Privacy Policy

This Privacy Policy (the “Privacy Policy”) is effective as of November 16, 2018.

Health Media Group, Inc. (“HMG”, “us”, “we”, or “our”) is committed to respecting the privacy of our clients and users. This Privacy Policy describes how we collect, use, and share information. This Privacy Policy applies to any website (including but not limited to https://www.compendia.health), mobile application, desktop application, plugin or other media platform that references or links to this Privacy Policy (collectively, the “Site”)

  1. Collecting Personal Information from Site Users.
    1. Personal Information Defined.  In order to provide access to certain services or information within the Site, we may require that users of the Site (“you”, “your”, or “Users”) provide certain “personal data”, “personal information” or any other similar term as defined in any applicable law or regulation, together with information or materials, in any form, that alone or in combination with other information or materials: (a) uniquely identifies any individual (e.g., names, addresses, telephone numbers, account information, financial information, etc.); or (b) is considered “sensitive personal data” such as political opinions, ethnicity, religious beliefs, or health information (collectively “Personal Information”). HMG also collects non-personal information that does not, on its own, identify an individual person. When non-personal information is combined with other information so that it does identify an individual person, we treat that combination as Personal Information.
    2. Types of Information We May Collect.  The following are examples of the types of Personal Information that may be collected from Users:
      • contact information (including name, street address, email address, telephone number);
      • government issued identifications (such as national provider identification number);
      • username, password, and other information used in combination to verify your identity;
      • financial information (including credit/debit card and bank account information, credit and repayment history, and payment default information);
      • geolocation, demographic, shipping, billing, and other information related to your use of the Site or any information contained therein; and
      • any other Personal Information or characteristics about an individual that is connected to one of the above, such as date or place of birth, geographical indicators, or photographic images.
    3. Consent to Collection.  By accessing or using the Site, you consent to the collection, use, disclosure, storage and processing of Personal Information in accordance with this Privacy Policy. Please note, by law you are not required to provide us with your Personal Information. By electing to not share your Personal Information with us, you may be unable to take advantage of our Site and we may be unable to provide you with all of the functionality we offer through our Site.
  2. Automatic Data Collection.  The Site may use automatic data collection tools and techniques including cookies, clickstream, and web beacons, as follows:
    1. Cookies.  The Site may use “cookies” which are a small amount of data (often including a unique identifier), which is sent to your browser from a website and stored on your computer’s hard drive. We may use cookies so that we can better serve Users, understand usage and improve the content and offerings on the Site. Cookies may be placed by us or by our third party partners or service providers. We or such third parties may: (a) use cookies to collect aggregate information about Users on an anonymous basis or (b) share aggregate demographic and usage information with our prospective and actual business partners, advertisers, and other third parties for any business purpose. If you prefer not to have cookies, most web browsers include an option that allows you to not accept them. However, without cookies you may be unable to take full advantage of all features of the Site and some portions of the Site may not function properly.
    2. Clickstream.  We may collect information about the “clickstream” of Users. This clickstream data contains the pages the Users came from, the navigational paths they took, and the areas of the Site they visited. From time to time we track such information inside and outside of the Site. Additionally, we may track and match clickstream data with Personal Information you provide to us in order to deliver content and other offerings, including products and services that might improve Users’ experience. We may also share clickstream data with third parties in an aggregate or anonymous format.
    3. Web Beacon.  Certain email communications you receive from us may contain “web beacons”. Web beacons consist of a line of code on the Site that delivers a small graphic image. The web beacon may not be visible as it is a 1x1 pixel that is often designed to blend into the background of a web page. Web beacons allow us to obtain information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the web beacon appears, the URL of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the browser type used to view the page and the information in cookies. We use web beacons for activities such as monitoring the effectiveness of the headlines in our emails or ad banners.
    4. IP Address.  Your IP address is a numerical label assigned to each device (e.g., computer, printer, mobile device, or server) and is usually associated with the place from which you enter the internet. It is how devices find each other on a network. We may use your IP address to help diagnose problems with our servers, gather broad demographic information, gather geographic data, and administer the Site.
