This policy is intended to inform users of our policies and procedures regarding the collection, use, and disclosure of personally identifying information received through our Website, Portal, and other online services. This policy may be updated from time to time for any reason, at our sole discretion. We will notify you of any significant changes to this policy and changes to the way we use your information by posting the new policy on our Website. You are advised to consult this policy regularly for any changes. By using or accessing the Website, you are accepting the practices described in this policy, and you are consenting to our processing of your information as set forth in this policy now and as amended by us. This policy was inspired by the guidelines from eTrust and the privacy policies of Google, WebTrends, and New Relic. Thank you.
Instru-med collects non-personally-identifying information about visits to the Website, such as the browser used, referring site, and the time and date of each web request. We collect this information to understand how visitors use the Website. From time to time, we may release non-personally-identifying information in the aggregate, such as by publishing reports on usage trends. We also collect traffic data, like IP addresses. Instru-med does not use such information to identify its visitors and does not disclose such information other than under the circumstances described below.
Additional information, including an e-mail address, is collected from Portal users. We collect only such information as is needed to identify a Portal user and verify their authorization for the Portal, except as described below in Financial Information in the case of making payments through the Portal. Portal users in the same customer account have access to each other’s email addresses. Personally identifying information cannot be viewed or updated for users in other customer accounts. The Portal distributes a Portal user’s username and password via email upon account sign-up and if specifically requested by the user.
Protection of Personally Identifying Information
Instru-med undertakes industry standard security measures to protect data, such as encryption (e.g. SSL) and physical security, to guard against unauthorized access to data and systems where data is stored. These measures include automated systems as well as a security awareness guide for Instru-med personnel.
Instru-med shares potentially personally identifying and personally identifying information only with our contractors and affiliated organizations that need to know that information to support Instru-med services. Any such contractor or affiliated organization has agreed not to disclose it to others. The contractors or affiliated organizations may be located outside of your home country – by using Instru-med services, you consent to the transfer of such information to them. We do not rent or sell potentially personally identifying and personally identifying information to anyone, and we take all reasonable measures to protect it. If Instru-med becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions. Personal information may be disclosed to judicial or other government agencies subject to warrants, subpoenas, or other governmental orders.
Access to personally identifying information by Instru-med personnel is limited by industry standard encryption and authentication mechanisms such as SSL and strong passwords. In the event Instru-med personnel leave the company or should no longer have access to personally identifying information, their access to personally identifying information is revoked immediately.
In the event of a security breech which compromises personally identifying information we will notify affected users within 30 days of detection and explain the nature of the breech, when the breech occurred, information about the data compromised, and any steps the user should take.
Data Retention and Disaster Recovery
Data is backed up and distributed among our geographically dispersed data centers in case of catastrophic failure. Integrity of these backups and the procedures for recovering from catastrophic failure are verified on a regular basis.
Instru-med functionality and content are directed toward and designed for use by persons aged 13 or older. We do not solicit or knowingly collect personally identifiable information from children under the age of 13. If we discover that we have received personally identifiable information from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 13, we will delete such information from our systems.