Atos Medical (“Atos”) acquires Personal Information through communications and interactions with patients, healthcare professionals, employees, and other avenues. Atos respects the privacy rights of Data Subjects’ Personal Information. Atos has established this policy to ensure a global commitment to privacy is a part of Atos’s culture and business operations.
Data Subject: a person about whom information is collected or possessed.
Personal Information: information pertaining to a known or identifiable Data Subject, such as name, address, contact information, medical information, and payment information.
3 GENERAL POLICY STATEMENT
Atos has a comprehensive privacy program based on international principles including the European Union Data Protection Directive (95/46/EC), the EU member states’ respective national laws and United States law, such as the Safe Harbor Privacy Principles and the Privacy and Security Rules of the Health Information Portability and Accountability Act (“HIPAA”). Where local laws apply, Atos incorporates the requirements and practices of such local laws into its privacy program in those localities.
Atos must inform Data Subjects about the purposes for collection, processing, storing, and disclosure of Personal Information related to those Data Subjects. Notice must be communicated in a clear and concise manner. This notice will be provided to Data Subjects prior to the collection of their Personal Information.
Atos shall obtain consent as required locally from Data Subjects for use and disclosure of Personal Information. Such Data Subjects shall be notified of their choices and the consequences for not consenting or providing information. Data subjects shall also be notified of how to change their decisions. If Atos changes its privacy practices such that information will be used in a new way, Atos will seek consent for any such new use from Data Subjects who’s Personal Information may be affected.
Atos will collect only the Personal Information needed for a transaction or required by law. Collection will happen in line with local laws and regulations. Collected information will only be retained as long as necessary for the transaction or as long as the law requires in the relevant jurisdiction. All purposes for which Personal Information will be used shall be disclosed to Data Subjects and consent shall be obtained.
Atos will provide a right to access Personal Information and offer corrections to Data Subjects whose Personal Information is in Atos’s possession. Atos shall respond to any such requests in a timely manner.
Should Atos share Personal Information with an outside party in the course of identified business operations, Atos shall require outside parties to adhere to privacy and security controls through contracts and written agreements. Outside parties shall also use and process Personal Information in accordance with the principles of choice and consent.
Atos takes its security obligations seriously and enforces reasonable technical, non-technical and organizational safeguards against loss, abuse, or unauthorized access or disclosure of Personal Information.
Atos shall ensure that Personal Information is kept up-to-date and shall encourage Data Subjects to keep their Personal Information accurate.
Atos takes seriously its obligations to enforce this Policy and all privacy and security obligations. Atos has officers responsible for compliance with these and other policies. Data subjects who have questions may contact Atos through the Atos website and other modes of contact found there. The website may be found at: http://www.atosmedical.com/
Atos will investigate all complaints and will respond to such complaints in a timely fashion.
Some countries have laws or regulations that are stricter than this Policy. Wherever stricter obligations apply to Atos, Atos will enforce the stricter obligations. Atos adopts country-specific privacy policies in such countries as is appropriate.
Atos will investigate any instances of non-compliance, and employees found in violation of this policy face sanctions up to termination.
This Policy is applicable globally as a minimum standard for all Atos business activities involving Personal Information. This Policy applies to all Personal Information stored, transferred, collected, or processed, whether paper or electronic, in connection with Atos business activities.
5 PERIODIC REVIEW
This Policy will be reviewed on a periodic basis by Atos Compliance officer.