
- For Research and AI Development: We may share de-identified or aggregated data with research partners or collaborators for purposes outlined in Section 3, subject to appropriate agreements and ethical considerations. We will obtain specific consent where required.
- Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. Your information may be transferred as a business asset, subject to the commitments made in this Privacy Policy (or a successor policy).
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation or governmental request; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Services; (d) act in urgent circumstances to protect the personal safety of users of the Services or the public; or (e) protect against legal liability.
- With Consent: We may share information with third parties when we have your explicit consent to do so.
CCPA “Sale”/”Sharing” and Opt-Out: To the extent our use of third-party advertising cookies or sharing data for research/AI development could be considered a “sale” or “sharing” under CCPA, you have the right to opt-out. Please see Section 8 for how to exercise this right.
- Data Retention
We retain Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:
- The duration of our relationship with you (e.g., while you have an active account).
- Whether there is a legal obligation to which we are subject (e.g., certain laws require us to keep records of your transactions for a certain period).
- Whether retention is advisable in light of our legal position (e.g., regarding applicable statutes of limitations, litigation, or regulatory investigations).
- The requirements of our agreements with Registered Users regarding Patient Information.
- The specific purpose for which the information was collected (e.g., data used solely for a specific research project may be deleted or further de-identified upon project completion).
We may retain de-identified information for research, analytics, or AI training purposes for longer periods. We maintain a data retention schedule and securely delete or anonymize information when it is no longer needed.
- Data Security
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the information we collect from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Technical Safeguards: Use of encryption (both in transit and at rest where appropriate), firewalls, access controls, intrusion detection systems.
- Administrative Safeguards: Written policies and procedures for data handling, employee training on data privacy and security, limiting access to information on a need-to-know basis.
- Physical Safeguards: Secure data centers, restricted access to physical locations where information is stored.
While we strive to protect your information, please note that no security system is impenetrable. We cannot guarantee the absolute security of your information. We will notify affected individuals of a data breach where required by law (e.g., under the New York SHIELD Act or GDPR).
- Your Privacy Choices and Rights
Depending on your location and the nature of your data, you may have certain rights regarding your Personal Information:
(a) General Choices:
- Marketing Communications: You can opt-out of receiving promotional emails from us by following the unsubscribe instructions in those emails. You may still receive non-promotional communications (e.g., about your account or transactions).
- Cookies and Tracking: You can manage browser cookies through your browser settings. Our website does not currently respond to “Do Not Track” signals (see Section 9).
(b) Rights under GDPR (for individuals in the EEA/UK/Switzerland):
- Right to Access: Request access to your Personal Information.
- Right to Rectification: Request correction of inaccurate Personal Information.
- Right to Erasure (‘Right to be Forgotten’): Request deletion of your Personal Information, subject to certain exceptions.
- Right to Restrict Processing: Request restriction of processing under certain conditions.
- Right to Data Portability: Request a copy of your Personal Information in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
(c) Rights under CCPA (for California residents):
- Right to Know/Access: Request disclosure of the categories and specific pieces of Personal Information collected, sources, purposes, and third parties shared with.
- Right to Delete: Request deletion of your Personal Information, subject to certain exceptions (e.g., necessary to complete a transaction, comply with legal obligations, detect security incidents).
- Right to Opt-Out of Sale/Sharing: Request that we do not “sell” or “share” (for cross-context behavioral advertising) your Personal Information.
- Right to Correct: Request correction of inaccurate Personal Information.
- Right to Limit Use of Sensitive Personal Information: Request limitation of the use and disclosure of Sensitive Personal Information to specific permitted purposes (Note: We generally only use Sensitive Patient Information as directed by Registered Users or for secondary purposes like research/AI development using de-identified data, potentially limiting the applicability of this right, but you may still inquire).
- Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.
(d) Exercising Your Rights:
To exercise any applicable rights, please contact us at [email protected]. We will need to verify your identity before processing your request and may ask for additional information to do so. We will respond within the timeframes required by applicable law. Please specify the right you wish to exercise and provide sufficient detail for us to understand and respond to your request. If you are a Patient whose data was submitted by a Registered User, you may need to contact that provider directly to exercise certain rights regarding your health information.
- California Specific Information
- CCPA Rights: See Section 7(c) and 7(d) for details on your rights and how to exercise them.
- Right to Opt-Out of Sale/Sharing: To opt-out of the potential “sale” or “sharing” of your Personal Information as defined under CCPA (e.g., via advertising cookies or certain data sharing for valuable consideration), please contact us at [email protected] or look for a “Do Not Sell or Share My Personal Information” link on our website if applicable.
- Shine the Light Law: California residents can request information once a year about sharing Personal Information with third parties for their direct marketing purposes. If applicable, contact us at [email protected] with “Shine the Light Request” in the subject line, your name, and California residency confirmation. Note: As stated, we generally do not share Personal Information with third parties for their direct marketing purposes.
- Sensitive Personal Information: We collect categories of Sensitive Personal Information as described in Section 2(b). We use it primarily to provide Services as directed by Registered Users, or for secondary purposes (research, AI) using de-identified data where feasible. We do not use or disclose Sensitive Personal Information for purposes other than those specified in CCPA regulations section 7027(m) without offering a right to limit use, where applicable.
- Do Not Track Policy (CalOPPA)
Our website does not currently respond to “Do Not Track” (DNT) signals sent by browsers. We continue to evaluate DNT protocols and may update this policy if standards evolve.
- Children’s Privacy
Our website and Services are not directed to children under the age of 13 (or a higher age threshold where applicable, e.g., 16 in some EU countries for consent). We do not knowingly collect Personal Information directly from children under these ages via our website. If we learn that we have inadvertently collected such information, we will take steps to delete it promptly.
If Patient Information concerning a minor is submitted by a Registered User, that User is responsible for obtaining necessary parental/guardian consent as required by applicable laws before providing the information to us.
- External Links
Our website and Services may contain links to external websites or services not operated by us. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party site you visit.
- International Data Transfers
If we transfer Personal Information from the European Economic Area (EEA), UK, or Switzerland to other countries not deemed adequate by the relevant authorities, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses (SCCs), the UK Addendum, or other legally recognized transfer mechanisms, along with any necessary supplementary measures. Please contact us if you require more information about the safeguards used for international transfers.
- Additional Information for New York Residents
Pursuant to the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act, Med Dimensions maintains a comprehensive data security program designed to protect the security, confidentiality, and integrity of private information of New York residents. This program includes reasonable administrative, technical, and physical safeguards appropriate to the nature of the information and our operations. In the event of a breach involving private information, we will provide notifications to affected New York residents as required by the SHIELD Act.
- Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by posting the revised policy on our website and updating the “Effective Date” at the top. We may also provide notice through email or within the Services. We encourage you to review this Privacy Policy periodically.
- Contact Us
If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at:
Med Dimensions, LLC Email: [email protected]