Last Updated date: March 25, 2024
Isabel Healthcare (“we,” “us,” “ours” or “Isabel”) respects your privacy. This privacy policy (“Privacy Policy”) explains how we collect, process, store and share personal information in connection with our website located at https://www.isabelhealthcare.com/ (including all subdomains such as https://symptomchecker.isabelhealthcare.com), our diagnosis decision support system and other services (collectively, the “Isabel Services”), including Isabel Services provided to our registered healthcare professional customers (“Pro Customers”), and the operation of our company. If you are an individual, this Privacy Policy also provides you with important information about your personal information rights with respect to personal information that we control and how to exercise them.
By visiting our website, using the Isabel Services, or otherwise providing personal information to us, you acknowledge that you have read, understand and accept our privacy practices and policies outlined below, and you consent that we may collect, process, store and share personal information as described in this Privacy Policy, subject to the exercise of individual rights as explained in this Privacy Policy.
1. Notice at Collection of Personal Information
Definition of Personal Information
We collect, process, store and share information that identifies, relates to or could reasonably be linked, directly or indirectly, with a particular individual or household (“personal information”). Personal information does not include information publicly available from government records, or which is not personal, like anonymous, deidentified or aggregated data (even if it originally comes from personal information).
Categories of Personal Information We Collect
Depending on your relationship with us, we may collect, process and store, and share with third parties, the following categories of personal information:
Our Business Purposes for Collecting and Sharing Personal Information
We collect, process, store and/or share all of the categories of personal information identified above (unless a limited subset of categories is indicated) for our following business purposes, our legitimate interests and the legitimate interests of third parties to:
We do not collect or process personal information for the purposes of automated decision-making or profiling (meaning the automatic processing of your personal information to identify your preferences and interests).
Under the laws of some jurisdictions, we must be able to describe the legal bases on which we rely to process personal information. We primarily rely on the legitimate interests, described above, to process personal information when not overridden by an individual’s data protection interests or fundamental rights and freedoms. Other legal bases for our processing of personal information include when the processing is necessary to perform a contract with you, we have a legal obligation to process the personal information or we have your consent to process the personal information.
Categories of Parties Whom We Share Your Personal Information
Third Parties
We share personal information with the following categories of third parties:
Pro Customers
We Do Not Sell or Share Your Personal Information for Targeted Advertising
We do not sell personal information. For purposes of this Privacy Policy, “sell” means the disclosure of personal information to a third party in exchange for money or other valuable consideration.
We do not share personal information with third parties for cross-contextual behavioral advertising or targeted advertising.
Retention of Personal Information
We retain personal information for as long as we deem to be necessary or advisable for our business purposes described in the above section called, Our Business Purposes for Collecting and Sharing Personal Information (such as providing services to you or Pro Customers). This may include keeping your personal information for up to 7 years after you have stopped using our services; for example, we may retain your personal information to market our products and services to you (unless you opt-out), comply with legal obligations, resolve disputes or collect fees owed. We may retain your personal information longer pursuant to a specific legal reason or requirement. When our retention period ends, we may either delete your personal information or retain it in a form such that it does not identify you personally.
2. Applicability of this Privacy Policy
This Privacy Policy covers how we treat personal information that we acquire from you, or in connection with our website or services provided to you or a Pro Customer, or in connection with our other business or interactions with you. This Privacy Policy applies to personal information we process on behalf of Pro Customers unless otherwise provided in our agreement with a Pro Customer.
This Privacy Policy applies to you no matter where you are located in the world. Please see the below section called, Contact Us for the data controller and contacts applicable to your jurisdiction.
This Privacy Policy does not apply to information that we collect in connection with your employment or application for employment at Isabel.
Sources of Personal Information
We collect personal information from the following categories of sources:
Generally, you are not under a statutory or contractual obligation to provide personal information to us. However, if you do not provide the personal information required for us to provide certain services, verify your identity or process transactions, we may be unable to offer services or otherwise conduct business with you.
