EU-US PRIVACY SHIELD POLICY STATEMENT

Medical Informatics Engineering (MIE) provides a software solution to its customers, which enables those customers to manage the health and wellness of their employees and to maintain compliance with occupational health regulations. MIE is not a data controller for the purposes of the EU-US Privacy Shield. Instead, MIE is a data processor. As such many of the provisions of the Privacy Shield may be inapplicable to MIE.

As a data processor, MIE complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. MIE has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

DATA COLLECTED

On behalf of our clients, MIE stores, processes, and transmits protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Depending upon the data collected by our clients, the protected health information may include an individual’s past, present or future physical or mental health conditions and medical test results. Personally identifiable information, such as name, social security number or date of birth, may also be collected by our clients.

MIE does not control or collect any data directly from individuals.

THIRD PARTIES & LIABILITY

MIE does not disclose personal information to third parties. If this policy should change in the future MIE will update this policy to provide individuals with choice regarding the sharing of their personal data. Since MIE does not currently transfer any EU personal data to third parties, the liability provision of the Privacy Shield Framework does not apply. If this should change in the future we will update this policy accordingly.

ACCESS AND UPDATE DATA

MIE acknowledges the individual’s right to access their personal data. Individuals who wish to access, correct or delete their personal data should consult with the data controller of their personal information. Individuals who wish to limit the use or sharing of their data should also contact the data controller of their information. In both of the above cases, this would most likely be the individual’s employer or former employer who contracts with MIE to provide data processing services.

LIMITING USE AND DISCLOSURE

MIE reserves the right to share personal information and to disclose it to others to the extent permitted or required by law, to investigate potential wrongdoing, or to protect the rights, property or safety of MIE or others.

ENFORCEMENT AUTHORITY

The Federal Trade Commission has jurisdiction over EU-US Privacy Shield compliance for MIE.

DISCLOSURE OF PERSONAL INFORMATION

MIE may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

CONTACT FOR INQUIRIES OR COMPLAINTS — Non-Human Resources Data

In compliance with the EU-US Privacy Shield Principles, MIE commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding non-human resources data as it pertains to this privacy policy should first contact MIE at:

Medical Informatics Engineering
Attention: Doug Horner, CEO
6302 Constitution Drive
Fort Wayne, IN 46804
horner@mieweb.com

DISPUTE RESOLUTION

MIE has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

BINDING ARBITRATION

Under certain limited conditions, individuals may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

HUMAN RESOURCES DATA WITHIN THE WORKING RELATIONSHIP

CONTACT FOR INQUIRIES OR COMPLAINTS

EU individuals whose HR data we receive can address questions or comments regarding the handling of that information directly to us at address in the section below. We resolve to deal with all questions regarding this data and potential grievances arising from it in a timely manner. Note that under certain conditions we may, as a data processor, have to refer you to our client who is the data controller. In compliance with the EU-US Privacy Shield Principles, MIE commits to resolve complaints about your privacy and our collection or use of your personal information that is within the HR working relationship. European Union individuals with inquiries or complaints regarding this privacy policy should first contact MIE at:

Medical Informatics Engineering
Attention: Doug Horner, CEO
6302 Constitution Drive
Fort Wayne, IN 46804
horner@mieweb.com

In the event MIE is unable to accommodate the individual’s request regarding HR data received by us within the context of the work relationship, we further commit to working with the EU Data Protection Authorities (DPA’s) who cover the jurisdiction the data originated from. For information on how to contact your jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm