Effective Date: December 3, 2018
Northwestern Memorial HealthCare respects your right to privacy. As used here, “Northwestern Medicine”, “we”, “us” or “our” means Northwestern Memorial HealthCare and, where appropriate, its corporate affiliates, including but not limited to Northwestern Memorial Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medical Faculty Foundation (d/b/a Northwestern Medical Group), Northwestern Memorial Foundation, Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Hospital, Central DuPage Physician Group (d/b/a Northwestern Medicine Regional Medical Group), Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Valley West Hospital, Marianjoy Rehabilitation Hospital, Rehabilitation Medicine Clinic, Inc. (d/b/a Marianjoy Medical Group), Northwestern Medicine Huntley Hospital, Northwestern Medicine McHenry Hospital, Northwestern Medicine Woodstock Hospital, and Centegra Physician Care.
- What Information Does Northwestern Medicine Collect?
- How Does Northwestern Medicine Use Information?
- How Does Northwestern Medicine Share Information?
- Children’s Privacy
- Region-Specific Disclosures
- Links to Third-Party Websites
- Your Choices
- Contact Us
Information You Provide to Us
We collect information you provide directly to us. For example, we collect information when you: create an account or profile, use the interactive areas and features of the Services, subscribe to a newsletter or email list, participate in a survey or events, pay a bill, make a donation, apply for a job, request customer or technical support, or otherwise communicate with us.
The types of information we may collect from you include:
(a) Account Information, such as your name, email address, password, postal address, phone number, date of birth and any other information you choose to provide.
(b) Transaction Information, such as your health insurance information and limited payment information from you, such as payment method and payment card information; however, we do not collect or store full payment card numbers and all transactions are processed by our third party payment processor.
(c) Information about Others, such as the names and the contact information of your providers, your proxies, and any dependents under your care.
(d) Supplier and Vendor Information, such as the names and contact information of our business partners.
(e) Educational and Professional Background, such as your employment history, cv, and academic history, when you apply for a job, research grant, or fellowship.
(f) Health Information, such as your past and present medical condition, medication information, and treatment history.
(g) Other Information You Choose to Provide, such as when you participate in a survey, assessment, contest, promotion or interactive area of the Services or when you request technical or customer support.
Information We Collect Automatically When You Use the Services
When you access or use the Services, the types of information we may automatically collect about you include:
(a) Log Information: When you visit the Services, our servers automatically record certain log file information, such as your Internet Protocol (“IP”) address, operating system, browser type and language, referring URLs, access times, pages viewed, links clicked and other information about your activities on the Services.
(b) Mobile Device Information: We collect information about the mobile device you use to access or use the Services, including the hardware model, operating system and version, unique device identifiers, mobile network information and information about your use of our Apps. With your consent, we may also collect information about the precise location of your device and access and collect information from certain native applications on your device (such as your device’s camera, photo album and phonebook applications) to facilitate your use of certain features of the Services. For more information about how you can control the collection of location information and/or our access to other applications on your device, please see “Your Choices” below.
(c) Information Collected by Cookies and Other Tracking Technologies: We and our service providers use various tracking technologies, including cookies and web beacons, to collect information about you when you interact with our Services. Cookies are small data files stored on your hard drive or in device memory that help us improve the Services and your experience, see which areas and features of the Services are popular, and count visits. Web beacons are electronic images that may be used in the Services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, and how to disable them, please see “Your Choices” below.
Northwestern Medicine uses the information about you for various purposes, including to:
- Provide, maintain and improve our Services and provide you with relevant information;
- Send you technical notices, updates, security alerts and support and administrative messages;
- Respond to your comments, questions and requests and provide customer service;
- Communicate with you about products and services offered by us and others, and to provide news and information we think will be of interest to you;
- Plan, administer and coordinate events, community groups and outreach activities;
- Process financial assistance applications and donations;
- Monitor and analyze trends, usage and activities in connection with our Services;
- Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Northwestern Medicine and others;
- Maintain appropriate records for internal administrative purposes;
- Process applications for employment, fellowships, and grants; and
- Carry out any other purpose described to you at the time the information was collected.
We may share information about you, including Personal Information, as follows, or as otherwise described in this Privacy Statement:
- With vendors, consultants and other service providers who need access to such information to carry out work or perform services on our behalf;
- In response to requests from local, state, provincial or federal law enforcement officials, any judicial, administrative or similar proceeding or order, such as a subpoena if we believe disclosure is in accordance with, or required by any applicable law;
- If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of Northwestern Medicine and others;
- To investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, the Services’ rules or policies, or the rights of third parties or to investigate any suspected conduct which we deem improper;
- In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
- Between and among Northwestern Medicine and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership;
- For recruitment in research studies. If you prefer not to be contacted by letter, phone, or email by a researcher not involved in your clinical care, you can contact Northwestern Medicine to be removed from the contact registry at 630.933.6528.
- With your consent or at your direction;
- To comply with transparency or other public reporting obligations; and
- As otherwise permitted or required by law.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
Northwestern Medicine is committed to protecting the privacy of children. You should be aware that this Websites and Apps are not intended or designed to attract children. In addition, we do not collect personal information from any person known by Northwestern Medicine to be a child under the age of 13.
We seek to use reasonable physical, technical, and administrative measures designed to protect personal information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100 percent secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section below.
Additional Information for Individuals in the European Economic Area (“EEA”)
In addition to the aforementioned information, the following information applies to any individual located in the EEA. For the purposes of this section, any defined terms have the meaning under the European Union’s General Data Protection Regulation (“GDPR”). Northwestern Medicine and its corporate affiliates, each in its own capacity, acts as a “Data Controller” under the GDPR. Northwestern Medicine’s headquarters is located in the United States at 251 E. Huron St., Chicago, IL 60611.
Legal Basis of Processing
In this section, we identify the lawful ground we rely on for processing Personal Data.
If Northwestern Medicine relies on consent for the processing of Personal Data, we will provide transparent notice of the purposes for which we seek such consent at the time we collect your Personal Data.If Northwestern Medicine wishes to process any special categories of Personal Data as set out in Article 9(1) of the GDPR, Northwestern Medicine may obtain your explicit consent for such processing.
||Northwestern Medicine processes Personal Data to fulfill our contracts with our business partners and service providers, such as for rendering payment or communicating with health care professionals or consultants.
||Northwestern Medicine may process Personal Data as specifically required by applicable legal obligations, such as laws and regulations that require Northwestern Medicine to process Personal Data for purposes of obtaining regulatory approvals and making transparency disclosures.
Northwestern Medicine may process Personal Data for scientific or historical research purposes, or statistical purposes in the public interest, as authorized by applicable law.
If Northwestern Medicine wishes to process any special categories of Personal Data as set out in Article 9(1) of the GDPR, it may do so when necessary for scientific research purposes, medical diagnosis, or the protection of vital interests.
Northwestern Medicine may process Personal Data subject to its own legitimate interests, such as to facilitate treatment; to schedule appointments; to offer support programs; to offer community initiatives; to promote scholarly research; to develop, administer and support research; to operate, evaluate and improve our business; to process donations; to support our recruitment activities; to process job applications; or to facilitate a sale of assets or merger or acquisition.
||Northwestern Medicine may also process Personal Data for purposes that are compatible with those described above. Such purposes may include scientific research.
The criteria used to determine the period for which Personal Data about you will be stored varies depending on the legal basis under which we process such Personal Data:
||For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain Personal Data about you erased (see Data Subject Rights below).
||For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
| Legal Obligation
||For the duration of time that we are legally obligated to keep the information.
||For the period of time necessary to fulfill the purposes of the business process in the public interest and for any period of time that may be required to document the public interest or business process under applicable law.
||For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the Data Subjects.
We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains information beyond our typical retention period. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
Transfer of Personal Data Outside of the EEA
Northwestern Medicine processes your Personal Data in the United States, which does not provide the same level of data protection as the EEA. Where your Personal Data is processed by Northwestern Medicine or third parties outside of the EEA, we will ensure that appropriate safeguards are in place to adequately protect your Personal Data, as required by applicable law, if the recipients are not located in a country with adequate data protection (as determined by the European Commission). Such safeguards may include the execution of standard contractual clauses; EU-US Privacy Shield framework; consent of the individual to whom the personal information pertains; or other safeguards permitted by applicable EEA requirements.
GDPR Data Subject Rights
Under the GDPR, in certain circumstances, an EEA-resident Data Subject has certain individual rights with respect to the Personal Data that we hold about them. In particular, you may have the right to:
- Request access to any data held about you;
- Ask to have inaccurate data amended;
- Request data held about you to be erased, provided the data is not required by Northwestern Medicine to perform a contract, protect its rights, interests or those of a third party, defend against a legal claim or to comply with applicable laws or regulations;
- Prevent or restrict processing of data which is no longer required; and
- Request transfer of appropriate data to a third party where this is technically feasible.
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
To exercise any of these rights, please contact us using the contact details set out under the “Contact Us” heading below. As a resident of the EEA, you are also entitled to direct any complaints in relation to our processing of your Personal Data to your national or local data protection authority (i.e., your Supervisory Authority).
Our Services may reference or provide links to third-party websites. Other websites may also reference or link to our Services. Because these websites are not controlled by Northwestern Medicine, we are not responsible for the third party websites. We encourage our users to be aware when they leave our Services to review the privacy policies posted on each and every website that collects personally identifiable information. Please be aware that Northwestern Medicine does not control, endorse, screen or approve, nor are we responsible for, the privacy policies or information practices of third parties or their websites or mobile applications. Visiting these other websites is at your own risk.
You may update, correct or modify information about you at any time by logging into your online account or by contacting us at 855.HLP.MYNM (855.457.6966) or by email at email@example.com. If you wish to deactivate your account, please email us at firstname.lastname@example.org, but note we may continue to store information about you as required by law or for legitimate business purposes.
Upon your request, we may send you information about Northwestern Medicine via email. You may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email. However, even if you opt-out of receiving such communications, we retain the right to send you non-marketing communications (such as important transaction information, or changes in website or mobile application terms).
With your consent, we may collect information about your actual location when you use our Apps. You may stop the collection of this information at any time by changing the settings on your mobile device, but note that some features of our Apps may no longer function if you do so.
Native Applications on Mobile Device
Some features of our Apps may require access to certain native applications on your mobile device, such as the camera and photo storage applications (e.g., to take and upload photos) and the phonebook application. If you decide to use these features, we will ask you for your consent prior to accessing the applications and collecting information. Note that you can revoke your consent at any time by changing the settings on your device.
Cookies and Your Ad Choices
With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within our Apps.
Northwestern Memorial HealthCare
Corporate Compliance and Integrity
541 N. Fairbanks
Chicago, Illinois 60611