Privacy Policy
Effective Date: April 5, 2021
Privacy is a fundamental right, and we’ve drafted this Privacy Notice to inform you on how we handle the Personal Information of the visitors (“you”) to this website (the “Site”). This Privacy Notice outlines the legal basis on which we process your Personal Information and provides other information as required by privacy laws and regulations around the world.
You are strongly encouraged to read this Privacy Notice so that you may understand our use of your Personal Information, our obligations to you, and your privacy rights.
1. Consent
Except as required or permitted by applicable data protection laws, we will not collect, use or disclose your Personal Information for any purpose for which you refuse us consent or later withdraw your consent. You may at any time withdraw your consent with future effect, and without affecting the lawfulness of processing of your Personal Information based on the consent you provided before you withdrew it.
If you withdraw consent, you agree that despite this withdrawal we may continue to use the Personal Information previously provided to us (i) to the extent that we are contractually obligated to do so, (ii) to the extent necessary to enforce any contractual obligations you may have to Revolution Medicine, Health & Fitness PLLC, and (iii) for any other legitimate purpose (including fraud prevention) permitted by applicable data protection laws. If you withdraw your consent to use and disclose this information, we may no longer be able to communicate with you, including any request that we provide you with the Services, consider any offer of goods or services from you, or consider your application for employment.
2. What is Personal Information?
“Personal Information” is broadly defined to include all information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. Personal Information could be as simple and direct as your name, but it could also be less explicit like how a certain individual interacted with a website or an advertisement.
3. Your Privacy Rights at Revolution Medicine, Health & Fitness PLLC
We believe in the fundamental right to privacy and that your rights should not differ based on where you live. Accordingly, no matter your residency, you have the following rights with respect to the Personal Information that we collect, use or share:
| Right to be Informed | The right to be informed about the collection and use of your Personal Information. |
| Right to Access | The right to be provided with a copy of your Personal Information held by us, including
|
| Right to Rectification | The right to require us to correct your Personal Information if it’s inaccurate or incomplete. |
| Right to be Forgotten / Right to Deletion | The right to require us to delete your Personal Information where there is no compelling reason for its continued processing. |
| Right to Restriction of Processing | The right to require us to stop processing your Personal Information but still allow us to hold onto it. |
| Right to Data Portability | The right to receive the Personal Information you provided to us, in a structured, commonly used, and machine-readable format or transmit that Personal Information to a third party—in certain situations. |
| Right to Object | The right to object to our continued processing of your Personal Information. |
| Right to No Discrimination | The right not to be discriminated against for exercising any of your rights. |
| Right to Appeal | The right to appeal a decision we have made regarding your Personal Information. |
| Right to Opt Out Of | Automated Individual Decision-Making (and Profiling): The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or significantly affects you.
Targeted Advertising & Sale of Data: The right not to have your Personal Data used for purposes of targeted advertising, and the right to not have your Personal Data sold. |
| Right to Lodge a Complaint with your Supervisory Authority | The right to complain about the breach of your rights to a competent data protection authority. |
To exercise your rights, you may reach out to us by email at info@revolutionmed.com. If you live in California, you or your authorized agent can also reach us by calling our toll-free number at (202) 596-8891. You also have the right to approach the competent data protection authority with your request or complaint. If you live within:
- Canada, you may contact the Office of the Privacy Commissioner at Contact the OPC – Office of the Privacy Commissioner of Canada.
- United States
- California, you may contact the California Department of Justice’s Privacy Unit at State of California – Department of Justice – Office of the Attorney General.
- Virginia, you may contact the Attorney General of Virginia.
- the European Economic Area (EEA), a list and contact details of local data protection authorities is available on this website.
- the United Kingdom (UK), you may contact the UK Information Commissioner’s Office at Contact us | ICO.
If for whatever reason you are unsure of which competent data protection authority is applicable in your circumstances or you are unsure of how to contact such authority, let us know, and we’ll try to help you.
4. Why We Collect Personal Information
We only collect the Personal Information that we need, and we only use it in the ways we’ve specifically set out in this Privacy Notice. The Personal Information we collect depends on how you’ve interacted with us. We collect Personal Information from you for three central reasons:
- To respond to you, after you have made initial contact with us when making an inquiry, sharing a comment or concern, or applying for a job with us;
- To provide you with services, such as to review your inquiries; process, maintain, and respond to your inquiries; and to provide you with services that we think you’ll like based on any request that you have made;
- For advertizing, of our services; and,
- For analytics, such as to understand how visitors including you use the Site, and to improve the Site.
5. How We Collect Personal Information
The Personal Information that we collect varies depending on the nature of and reason for your interaction with us. We collect Personal Information:
- when you access the Site or seek information regarding our Services, solicit us for the provision of services, or enquire about or pursue employment opportunities posted on our Site;
- we may use your Personal Information to address your requests, enquiries, and complaints;
- when you connect with us through social media; and,
- when we leverage or collect cookies, device IDs, location data from the environment, and other tracking technologies.
6. Who is Your Data Controller?
Revolution Medicine, Health & Fitness PLLC is the data controller for the processing activities described in this Privacy Notice.
7. Legal Basis of Processing
We process your Personal Information because such processing is necessary for:
- exercising our rights and performing our obligations under any contract we make with you;
- compliance with our legal obligations; and,
- legitimate interests pursued by us, which generally involves the efficient performance and management of our business relationship with you.
8. What Personal Information Do We Collect?
(a) Categories of Personal Information Collected
Within the last twelve months, we’ve been provided with the following categories of Personal Information from visitors to the Site:
- Identifiers and contact information, including your name, address, phone number, email address, and other similar information;
- Device and Internet activity information, including information about your computer and browsing activity. This information may include IP addresses, unique device identifiers, cookie identifiers, device and browser settings and information, and Internet service provider information. It may also include information related to when and how you access and use our Site, such as the date and time of your visit, how you navigate and what you search for using our Site, the Site’s pages, and items you view using our Site; and,
- Professional or employment-related information, including for employment candidates, current or past job history or performance evaluations.
If you have any questions about the information we collect, please reach out to us.
(b) Marketing Communications
If you submit a request to be contacted on the Site, or an application for employment, you’re consenting to receive electronic promotional materials or information (referred to as Commercial Electronic Messages). You may withdraw your consent to the receipt of CEMs at any time.
(c) Cookies and Device Identifiers
Please see our Cookies Notice.
(d) Site Usage Information
Like most websites, this Site gathers traffic patterns, site usage information and other aggregated data in order to evaluate our visitors’ preferences and the effectiveness of our Site. This aggregate usage data does not identify you individually. We may share anonymous, aggregated statistics about visitors to our Site with others outside our company, or we may allow third-parties to collect aggregate data through our Site.
(e) Do Not Track Requests
We currently do not respond to Do Not Track (DNT) signals.
9. How We Share your Personal Information
We do not sell Personal Information and have not done so in the past 12 months. We will not share your Personal Information, except:
(a) to third parties performing clearly-defined sub-processing functions on our behalf (such as analyzing data, providing marketing assistance, providing recruitment assistance, providing search results and links, and verification of data provided by you). Any processing of your Personal Information by these sub-processors will be protected by an agreement regarding privacy and data security;
(b) where we are required by law to disclose Personal Information; in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights;
(d) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling. We will require any person or entity to whom we provide your Personal Information to agree to comply with our then current Privacy Notice. We will take reasonable commercial efforts to ensure that they comply with our Privacy Notice; and,
(e) in the event of a transfer of ownership or assets, or a bankruptcy, of Revolution Medicine, Health & Fitness PLLC or any of its affiliates.
10. How We Protect Your Information
To protect your Personal Information against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use appropriate physical, technical and organizational security measures.
11. Your Rights to Access, Portability, and to be Forgotten
If you make a request to exercise any of these rights, we will honour your request within 30 days. If we need more time, we will notify you as soon as possible.
Before you receive the disclosure, we must be able to identify you. Accordingly, you are required to provide sufficient proof of your identity to ensure the safety and security of your Personal Information. We will not provide you, edit, or delete your Personal Information if we cannot verify your identity or authority to make the request. You must also describe your request with sufficient detail to allow us to properly understand, evaluate and respond to you. If we deny or partially deny your request, you have a right to be provided reasons as to why your request was not fully granted.
To exercise the access, data portability and deletion rights described above, please submit a valid consumer request to us at info@revolutionmed.com.
(a) Your Right to Access
The disclosure of information will be provided to you free of cost. If your access request is manifestly unfounded or excessive, in particular because of the requests repetitive character, then we may levy a charge to cover our administrative expenses.
We reserve the right to decline your request where the information requested:
- would disclose Personal Information of another individual or of a deceased individual;
- is subject to legal privilege;
- is personal health information that was not provided to us directly by the individual requesting access;
- is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information;
- does not exist, is not held, or cannot be found by us, could reasonably result in serious emotional harm to the individual or another individual, or serious bodily harm to another individual; or,
- may harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by statute to perform such functions.
We also will not disclose the Personal Information where a law of your country, state, province, or other subnational entity would bar such disclosure. We will refuse repetitious or vexatious requests for access.
(b) Your Right to Data Portability
If we provide you access to your Personal Information, we will provide it to you in a structured, commonly used, and machine-readable format. If you made your request electronically, we will provide access in electronic form unless you request otherwise. Your request may also be delivered by mail. This format will be, to the extent technically feasible, in a readily usable format that allows you to transmit this information to another entity without hindrance.
