Last update: April 19, 2021
The Solutions is operated by Massive Bio, Inc. (“Company”, “we”, “us” or “our”), 90 West St. #12M, New York, NY 10006. Massive Bio is a data analytics firm that provides a medical second opinion and clinical trial matching by evaluating a cancer patient’s existing clinical information, leveraging our proprietary artificial intelligence platform, and providing consulting services to patient’s oncologists by identifying and explaining treatment options that best fit the patient’s genomic profile, treatment objectives, and resources (collectively, the “Services”).
THE COMPANY IS NOT A MEDICAL PROVIDER NOR IS IT A “COVERED ENTITY” SUBJECT TO STATE OR FEDERAL LAWS GOVERNING THE PRIVACY OF MEDICAL RECORDS OR INFORMATION, INCLUDING THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, COMMONLY REFERRED TO AS “HIPAA”.
I. INFORMATION WE COLLECT
1. Personally identifiable information
Our Solutions and our Service Providers only collect personally identifiable information (“PII”) with your agreement or consent. Collection of PII occurs if you register for an appointment on the Solutions, subscribe to a newsletter, tweet to us, or use other features and resources on the Solutions. You may visit our Site anonymously, but that may prevent you from accessing certain features or Services or Solutions. The PII we may collect might include the following items for:
1 . Your patient profile:
- First and last name
- Home address
- Home telephone number
- Credit card number, security code and expiration date
- Cancer diagnosis
- Health insurance account numbers
- Medical history
- Cancer screenings
- Cancer history and treatments
- Genetic information
- Pathology reports
- Your diagnostic images
- Your clinical information and data
2. Health provider profiles:
- Oncologist first and last name
- Oncologist email address
- Oncologist employer
- Oncologist address
- Oncologist telephone number
- Oncologist’s notes
3. Service Provider profiles:
- Service Provider first and last name
- Service Provider email address
- Service Provider employer
- Service Provider address
- Service Provider telephone number
- Service Provider work product
4.Service Provider profiles:
Medical Information Released to Massive Bio:
- Through EMR platforms APIs
- Through EMR platform online pages shared by you
- Through EMR platform online pages accessed by Massive Bio’s corporate accounts with your authorization to see your PII
- Through emails, SMS, or other means of communication channels
2. Protected Health Information and Sensitive Personal Information
We will collect and store sensitive personal information and data about you, including credit card numbers, health insurance account numbers, protected health information about your cancer treatment, such as your cancer diagnosis, cancer screenings, cancer history and treatments, and genetic information and treatments that your oncologist can use to identify your choice of cancer treatment options. Please be aware that:
- Loss, misuse, modification, or unauthorized access of your Sensitive Personal Information can adversely affect your privacy or welfare depending on the level of sensitivity and nature of the information.
- You may refuse to provide your protected health information to the website or the solutions, but you and your health care providers will not be able to use our services.
3. Non-Personally Identifiable Information
Our Website, Solutions and service Providers may collect non-personally identifiable (anonymous) information (“Non-PII”) from visitors including cancer patients, health care providers and staff, clinical staff, oncology experts, data analysts, and health plan administrators. Non personally identifiable information is any information that, by itself, cannot be directly associated with you. This may include age, gender, cancer type, genetic information, cancer screening, cancer treatment, oncologist’s name, and other information we collect. It may also include data about your visit to the website or solutions collected by cookies.
“Cookies” are short computer codes known as cookies, web beacons, and other technologies that collect and store Non-PII when you visit our website, solutions or share website content or solutions through a social media account. The following are examples of Non-PII third party service providers collect with cookies:
- Cookies that may uniquely identify your browser session and the other website, solutions you have visited
- Browser type and operating system
- Hardware settings
- Date and time of visit
- Website pages you visited
- Web page that referred you to Massive Bio
- Web pages your visit after leaving the website
4. California Online Personal Privacy Act Disclosures
1. When you visit our website, solutions, our service providers may drop a cookie on your browser to remember your preferences and collect analytical data about your visit. The website or the solutions does not employ technology to track you across multiple websites, solutions or override the privacy settings in your web browser or services.
2. Our service providers do not track website visitors across multiple websites or override the privacy settings in your web browser. If you access our social media sites from the website or the solutions, be aware that the social media platforms may track you by across multiple websites and disregard the privacy settings in your web browsers.
5. Social Media
If you sign into the website or the solutions through your social media account, you consent to our collecting your username and email address.
6. Canadian and European Union Users
For former patients living outside of the UK and the EU and whom once had treatment for their stay here, under GDPR/DPA 2018 they still have the same rights to apply for access to their health records. Such a request should be dealt with as someone making an access request from within the UK/EU.
In compliance with the Privacy Shield Principles, Massive Bio commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Massive Bio at: email@example.com
Massive Bio has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
Massive Bio, Inc. has further committed to refer unresolved Privacy Shield complaints to USCIB (United States Council for International Business), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.uscib.org/privacy-shield/ for more information or to file a complaint. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Binding Nature of Decisions at https://www.privacyshield.gov/article?id=D-Binding-Nature-of-Decisions.
For Privacy FAQs please check INFORMATION WE COLLECT (Section I) of this document.
Children of 16 years or over
If a mentally competent child is 16 years or over then they are entitled to request or refuse access to their records. If any other individual requests access to these Massive Bio should first check with the patient that he or she is happy for them to be released.
Children Under 16 Years
Individuals with parental responsibility for an under 16-year-old will have a right to request access to those medical records. A person with parental responsibility is either:
- the birth mother, or
- the birth father (if married to the mother at the time of child’s birth, or subsequently) or,
- an individual given parental responsibility by a court
If the appropriate health professional considers that a child patient is Gillick competent (i.e., has sufficient maturity and understanding to make decisions about disclosure of their records) then the child should be asked for his or her consent before disclosure is given to someone with parental responsibility.
If the child is not Gillick competent and there is more than one person with parental responsibility, each may independently exercise their right of access. Technically, if a child lives with, for example, its mother and the father apply for access to the child’s records, there is no “obligation” to inform the mother. In practical terms, however, this may not be possible and both parents should be made aware of access requests unless there is a good reason not to do so.
In all circumstances good practice dictates that a Gillick competent child should be encouraged to involve parents or other legal guardians in any treatment/disclosure decisions.
8. Patient Representatives
A patient can give written, verbal or SMS authorization for a person (for example a solicitor or relative) to make an application on their behalf. Massive Bio may withhold access if it is of the view that the patient authorizing the access has not understood the meaning of the authorization. The authorization is only good for 90 days and requires a recording of it.
Next of kin
Despite the widespread use of the phrase ‘next of kin’ this is not defined, nor does it have formal legal status. A next of kin cannot give or withhold their consent to the sharing of information on a patient’s behalf. A next of kin has no rights of access to medical records.
A person appointed by the court to manage the affairs of a patient who is incapable of managing his or her own affairs may make an application. Access may be denied where the GP is of the opinion that the patient underwent relevant examinations or investigations in the expectation that the information would not be disclosed to the applicant.
9. Information about You from Other Sources
We collect personal information about you on the website, the solutions, and from other sources, including data from: your oncologists, oncology practice staff, clinical staff, health claims administrators, and patient benefits organizations. All information we collect about you may be combined by us to provide services to you including data analysis for identifying testing and treatment options, and, when de-identified, for our research efforts and to improve our services and website.
10. SMS/MMS Mobile Messaging
We respect your privacy. We will only use information you provide to transmit your mobile messages and respond to you, if necessary. This includes, but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in the delivery of mobile messages.
WE DO NOT SELL, RENT, LOAN, TRADE, LEASE, OR OTHERWISE TRANSFER FOR PROFIT ANY PHONE NUMBERS OR CUSTOMER INFORMATION COLLECTED THROUGH THE WEBSITE OR THE SOLUTIONS TO ANY THIRD PARTY.
Nonetheless, we always reserve the right to disclose any information as necessary to satisfy any law, regulation, or governmental request, to avoid liability, or to protect our rights or property. When you complete forms online or otherwise provide us information in connection with the services, you agree to provide accurate, complete, and true information. You agree not to use a false or misleading name or a name that you are not authorized to use. If, in our sole discretion, we believe that any such information is untrue, inaccurate, or incomplete, or you have opted into the program for an ulterior purpose, we may refuse you access to the program and pursue any appropriate legal remedies.
California Civil Code Section 1798.83 permits users of the services that are California residents to request certain information regarding our disclosure of the information you provide through the program to third parties for their direct marketing purposes. To make such a request, please contact us at the following address:
Massive Bio, Inc.
90 West Street, #12M
New York City, NY, 10006
We and/or any third-party agency acting on its behalf, service providers may communicate with you at such number(s) by phone call, voice message, internet-to-phone message, SMS text message, interactive voice recordings using auto dial systems, or prerecorded artificial or voice messages (“Communications”) regarding orders, delivery updates, requests for transactional feedback, and other informational purposes.
Standard message, data, voice, or other rates may apply from your landline, mobile service, or wireless device carrier for communications you receive.
You may also call 1-844-627-7246 to get help any time.
You may send any of the following messages in response to a SMS text message to opt out of receiving further SMS text messages from Massive Bio: Stop” or “Unsubscribe”. After sending one of these messages, you might receive one final SMS text message as confirmation of your opt-out request.
Additional terms and conditions may be provided to you in the future (e.g., as part of an opt-in confirmation text message), and such terms and conditions will supplement and not replace these terms.
You further represent and warrant that you are the subscriber for the phone number(s) provided and you possess the phone(s) associated with such number(s). You agree to notify us if your phone number(s) change or you no longer possess the phone(s) associated with such number(s).
BY PROVIDING YOUR TELEPHONE AND/OR CELL PHONE INFORMATION, YOU KNOWINGLY AND VOLUNTARILY AGREE TO INDEMNIFY, DEFEND, AND MASSIVE BIO, ITS PARENTS, SUBSIDIARIES, AFFILIATES, PREDECESSORS, SUCCESSORS, AND ASSIGNS, AND EACH OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS, HARMLESS FROM AND AGAINST ANY AND ALL LOSSES, COMPLAINTS, DEMANDS, CLAIMS, CAUSES OF ACTION, LIABILITIES, COSTS, JUDGMENTS, DAMAGES, FINES, PENALTIES, COMPENSATION, ATTORNEY’S FEES, AND EXPENSES OF ANY KIND, INCLUDING ANY AND ALL TYPES OF INJURIES AND/OR DAMAGES SUFFERED BY YOU, WHICH ARISE AS A RESULT OF (OR ARE RELATED TO) THE COMMUNICATIONS. YOU KNOWINGLY AND VOLUNTARILY AGREE NOT TO SUE, OR CAUSE ANY LAWSUIT, COMPLAINT, CLAIM, OR CHARGE TO BE FILED ON YOUR BEHALF AGAINST MASSIVE BIO OR ITS VENDORS WITH RESPECT TO ANY SUCH DAMAGES.
Wireless carriers are not responsible for delayed or undelivered messages, which may occur due to factors outside carriers’ control.
II. HOW WE USE AND SHARE YOUR PERSONAL INFORMATION
1. How we use Personally Identifiable Information (PII)
We will use your PII to: (i) communicate with you and your oncologist about our services; (ii) register you as a patient, oncologist, health care provider staff, expert oncologist, or practice administrators that assist or support patients; (iii) collect data for patient profile; (iv) interpretation of genetic profiling data to provide a range of treatment options for difficult or complex cases; (v) determine patient eligibility for assistance programs for certain out-of-pocket health care costs; (vi) submitting requests to your health insurer for reimbursement purposes; and (viii) provide: (a) guidance and recommendations regarding an array of treatment options ranging from standards of care to experimental treatments; (b) clinical data to support use of off-label medications; (c) range of various clinical trials appropriate for and convenient to you; and (d) consulting and remote access to bioinformatics and molecular expertise to support your patient presentations at tumor boards.
2. How we use Non-Personally Identifiable Information (Non-PII)
We also use Non-PII to monitor and improve the quality of our services and website, to remember your website preferences and selections, and for data research and statistical purposes. We use Non-Personally Identifiable Information in consulting services to other users, for research, and to share, lease, or sell our data and analysis to patient assistance programs, clinical laboratories, cancer screening providers, pharmaceutical manufacturers, and oncologists for improvement of their professional services, screening, and treatment products, and to educate the public about the services we provide.
3. Other Uses of Personal Information
We may transfer personal information to service providers such as outside contractors, auditors, consultants, or others hired by the Company to assist in providing financial or operational activities on the Company’s behalf, including technical and processing services and analysis of website performance.
4. Legal Requirements
Under certain circumstances, in order to comply laws, regulations, judicial or other government subpoenas, warrants, or orders, we may disclose your personal information to respond to any government or regulatory request.
We may transfer PII to other third parties if we receive your permission or we are required to do so by law, or we have a good faith belief that such disclosure is necessary to comply with a current judicial proceeding, a court order, a legal process served on the Company or to resolve any potential fraud or perceived irregularity in any audits of the accuracy of any documentation or information submitted to the Company by you or on your behalf, as deemed appropriate by the Company.
5. Transfers of Business Assets
In the event the Company goes through a transaction, such as a merger, being acquired by another entity, bankruptcy, or selling all or a portion of its assets, your PII may be part of the business assets transferred. We can provide no assurance that you will be notified in advance of the transfer, if any, of your PII in connection with any such transition or transfer.
6. Protection of Massive Bio and Others
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of our Company, employees, users, or others. This includes exchanging information with other companies and organizations for fraud protection and data breach risk reduction.
7. Aggregate or Anonymous Information
We may share your personal information and user data in aggregate or anonymously: to improve our services, to share with service providers and other third parties, and in our annual report and marketing materials.
8. With Consent
Except as set forth above, you will be notified when PII may need to be shared with third parties and will be able to prevent the sharing of this information.
9. Links to Other Websites
The Company website includes links (the “Linked Sites”) to other websites. In providing access to these Linked Sites, the Company is by no means endorsing the products or services on these Linked Sites. The Company is not responsible for the privacy practices or the content of the Linked Sites, and hereby expressly disclaims all responsibility and liability associate with use of the Linked Sites. We recommend that you review the privacy statements posted on those sites to understand their procedures for using and disclosing personal information.
III. HOW WE PROTECT AND RETAIN YOUR INFORMATION
We take security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. These include secure socket layers, firewalls and encryption, internal reviews of our data collection, storage and processing practices, and security measures, as well as physical security measures to guard against unauthorized access to systems. However, because the internet and mobile web are inherently insecure and no information system is 100% secure and even the most secure system can be compromised, we cannot guarantee security. If we retain PII on our systems or on cloud, we restrict access to PII to employees, contractors, and agents who need to know that information to operate, develop, or improve our website, solutions, and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. We delete and destroy individual records of PII and all Non-PII according to Company’s Record Retention Schedule and based on HIPAA rules.
We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure, or destruction and have several layers of security measures, including:
SSL, access controls, password policy, encryptions, pseudonymization, practices, restriction, IT, authentication, VPN, firewalls, token management.
IV. HOW TO CONTROL AND CORRECT YOUR INFORMATION
1. Correcting Your Personal Information
To gain access to personal information about you collected online, and to keep it accurate, complete, and current, or to request deletion, you may contact us at firstname.lastname@example.org. In some cases, where we are required to retain information by law or regulation, or to continue to manage a service you have requested, or to ensure that we honor your preferences, or for other necessary business purposes, we may not be able to delete certain personal information about you.
2. Control: Your Choices
You have several options to control how your data is shared and used after it has been provided by you.
To store or discard the records you provide to us and the reports returned to you based on results of your records.
Clinical Trials Matching report(s) you view and/or opt-in to view.
When and with whom you share your information, including your care givers, family members, your approved family members, health care professionals, or others outside our Services.
To delete your Massive Bio Clinical Trial Matching account and data, at any time.
3. Accountability for Onward Transfers
Massive Bio will not disclose your information to unaffiliated third parties without first receiving your permission, unless it is required by national security or law enforcement authorities. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, we are liable for appropriate onward transfers of personal data to third parties.
Massive Bio has an ongoing process to review how we’re meeting the Privacy Shield promises, and we provide an independent way to resolve complaints about our privacy practices. Massive Bio is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
5. Your California Privacy Rights
Under California Civil Code Section 1798.83, California residents who have an established business relationship with us have the right to request that we provide certain information regarding the disclosure of their personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may send your request for such information to email@example.com. Requests shall only be accepted via this email address. We are not responsible for requests made over the telephone or by any other means.
6. Learn More about Cookies, Web Beacons, and other Technologies
- All About Cookies: www.allaboutcookies.org/cookies/
- Google: www.google.com/analytics/learn/privacy.html
- Google Chrome: http://www.google.com/chrome/intl/en/more/privacy.html
- Microsoft Internet Explorer: www.microsoft.com/info/cookies.htm
- Mozilla Firefox: http://support.mozilla.com/en-US/kb/Options+window+-+Privacy+panel
- Flash: www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
7. Limitation of Liability
8. Unavailability of Website
The Company reserves the right to alter, suspend or discontinue this website at any time for any reason without notice or cause. This website may be temporarily unavailable due to maintenance or malfunction of computer equipment.