Third-Party Links
Our website and Isabel Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not endorse or control these third-party websites or applications and are not responsible for their privacy practices or any information on their websites or in their applications. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Personal Information of Others You Share with Us
You may not disclose the personal information of another individual to us unless you have their prior written consent or are otherwise authorized under applicable law to share their information with us. To the extent that you provide another individual’s personal information to us or we collect another individual’s personal information on your behalf, you acknowledge and agree that you are responsible for compliance with all applicable laws concerning such personal information, including:
Protected Health Information
We do not collect or process Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and any and all rules and regulations promulgated from time to time thereunder (“HIPAA”). You are prohibited from providing or making PHI available to us, including uploading to, making available on, or transmitted PHI via our website or Isabel Services.
Aggregated Data
We may anonymize, deidentify and/or aggregate data so that it no longer constitutes personal information. Anonymized or deidentified data is not personal information and deidentified PHI is not PHI, and restrictions on our use of personal information or PHI contained in this Privacy Policy or under HIPAA do not apply to such anonymized or deidentified data even if such data was created or derived from personal information or PHI. We may share anonymized, deidentified and/or aggregated data that does not identify you personally with third parties, including our Affiliates, Support Vendors and Marketing Vendors. We may also disclose aggregated user statistics in order to describe our Isabel Services and our website to current and prospective business partners and to other third parties for other lawful purposes. Finally, we may also disclose aggregated and depersonalized user statistics with other members of the healthcare community for purposes of detecting and tracking public health trends, all subject to and in accordance with appliable law.
We may disclose non-personal information to any third party for any reason in our sole discretion.
Personal Information of Children
We do not collect any personal information directly from children under 16 years of age. As a parent or guardian, you may provide or make available personal information of your children to us, and, by doing so, you agree and consent to our collection and use of your children’s personal information.
If you are a child under the age of 16, please do not attempt to use our website or services or send us any personal information. If we learn we have collected personal information directly from a child under 16 years of age, we will delete that data as quickly as possible. If you believe that a child under 16 years of age may have provided personal information to us, please contact us at privacypolicy@isabelhealthcare.com.
To our knowledge, we do not sell, or share for cross-contextual behavioral advertising or targeted advertising purposes, the personal information of children under the age of 16.
3. Your Privacy Rights and Choices
Notice of Your Personal Information Rights
With respect to personal information that we control, subject to exemptions and limitations provided by applicable law, if you are an individual you have the right to:
(1) Know or access – request that we disclose certain information to you about our collection and use of your personal information:
(2) Data portability – request a copy of the personal information you provided to us in a portable, and, if feasible, readily usable format to be transferred to you or a third party
(3) Deletion – request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions under applicable privacy law
(4) Correction – request that we correct inaccurate or complete incomplete personal information
(5) Limit use of sensitive information – request that we limit the use or disclosure of your sensitive personal information to just those actions necessary to perform specific purposes outlined by law
(6) Third-party marketing opt out – direct us to not share your personal information with third parties for third parties’ direct marketing purposes
(7) Object to processing – object to our processing of your personal information based on legitimate interests or for direct marketing purposes
(8) Restriction of processing – request that we restrict or suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to delete it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
(9) Withdraw your consent to the processing of your personal information if our processing is based on your consent (without affecting the lawfulness of any processing prior to your withdrawal of consent)
(10) Non-discrimination – be free from unlawful discrimination for exercising your rights under applicable privacy law
We may be the processor or service provider with respect to personal information obtained from or on behalf of our Pro Customers. Please make any privacy requests directly to our Pro Customers or third parties with respect to personal information in their control.
How to Exercise Your Personal Information Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a written request (via the method described below) that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.”
We may ask for information to verify your identity and process your Valid Request, such as name, phone number, email and address. If applicable, we recommend that you submit the email that you used when you registered with the Isabel Services. After you submit a Valid Request, you will be required to verify access to the email address you submitted. You will receive an email with a follow-up link to complete your email verification process. You are required to verify your email in order for us to proceed with your Valid Request. Please check your spam or junk folder in case you can't see the verification email in your inbox. We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request promptly within the timeframes required by applicable privacy law (usually between 15 to 45 days depending on the type of Valid Request, with the right for us to extend the response time as necessary). We will not charge you a fee for making a Valid Request unless your Valid Request is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following method:
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
In some instances, we may not be able to honor your request. For example, we may not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. We may not honor your request if we are not the controller of your personal information (for example, when our Pro Customer is the controller and we are the processor or service provider for our Pro Customer). Additionally, we may not honor your request where not required to do so under applicable privacy laws. For example, we may deny a deletion request if the information is necessary for us to provide our services to you or comply with our legal obligations. We may deny certain right to know requests made more than twice in a 12-month period or for information collected and disclosed more than 12 months ago. We will advise you in our response if we are not able to honor your request.
You have the right to appeal our decision to not honor your request or our refusal to take action on a request within a reasonable period of time by contacting us at the email listed above and clearly stating that the purpose of the contact is an “appeal of privacy rights.” Within 45 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
The Right to Lodge a Complaint with a Supervisory Authority
Subject to applicable privacy law, should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you have the right to lodge a complaint with your local data protection authority and/or competent supervisory authority. If you work or reside in a country that is a member of the European Union or that is in the European Economic Area, you may find the contact details for your appropriate data protection authority on this website: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are a resident of the United Kingdom you may contact the UK supervisory authority, the Information Commissioner’s Office here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/.
4. Our Use of Cookies
Our Use of Cookies and Other Tracking Technology
Our website uses cookies and similar technologies such as JavaScript (collectively, “cookies”). Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our website. We use cookies to gather data about visitors to our website, analyze trends and operate and improve our website and services. For example, cookies allow our website to remember your username and password to save you having to retype it every time you visit our website. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own cookies on your devices.
Monitoring and Recording Keystrokes and Other Communication
We use cookies and other tracking technology to monitor and record keystrokes and other communications made through the Isabel Services, including via webform, webchat, email, phone and text message. This includes monitoring your keystrokes while you are using the Isabel Services. You consent to us monitoring and recording all of your communications made through the Isabel Services and to us using and sharing such recordings for all purposes described in this Privacy Policy.
Do Not Track
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. Our website is not currently configured to respond to Do Not Track signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal information about a user’s online activities over time and across third-party websites or online services.
Disable or Delete Cookies and Tracking Technology; Third-Party Cookies
Disable or Delete Cookies from Your Browser or Device
You can decide whether or not to accept certain cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser's menu.
You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the website and functionalities may not work.
Third-Party Cookies and Resources
We allow third parties to set and collect cookies through our website, such as HubSpot. Please review such third parties’ privacy policies and other terms for information on their privacy practices and uses of personal information.
To find out more information about cookies, including information about how to manage and delete cookies, please visit https://www.allaboutcookies.org/.
5. Our Uses of Personal Information in the Last 12 Months
In the last 12 months, we have collected personal information and disclosed personal information to third parties for our business purposes. We have not sold personal information or shared personal information for cross-contextual behavioral advertising (or targeted advertising) in the last 12 months.
Our business purposes for disclosing your personal information are the business purposes in the above section called, Our Business Purposes for Collecting and Sharing Personal Information. For more information on the categories of third parties, see the above section called, Categories of Parties Whom We Share Your Personal Information.