(c) Data Retention and the Right to be Forgotten
We do not hold onto your data forever. Instead, our default is to retain your Personal Information:
- until it is no longer necessary for the purposes for which it was collected or otherwise processed;
- to comply with legal obligations (such as retention obligations under employment, tax or commercial laws); or
- until you request that we delete it.
If you make a deletion request (see Exercising Access, Data Portability and Deletion Rights), we will delete (and direct our service providers to delete) your Personal Information from our records, unless we or our Service Providers must retain your Personal Information to:
- complete the enquiry for which your Personal Information was collected, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- comply with any legal obligation; or,
- make other internal and lawful uses of that information that are compatible with the context in which you provided it.
12. We May Change this Privacy Notice
In order to maintain or enhance the services we provide to you it might be necessary to change this Privacy Notice from time to time. We reserve the right to modify this Privacy Notice at any time, subject to applicable data protection laws. Please visit the Site from time to time for the latest version of this Privacy Notice.
13. Data Privacy Contact
If you have any questions regarding this Privacy Notice or the privacy practices of Revolution Medicine, Health & Fitness PLLC or its subprocessors, or if you require assistance to withdraw your consent to our processing of your Personal Information or wish to request that your Personal Information be deleted, please contact us by sending an email to info@revolutionmed.com or writing to us at 1050 Connecticut Ave NW Ste 500, Washington, DC 20036, Attention: Data Protection Officer.
Notice of Privacy Practices
Effective Date: April 5, 2021
The Revolution Medicine, Health & Fitness PLLC (RMHF), deemed as a covered entity under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), will be referred to in this Notice of Privacy Practices (“Notice”) as “RMHF.” This Notice is created by RMHF to describe the ways in which RMHF may use and disclose your medical information (called “Protected Health Information” or “PHI”) and to notify you of your rights with respect to PHI in the possession of RMHF. Pursuant to the Regulations, and as outlined in this Notice, RMHF is permitted to use or disclose PHI to other parties. Below are categories describing these uses and disclosures, along with some examples to help you better understand each category.
Uses and Disclosures for Treatment, Payment and Health Care Operations. RMHF may use or disclose your PHI for the purposes of treatment, payment and health care operations, described in more detail below, without obtaining written authorization from you:
For Treatment: RMHF may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities of other health care providers. These uses and disclosures may take place between physicians, nurses, technicians, and other health care professionals who provide or are otherwise involved in your health care. For example, your primary care physician may share your PHI with a specialist physician whom he/she consults regarding your condition, or to their staff who are assisting in the provision or coordination of your care.
For Payment: RMHF may use and disclose PHI in order to bill and collect payment for health care services provided to you. For example, RMHF may need to give PHI to your health plan in order to be reimbursed for the services provided to you. RMHF may also disclose PHI to their business associates, such as billing companies, claims processing companies, and others that assist in processing health claims. RMHF may also disclose PHI to other health care providers and health plans for the payment activities of such providers or health plans.
For Health Care Operations: RMHF may use and disclose PHI as part of our health care operations, including: quality assessment and improvement, or evaluating the treatment and services you receive and the performance of its staff in caring for you. Other activities include provider training, compliance and risk management activities, planning and development, and management and administration. RMHF may disclose PHI to doctors, nurses, technicians, attorneys, consultants, accountants, and others for review purposes. These disclosures help ensure that RMHF is complying with all applicable laws, and are continuing to provide health care to patients at a high level of quality. RMHF may also disclose PHI to other health care providers and health plans for certain of their operations, including their quality assessment and improvement activities, credentialing and peer review or compliance activities.
Sharing PHI Among RMHF And Their Medical Staff. RMHF locations work together with the physicians and other health care providers on staff to provide medical services to you when you are a patient at a RMHF location. RMHF and the members of its staff will share PHI with each other as needed to perform their joint treatment, payment and health care operations activities.
Other Uses and Disclosures for Which Authorization are Not Required. In addition to using or disclosing PHI for treatment, payment and health care operations, RMHF may use and disclose PHI without your written authorization under the following circumstances:
As Required by Law and Law Enforcement. RMHF may use or disclose PHI when required by law. RMHF also may disclose PHI when ordered to in rare situations such as a judicial or administrative proceeding, in response to subpoenas or discovery requests, to identify or locate a suspect, fugitive, material witness, or missing person, about criminal conduct, to report a crime, its location or victims, or the identity, description or location of a person who committed a crime, or for other law enforcement purposes.
For Public Health Activities and Public Health Risks. RMHF may disclose PHI to government officials in charge of collecting healthcare information, such as reactions to medications or product defects, or to notify persons who may have been exposed to a disease or may be at risk of contracting or spreading a disease or condition.
For Health Oversight Activities. RMHF may disclose PHI to the government for oversight activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, and other activities necessary for monitoring health care or compliance with government programs or civil rights laws.
Research. Under certain circumstances, RMHF may use and disclose PHI for medical research purposes.
To Avoid a Serious Threat to Health or Safety. RMHF may use and disclose PHI to law enforcement or other appropriate persons, to prevent or lessen a serious threat to the health/safety of a person or the public.
Specialized Government Functions. RMHF may use and disclose PHI of military personnel and veterans under certain circumstances, and may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities.
Appointment Reminders; Health-related Benefits and Services; Limited Marketing Activities. RMHF may use and disclose PHI to remind you of an appointment, or to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs. RMHF may use and disclose your PHI to encourage you to purchase or use a product or service through face-to-face or written communication, or by giving you a promotional gift of nominal value.
Disclosures for HIPAA Compliance Investigations. RMHF may disclose your PHI when required to do so in connection with your rights of access to your PHI and to account for certain disclosures of your PHI. RMHF must disclose your PHI to the U.S. Department of HHS when requested by the Secretary in order to investigate compliance with privacy regulations issued under HIPAA.
Regulatory Requirements. RMHF is required by law to maintain the privacy of your PHI, to provide individuals with Notice of their legal privacy practice duties with respect to PHI, and to abide by the terms described in this Notice. RMHF reserves the right to change the terms of this Notice or privacy policies, and to make changes applicable to all PHI it maintains. RMHF will acknowledge Notice changes and make available a revised copy of the Notice upon the patient’s request. A copy of the Notice will be posted in registration / waiting area.
You Have The Following Rights Regarding Your PHI:
You may request that RMHF restrict the use and disclosure of your PHI. RMHF is not required to agree to any restriction requests, but will be bound to restrictions to which we agree, except in emergency situations.
You have the right to request that communications of PHI to you from RMHF be made by alternative means or locations. You may request that RMHF can communicate with you by cellphone or via e-mail or to an alternate address. RMHF can accommodate your request through completion of the RMHF Communication Preferences and Message Agreement Form.
You have the right to inspect and copy your PHI in the possession of RMHF, if you make a request in writing to the RMHF Medical Records Director. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), RMHF will inform you of the extent to which your request has or has not been granted. RMHF may provide you a summary of the PHI you request if you agree in advance to such a summary. RMHF may impose a reasonable fee determined by state law to cover copying, postage, and related costs for copies or summaries of your PHI. If RMHF denies access to your PHI, it will explain the basis for denial. If RMHF does not maintain the PHI you request, and it knows where that PHI is located, we will tell you how to redirect your request.
You have the right to receive notifications whenever a breach of your unsecured PHI occurs. RMHF will provide notification through a written communication.
You have the right to restrict disclosure of information to your health plan(s) for services paid directly by you. You have the right to restrict the release of PHI for services for which you have paid for directly. Your written notification is required.
You have the right to designate personal representatives. You can designate specific individuals – other caregivers or personal representatives – with whom RMHF may disclose your PHI. Please complete RMHF’s Patient Privacy and HIPPA Protection Form.
You have the right to request that RMHF amend, correct or supplement your PHI. Your request must be made in writing to the RMHF Medical Records Director and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), RMHF will inform you of the extent to which your request has or has not been granted. RMHF generally can deny your request if your request relates to PHI: (i) not created by the entity; (ii) that is not part of the records the entity maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, RMHF will give you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) if you do not file a statement of disagreement, submit a request that future disclosures of the relevant PHI be made with a copy of your request and the entity’s denial attached; and (iii) complain about the denial.
You have the right to request/receive a list of PHI disclosures RMHF has made during the six (6) years prior to your request (but not before Apr 5, 2021). The list will not include disclosures (i) for which you have provided a written authorization; (ii) for payment; (iii) made to you; (iv) to persons involved in your health care; (v) for national security or intelligence purposes; (vi) to law enforcement officials; or (vii) of a limited data set. You should submit any such request to the Privacy Officer, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), RMHF will respond to you regarding the status of your request. RMHF will provide you a list at no charge.
You have the right to receive a paper copy of this Notice upon request (Please see the RMHF Office Staff.) You can also request a paper copy of this Notice by contacting the Privacy Officer as described below.
You may report a complaint to RMHF if you believe your privacy rights with respect to your PHI have been violated by contacting the Privacy Officer and submitting a written complaint, or contact the RMHF at (202) 596-8891. RMHF will not retaliate against you for filing a complaint regarding their privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services.
If you have any questions about this Notice, please contact the RMHF Privacy Officer at: (202) 596-8891; via e-mail: info@revolutionmed.com; or by mail – address: 1050 Connecticut Ave NW Ste 500, Washington, DC 20036.