EFFECTIVE DATE: 05 FEBRUARY 2024

Medical Informatics Engineering (MIE) provides a software solution to its customers, which enables those customers to manage the health and wellness of their employees and to maintain compliance with occupational health regulations. MIE is not a data controller for the purposes of the Data Privacy Frameworks. Instead, MIE is a data processor. As such many of the provisions of the Data Privacy Framework may be inapplicable to MIE.

As a data processor, MIE complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. MIE has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. MIE has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

ENFORCEMENT AUTHORITY

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, MIE is subject to the regulatory and enforcement powers of the US Federal Trade Commission.

SUBSIDIARIES OR AFFILIATES

Enterprise Health is a fully-owned subsidiary of Medical Informatics Engineering, which also adheres to the Data Privacy Principles.

DATA COLLECTED

On behalf of our clients, MIE stores, processes, and transmits protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Depending upon the data collected by our clients, the protected health information may include an individual’s past, present or future physical or mental health conditions and medical test results. Personally identifiable information, such as name, social security number or date of birth, may also be collected by our clients. MIE does not control or collect any data directly from individuals.

THIRD PARTIES & LIABILITY

MIE does not disclose personal information to third parties, whether acting as agents or controllers. If this policy should change in the future MIE will update this posted policy and will provide individuals with a choice regarding the sharing of their personal data. In the event that MIE transfers personal information to a third party acting as an agent on its behalf, MIE will remain responsible and liable under the Data Privacy Framework Principles if the agent processes the data in a manner inconsistent with the Principles, unless MIE proves that it is not responsible for the event giving rise to the damage.

ACCESS AND UPDATE DATA

MIE acknowledges the individual’s right to access their personal data. Individuals who wish to access, correct or delete their personal data should consult with the data controller of their personal information. Individuals who wish to limit the use or sharing of their data should also contact the data controller of their information. In both of the above cases, this would most likely be the individual’s employer or former employer who contracts with MIE to provide data processing services.

LIMITING USE AND DISCLOSURE

MIE reserves the right to share personal information and to disclose it to others to the extent permitted or required by law, to investigate potential wrongdoing, or to protect the rights, property or safety of MIE or others.

DISCLOSURE OF PERSONAL INFORMATION

MIE may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

CONTACT FOR INQUIRIES OR COMPLAINTS — Non-Human Resources Data

European Union, United Kingdom and Swiss individuals should contact their employer or other organization directly in order to address questions or comments or make requests regarding the handling of their non-HR data.

In compliance with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) Principles, MIE commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact:

Medical Informatics Engineering
Attention: Doug Horner, CEO
1690 Broadway, Suite 550
Fort Wayne, IN 46802
[email protected]

DISPUTE RESOLUTION

MIE has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

BINDING ARBITRATION

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

HUMAN RESOURCES DATA WITHIN THE WORKING RELATIONSHIP

Contact for inquiries or complaints:

European Union, United Kingdom and Swiss individuals should contact their employer directly in order to address questions or comments or make requests regarding the handling of their HR data. In compliance with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and Swiss-US Data Privacy Framework (Swiss-US DPF) Principles, MIE commits to resolve complaints about your privacy and our collection or use of your personal information as a data processor. European Union, United Kingdom and Swiss individuals with questions, comments or requests regarding MIE processing of their data, if any, should contact MIE at:

Medical Informatics Engineering
Attention: Doug Horner, CEO
1690 Broadway, Suite 550
Fort Wayne, IN 46802
[email protected]

In the event MIE is unable to accommodate the individual’s request regarding HR data received by us within the context of the work relationship, we further commit to working with the EU Data Protection Authorities (DPA’s), the UK Information Commissioner’s Office (ICO) or the Swiss Federal Data Protection and Information Commissioner (FDPIC) whichever covers the jurisdiction the data originated from.

For information on how to contact your jurisdiction’s EU DPA visit: https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

To contact the UK ICO visit: https://ico.org.uk/

To contact the Swiss FDPIC visit: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular

Launch login modal Launch register modal