Use for New Purposes
The purposes for which we use your personal information are described in our Notice of Privacy Practices. We may use your personal information for reasons not described in the Notice of Privacy Practices, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information you have provided, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Medical Records stored in electronic format shall be retained 50 years from the last date of service, for both minor and adult patients. Once the retention for a Medical Record in electronic format has expired, the record shall be destroyed. Medical Records stored on paper of adult patients who have received healthcare services by Nemours will be maintained for 10 years past the last visit date. For minor patients, Medical Records stored on paper shall be retained until the minor patient reaches the age of 30 years. Once the retention period for a Medical Record in paper format has expired, the record shall be destroyed.
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications that you have previously consented to receive. We may continue to send you nonmarketing communications.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to email@example.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at firstname.lastname@example.org or submit a complaint to the data protection authority in your jurisdiction.
Cross-Border Data Transfer
Please be aware that your personal data will be transferred to, processed, and stored in the United States in order to process your Health Information Form and to perform our healthcare services. Data protection laws in the United States may be different from those in your country of residence. You consent to the transfer of your personal data, including sensitive personal data, to the United States by completing a Nemours Authorization to Release Protected Health Information form.
We will not transfer your personal information out of the United States. If a transfer is required we will obtain your consent prior to any transfer.