RPCR, Inc. (RPCR) respects individual privacy and values the confidence of its business partners and their customers. Not only does RPCR strive to collect, use and disclose Personal Information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices.
For services that require the inclusion of Protected Health Information in the United States, RPCR is committed to complying with the Standards for Privacy and Security of Individually Identifiable Health Information (the “Privacy & Security Regulations”) promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
For services that include Personal Information, RPCR follows the following 8 privacy principles (the Principles).
1. NOTICE. When RPCR collects and uses Personal Information, it will inform the individuals to whom the information pertains about the purposes of such collection and usage, how to contact RPCR with any inquiries or complaints, the types of third parties to which RPCR discloses the information, and the choices and means RPCR offers individuals for limiting its use and disclosure. This notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to RPCR or as soon thereafter as is practicable, but in any event before RPCR uses their Personal Information for a purpose other than that for which it was originally collected or processed by the transferring organization or discloses it for the first time to a third party.
2. CHOICE. RPCR will offer individuals the opportunity to choose (opt out) whether their Personal Information is (a) to be disclosed to a third party or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals will be provided with clear and conspicuous, readily available, and affordable mechanisms to choose. For Sensitive Information, individuals will be given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice. In any case, RPCR will treat as sensitive any information received from a third party where the third party treats and identifies it as sensitive.
3. ONWARD TRANSFER. To disclose Personal Information to a third party, RPCR will apply the Notice and Choice Principles. Where RPCR wishes to transfer information to a third party that is acting as an Agent, it may do so if it first either ascertains that the third party subscribes to the Principles or another adequacy finding or enters into a written agreement with such third party requiring that the third party provide at least the same level of privacy protection as is required by the relevant Principles. If RPCR complies with these requirements, it will not be held responsible (unless RPCR agrees otherwise) when a third party to which it transfers such information processes it in a way contrary to any restrictions or representations, unless RPCR knew or should have known the third party would process it in such a contrary way and RPCR has not taken reasonable steps to prevent or stop such processing.
4. SECURITY. RPCR will take reasonable precautions to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5. DATA INTEGRITY. Consistent with the Principles, Personal Information will only be used if it is relevant for such purposes. RPCR will not process Personal Information in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the individual. To the extent necessary for those purposes, RPCR will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current.
6. ACCESS. Individuals can access Personal Information about them that RPCR holds and will be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.
7. ENFORCEMENT. RPCR will conduct compliance audits of its relevant privacy practices on a six-month basis. The audits will be conducted by the Privacy Officer, or his designee, and are designed to verify adherence to this Policy. Any employee that RPCR determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
8. DISPUTE RESOLUTION. Any questions or concerns regarding the use or disclosure of Personal Information should be directed to RPCR, attention Privacy Officer, at the address given below. Any individual presenting a question or concern about Personal Information must submit a written dispute resolution request providing the details of the issue in order for the Privacy Officer to effectively evaluate the issue. The Privacy Officer will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Policy. For complaints that cannot be resolved between RPCR and the complainant, RPCR elects to participate in the dispute resolution procedures of the home country of the complainant and resolve disputes pursuant to the Principles.
LIMITATION ON APPLICATION OF PRINCIPLES
Adherence by RPCR to these Principles may be limited (a) to the extent required to respond to a legal or ethical obligation (for example a national security requirement); and (b) to the extent expressly permitted or required by an applicable law, rule or regulation.
PUBLIC WEBSITE PERSONAL INFORMATION RPCR collects name, email address, and phone number on our public website's contact form. This information will only be used by RPCR to interact with the individual whose Information is submitted.
PUBLIC WEBSITE NON-PERSONAL INFORMATION
RPCR collects Non-Personal Information (information that is not traceable back to any individual), via a cookie, about your use of our public website. The Non-Personal Information collected is for the general purpose of keeping track of web site usage patterns, maintenance, and statistical analysis.
CONTACT INFORMATION
Questions or comments regarding this Policy should be submitted to our Privacy Officer by mail as follows:
RPCR, Inc.
Privacy Officer
2575 Northbrooke Plaza Drive
Suite 203
Naples, FL, 34119
Email:
support@radiosurgery-registry.com
Telephone: (239) 262-5168
CHANGES TO DATA PRIVACY POLICY
This Policy may be amended from time to time, consistent with the requirements of the Principles. A notice will be posted for 60 days whenever this Policy is changed in a material way.
DEFINITIONS
AGENT means any person or third party that collects or uses Personal Information under the instructions of, and solely for, RPCR or to whom RPCR discloses Personal Information for use on RPCR’s behalf.
PERSONAL INFORMATION means information which can be used to distinguish or trace an individual person's identity.
NON-PERSONAL INFORMATION means any information that is not traceable back to any individual.
SENSITIVE INFORMATION is defined as Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual.
PRIVACY OFFICER means the individual responsible for internal audit of processes and procedures to safeguard Personal Information and responsible for ensuring that transfers are consistent with applicable law.