Category of Personal Information | Collected in Last 12 Months | Disclosed for Our Business Purposes in Last 12 Months to Categories of Third Parties |
---|---|---|
Identifiers (for example, name, postal address, email address, IP address, unique personal identifiers) | Yes | Yes to Support Vendors, Marketing Vendors and Authorized Parties |
Personal information (for example, name, address, telephone number, credit card number) | Yes | Yes to Support Vendors, Marketing Vendors and Authorized Parties |
Characteristics of protected persons (for example, age, race, national origin, citizenship, religion, sex/gender) | Yes | Yes to Support Vendors |
Commercial information (for example, records of products or services purchased or considered) | Yes | Yes to Support Vendors and Authorized Parties |
Biometric information (for example, fingerprints and voiceprints) | No* | Not applicable |
Internet or other electronic network activity (for example, browsing history, search history, website interactions) | Yes | Yes to Support Vendors and Marketing Vendors |
Geolocation data (for example, device location) | Yes | Yes to Support Vendors and Marketing Vendors |
Sensory data (audio, electronic, visual, thermal, olfactory, or similar information) | No* | Not applicable |
Professional or employment-related information | Yes | Yes to Support Vendors, Marketing Vendors and Authorized Parties |
Non-public education information | No* | Not applicable |
Inferences drawn from other personal information to create a consumer profile | Yes | Yes to Support Vendors and Authorized Parties |
Other non-sensitive data you choose to provide (for example, you may choose to provide data in any of the above categories even if we do not specifically collect it) | Yes | Yes to Support Vendors |
Government identifying numbers (social security, driver’s license, state ID, or passport numbers) | No* | Not applicable |
Complete account credentials (account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account) | Yes | Yes to Support Vendors |
Precise geolocation | No* | Not applicable |
Racial or ethnic origin, religious or philosophical beliefs, or union membership | No* | Not applicable |
Mail, email, or text message contents not directed at us | No* | Not applicable |
Genetic data | No* | Not applicable |
Biometric information processing for the purpose of uniquely identifying an individual | No* | Not applicable |
Health, sex life, or sexual orientation | Yes | Yes to Support Vendors |
Other sensitive data you choose to provide (for example, you may choose to provide data in any of the above categories even if we do not specifically collect it) | Yes | Yes to Support Vendors |
*Not specifically collected by us but may be included in the category of “other information you choose to provide”.
6. Data Security and Processing
Security of Personal Information
We will maintain reasonable technical and organizational safeguards for the protection of the security and confidentiality of personal information from unauthorized access, use, disclosure or transfer. Despite our efforts to ensure security, we cannot guarantee or warrant that personal information will not be accessed, acquired, disclosed for an improper purpose, altered or destroyed by an unauthorized person or as a result of a breach of our security safeguards or those of our hosting provider or other vendors or service providers. We cannot ensure the security of any data transmitted to us over the internet. To the fullest extent permitted by applicable law, we accept no liability for any unintentional disclosure by us of personal information. Therefore, we urge you to take adequate precautions to protect personal information as well, including, without limitation, never sharing your account username or password.
International Transfer, Storage and Processing
The personal information we collect or receive is stored and processed in the United States. You consent to the transfer, processing and storage of personal information in the United States. You also consent to the transfer, processing and storage of personal information by us, our affiliated entities, our vendors or third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world subject to the provisions of this Privacy Policy.
If you are located in the European Economic Area or other regions with laws governing data collection and use that may differ from United States law, please note that we may transfer data, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction and may afford materially less privacy protections for your personal information than your jurisdiction. You consent to the transfer of data to the United States or any other country in which we, our affiliates or vendors maintain facilities and the use and sharing of information about you as described in this Privacy Policy.
7. Changes and Amendments to Privacy Policy
We reserve the right to amend this Privacy Policy at our discretion and at any time. When we do, we will post the revised policy on our website with a new “Last Updated” date. We may, but are not required to, also provide you with notice of the amended Privacy Policy via any others means we consider reasonable, including, without limitation, email, posting on in our services, or updates to our services. Your continued use of our website or services or your provision of personal information to us following the posting of changes (or other notice we provide in our sole discretion) constitutes your acceptance of such changes and the Privacy Policy as amended. We may, but are not required to, also provide you with alternative means of accepting any changes to or amended version of this Privacy Policy. We encourage you to visit this page regularly for any changes.
8. Contact Us
Data Controller
With respect to US residents, the controller of your personal information is Isabel Healthcare, Inc.
With respect to all non-US residents, the data controller is Isabel Healthcare Limited, a business incorporated in England and Wales (company number 04759944).
Contact Us
You may contact us with questions, concerns, complaints or disputes related to this Privacy Policy and our privacy policies and practices.
United States
Isabel Healthcare, Inc
Outside the United States
Isabel Healthcare Limited
Disability Access
If you have a disability, you may access this Privacy Policy in an alternative format by contacting us at: