Processing Purpose & Legal Basis
To provide our service
Our processing of your personal information is necessary to perform the contract governing our provision of our healthcare services or to take steps that you request prior to engaging our services. You are not obliged to provide your personal data. However, we may be unable to conclude the contract if you decide not to provide personal data.
To communicate with you for compliance, fraud prevention, and safety
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted by law).
To comply with law
We use your personal information to comply with applicable laws.
With your consent
Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime by contacting us at email@example.com or in writing to: The Nemours Foundation, Kevin Haynes, Chief Privacy Officer and Data Protection Officer, 10140 Centurion Parkway North, Jacksonville, Florida 32256
Use for New Purposes
The purposes for which we use your personal information are described in our Notice of Privacy Practices. We may use your personal information for reasons not described in the Notice of Privacy Practices, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.
We will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information you have provided, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. Medical Records stored in electronic format shall be retained 50 years from the last date of service, for both minor and adult patients. Once the retention for a Medical Record in electronic format has expired, the record shall be destroyed. Medical Records stored on paper of adult patients who have received healthcare services by Nemours will be maintained for 10 years past the last visit date. For minor patients, Medical Records stored on paper shall be retained until the minor patient reaches the age of 30 years. Once the retention period for a Medical Record in paper format has expired, the record shall be destroyed.
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
- Opt-out. Stop sending you direct marketing communications that you have previously consented to receive. We may continue to send you nonmarketing communications.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
You can submit these requests by email to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the data protection authority in your jurisdiction.
Cross-Border Data Transfer
Please be aware that your personal data will be transferred to, processed, and stored in the United States in order to process your Health Information Form and to perform our healthcare services. Data protection laws in the United States may be different from those in your country of residence. You consent to the transfer of your personal data, including sensitive personal data, to the United States by completing a Nemours Authorization to Release Protected Health Information form.
We will not transfer your personal information out of the United States. If a transfer is required we will obtain your consent prior to any transfer.