    5. Tracking Requests.  We do not act on, alter, or change our Site behavior upon receiving “do not track” requests from your browser.
  3. Using and Retaining Personal Information.  Personal Information we collect through the Site may be used to provide information regarding our or our third-party partners’ products and services, or for marketing and promotions we or they believe you may find of interest. We also may use the Personal Information you provide for our internal purposes, such as Site customization, enhancement or development of the Site or other products and services, administration and operation of the Site, data analytics, and compliance with our legal obligations, policies and procedures, including performance of our contractual obligations. We retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or allowed by law or to otherwise fulfill a legal obligation.
  4. Sharing Personal Information.
    1. With Service Providers and Affiliates.  HMG may rent, sell or otherwise share your Personal Information where permitted by law, for example:
      • within the HMG family of businesses;
      • with third parties that perform services for us or on our behalf (such as credit card companies, credit and/or investigative reporting agencies, finance companies, transport companies, consultants, advisors and market research firms), or
      • for marketing campaigns conducted by us or other companies or organizations that offer products or services we believe may be of interest to Users.
      Our service providers are required to keep confidential and secure the Personal Information received from us in accordance with this Privacy Policy and they may not use it for any other purpose other than for the purpose for which HMG provided it to the service provider.
    2. With Advertisers.  We may contract with third-party advertisers and their agents to post banner and other advertisements through the Site. These advertisements may link to websites not under our control. These third-party advertisers may use cookie technology or similar means to measure the effectiveness of their ads or may otherwise collect Personal Information from you when you leave the Site. We are not responsible or liable for any content, advertising, products or other materials offered from such advertisers and their agents. Transactions that occur between you and the third-party advertisers are strictly between you and the third-party and are not our responsibility. You should review the privacy policy of any third-party advertiser and its agent, as their policies may differ from ours.
    3. With Other Third Parties.  We may also make Personal Information available to third parties in the following circumstances:
      • when we have a good faith belief it is required by law or to otherwise cooperate with law enforcement activity;
      • when we have a good faith belief it is necessary to protect our rights or property from fraudulent, abusive, or unlawful activity; or
      • in the event of a proposed financing, merger, acquisition, liquidation, dissolution, sale of assets, or other transaction involving us, our business, or the Site.
    In these circumstances, your consent will not be required, but we will attempt to notify you, to the extent the law requires. Depending upon local law, you may either opt in or opt out of having your Personal Information shared and/or used for marketing purposes. In the event you opt-in, we will use and share your Personal Information as described in this Privacy Policy. In the event you opt-out, we will share your preference with the applicable third parties as appropriate. For information on how to do this, see the Your Choices section of this Privacy Policy below.
  5. Protecting Personal Information.  We maintain reasonable administrative, technical and physical safeguards to protect the Personal Information we collect and process.
  6. Cross Border Data Transfer.  HMG is a Delaware corporation with its headquarters located at 222 Merchandise Mart Plaza, Suite 1230, Chicago, IL 60654 USA. The Site is governed by, and operated in accordance, with the laws of the United States. The United States is where the Site, including our servers and central database, are hosted, located, and operated. If you are accessing the Site from outside the United States, you will be voluntarily transmitting your Personal Information to the United States where your Personal Information will be stored and processed by HMG. Your Personal Information may also be processed by certain third parties located within or outside of the United States. There are obvious risks that apply when data are transferred from one jurisdiction to another (e.g., an unauthorized interception of the data, misuse, etc.) and the data protection and other laws of the United States and/or other countries might not be as comprehensive as those in your country. Additionally, in certain circumstances, law enforcement or regulatory agencies, courts, or security authorities in the United States may be entitled to access your Personal Information. By using the Site, you acknowledge and agree that your Personal Information will be transferred to and processed in the United States and in other countries and by those third parties with whom we share your Personal Information as described in this Privacy Policy. For users of the Site that are residents of the European Union (“EU”) or the United Kingdom (“UK”), please review HMG’s European Data Privacy Addendum below, which details your rights under the EU’s General Data Protection Regulation (“GDPR”) and provides you with an explanation of how you may exercise your rights.
  7. Third-Party Websites.  Much of the content on the Site contains links to other websites that operate independently from HMG and the Site. Linked websites may have their own privacy statements or notices. If you visit any linked websites we strongly suggest you review their privacy statement. Any information you provide when you visit a third-party website is subject to the privacy statements posted on those websites. We are not responsible for, and this Privacy Policy is not applicable to, any websites that are not affiliated with or owned by HMG (including, without limitation, any content, use, or privacy practices of such websites).
  8. California Residents.  California residents are legally entitled (at no charge and no more than once per year) to request information about how we may have shared your information with others for direct marketing purposes. To obtain this information or make changes to your Personal Information, please refer to the instructions provided in the Contact Us section below.
  9. Children.  The Site is not intended for children under 18 years of age. We do not knowingly collect or store any Personal Information from children under 18. If you believe HMG has received Personal Information from children under the age of 18, please contact us by: (1) sending an email to info@compendia.health
  10. Your Choices.  If you wish to opt out of receiving marketing communications from HMG, you may do so by (i) following the instructions provided in our marketing communications, or (ii) indicating your preferences on the relevant account profile/preferences section (such as Your Account), or (iii) referring to the instructions provided in the Contact Us section below. If you wish to request changes to your Personal Information, you may do so by referring to the instructions provided in the Contact Us section below. Please note, by electing to not share certain Personal Information with us, we may be unable to provide you with all of the functionality on the Site. Where required by law you may request access to your Personal Information that we maintain. As permitted by law we may charge a reasonable fee for providing access to Personal Information but we do not charge for lodging a request for access.
  11. Your Rights to Access Personal Information.  Where required by law, you may request access and/or make corrections to your Personal Information that we maintain. When accessing or updating your Personal Information, we may ask you to verify your identity before we can act on your request. Please note that we may reject requests, or limit the information we provide access to, if we determine it could risk the privacy of others or if unreasonable or repetitive, or if it would require disproportionate effort. As permitted by law, we may charge a reasonable fee for providing access to Personal Information, but we do not charge for lodging a request for access.
  12. Changes to this Privacy Policy.  HMG may change this Privacy Policy from time to time at its discretion, by posting the modified Privacy Policy on the Site. HMG will not be required to provide notice of any such modification directly to you. The modifications shall be effective upon such posting (unless some other date is specified in the posting, in which case that date shall be deemed the effective date for the modifications). You agree to review this Privacy Policy periodically so that you are aware of any modifications. Your use of the Site indicates your full acceptance of this Privacy Policy in its then-current form each time you use the Site. You may not modify the terms of this Privacy Policy or any of the policies or guidelines governing the Site without HMG's express prior written consent. We will not use your Personal Information in ways that differ materially from this Privacy Policy in its then-current form, and in no event will we use your Personal Information in ways prohibited by law.
  13. Contact Us.  To opt out of marketing communications, click here and you will be removed from HMG promotional/marketing email lists. If you would like to make changes to your Personal Information (such as address information and phone number), please contact us at info@compendia.health or Health Media Group, Inc., 222 Merchandise Mart Plaza, Suite 1230, Chicago, IL 60654 USA.
  14. EUROPEAN DATA PRIVACY ADDENDUM
    Last Updated November 16, 2018

  15. Purpose of Addendum.  This European Data Privacy Addendum, including any future modifications (the “Addendum”), forms a material part of HMG’s Privacy Policy and applies to any “personal data” (as defined under the GDPR) that we may “process” (as defined under the GDPR) through your use of the Site. The purpose of this Addendum is to briefly describe: 1) your rights under the GDPR; and 2) the legal bases that support HMG’s processing activities.
  16. Your Rights as a European Data Subject.  The GDPR provides “data subjects” (essentially natural persons that are the subject of personal data and are residents of the EU or UK) with a wide array of rights related to data privacy. HMG is considered a “data controller” under the GDPR with respect to its processing of your personal data. A data controller is essentially a person or organization that can determine how and why your personal data is processed and is responsible for ensuring that you are able to exercise certain privacy rights. Although HMG’s affiliates, service providers, and business partners will also collect and process your personal data, as described in the Privacy Policy, HMG will always be the data controller in respect to such processing. If you wish to exercise any of the rights detailed below, please send an e-mail sufficiently detailing such request to: info@compendia.health Please note that if we receive a request from you to exercise your rights, HMG has the right to have you take reasonable steps to confirm your identity, including your residency within the EU or UK.
    1. Transparent Communications.  You are entitled to a receive information from HMG regarding its collection and processing of your personal data. All such information must be provided in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. Such information has been provided by HMG in this Privacy Policy, as it is amended from time to time.
    2. Basic Information.  You have the right to obtain confirmation from HMG as to how your personal data are being processed, including the following information:
      • confirmation of whether, where, and by whom your personal data is being processed;
      • purpose(s) for the processing;
      • categories of personal data being processed;
      • categories of recipients with whom the data may be shared;
      • the period for which the data will be stored (or the criteria used to determine that period);
      • the source of the data (where you were not the source); and
      • information about the existence of, and an explanation of the logic involved in, any automated decision-making that has a significant effect on you.
      You may also request to receive an electronic copy of your personal data that are processed by HMG. HMG is required to provide any requested information within one (1) month of receiving an access request. However, if HMG receives a large numbers of requests, or especially complex requests, this time limit may be extended by a maximum of two (2) further months as long as HMG provides you with an explanation for the delay within the original one (1) month timeframe. If HMG fails to meet these deadlines, you may complain to the relevant Data Protection Authority (explained below) and may be able to seek a judicial remedy in the relevant EU Member State’s court system.
    3. Right to Data Portability.  You have the right to transfer your personal data between controllers (e.g., to move account details from one online platform to another). Specifically, you have the right to:
      • receive a copy of your personal data in a structured, commonly used, machine-readable format that supports re-use;
      • transfer your personal data from one controller to another;
      • store your personal data for further personal use on a private device; and
      • have your personal data transmitted directly between controllers without hindrance.
      Please note that any inferred or derived data (data derived through use of analytical processes) do not fall within the right to data portability, because such data are not provided by you. Additionally, HMG is not obliged to retain personal data for longer than is otherwise necessary simply to service a potential data portability request.
    4. Right to Correct Information.  HMG is required to ensure that inaccurate or incomplete data are erased or corrected. You have the right to request that HMG correct or erase personal data that you believe to be inaccurate or incomplete.
    5. Right to Withdraw Consent.  Your consent can provide a lawful basis for HMG to process your personal data and/or transfer your data internationally. However, you have the right to withdraw such consent. Please note, however, that lawful bases other than consent may permit the continued processing or transfer of your data.
    6. Right to be Forgotten.  Under the GDPR, in certain circumstances, you may have the right to have HMG erase your personal data, cease further dissemination of your personal data, and potentially have third parties halt processing your data upon your request. This right is commonly referred to as the “right of data erasure” or “the right to be forgotten.” You have the right to erasure of your personal data if:
      • the data is no longer needed by HMG for its original purpose (and no new lawful purpose exists);
      • the lawful basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists for HMG to process the data;
      • you exercise your right to object to processing and HMG has no overriding grounds for continuing the processing;
      • the data have been processed unlawfully; or
      • erasure is necessary for compliance with other EU laws or the national law of a relevant EU Member State.
    7. Right to Object to Processing Personal Data for Public or Legitimate Interests.  Where HMG is processing your personal data on the basis of having a “public interest” or “legitimate interests”, those bases are not absolute and you may have a right to object to such processing. If you object, HMG must cease such processing unless it either: (i) demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms; or (ii) requires the data in order to establish, exercise, or defend legal rights.
    8. Right to Object to Processing for the Purposes of Direct Marketing.  You have the right to object to the processing of your personal data for the purposes of receiving direct marketing from HMG (including “profiling” activities as detailed further below).
    9. Right to Object to Processing for Scientific, Historical, or Statistical Purposes.  Where your personal data is processed for scientific and historical research purposes or statistical purposes, you have the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
    10. Right to Restrict Processing.  In some circumstances, you may be entitled to limit the purposes for which HMG can process your personal data. Specifically, you have the right to restrict the processing of your personal data if:
      • the accuracy of the data is contested (and only for as long as it takes to verify that accuracy);
      • the processing is unlawful and you request restriction (as opposed to exercising the right to erasure);
      • HMG no longer needs the data for their original purpose, but the data is still required by HMG to establish, exercise, or defend legal rights; or
      • verification of overriding grounds is pending in the context of an erasure request.
    11. Fees.  HMG is required to give effect to your rights of access, rectification, erasure, and the right to object free of charge. However, HMG may charge a reasonable fee for repetitive requests, unfounded or excessive requests, or further copies beyond the initial copy provided.
    12. Right to Complain to the Applicable DPA.  Data Protection Authorities (“DPAs”) are the regulatory authorities responsible for monitoring and enforcing data protection laws at a national level and providing guidance on the interpretation of those laws. DPAs are empowered to oversee enforcement of the GDPR, investigate breaches of the GDPR, and bring legal proceedings where necessary. If you believe that your rights have been infringed by HMG, you have the right to ask HMG to remedy the situation. If you believe you have not received an adequate response from HMG, you may file a complaint with the relevant DPA (either the DPA for the EU Member State in which you live or work or the Member State in which the alleged infringement occurred). A list of DPAs may be found at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm (current as of November 2018).
  17. HMG’s Legal Basis for Processing Personal Data.  Under the GDPR, in order to process your personal data, HMG is required to identify a legal basis (or bases) for its processing activities. HMG’s legal bases for processing your personal data are as described below.
    1. Consent.  HMG is permitted to process your personal data to the extent you have given consent for HMG to perform processing activities. Please note that your consent to processing can be revoked at any time (though there may be other applicable legal bases that may justify ongoing processing of your personal data). Your consent may be revoked by sending an email to: info@compendia.health
    2. Contractual Requirements.  HMG is permitted to process your personal data to the extent the processing is necessary:
      • for the performance of a contract between you and HMG (e.g., to comply with the terms of use for the Site and/or any subsequent agreement HMG enters into with you);
      • to respond to your request to access your personal data; or
      • for the conclusion or performance of a contract between HMG and a third party where it is in your interest for the processing to occur.
      In order to optimize and customize the Site for you, it is critical that HMG be able to process your personal data. Without being able to process your personal data, HMG may be unable to provide you with access to the Site or certain features therein.
    3. Legitimate Interests.  HMG is permitted to process your personal data to the extent the processing is necessary for the purposes of legitimate interests pursued by HMG or a third party (“legitimate interests”), except where those legitimate interests are overridden by your interests, fundamental rights, or freedoms. You have the right to object to HMG’s processing of your personal data on the basis of legitimate interests; if you wish to raise such an objection, please send an email detailing your objection to info@compendia.health HMG’s identified legitimate interests for processing your personal data include:
      • ORGANIZATION: HMG may be required to transmit your personal data within its organizational group. Processing is necessary so that data can be shared amongst HMG’s affiliates so that each entity can carry out their legal, regulatory, and/or contractual responsibilities and/or coordinate/implement business plans, logistics, and/or operations. This is especially true because HMG’s affiliated entities may perform critical services for HMG, such as services related to accounting, compliance, research and development, human resources, information technology and security, legal, management, etc.
      • OPERATIONS: Processing your personal data is necessary to facilitate the day-to-day operation of our business and to allow for business planning for strategic growth. This may include managing our relationship with you, our employees, other Users, vendors, business partners, and/or others, sharing intelligence with internal stakeholders, implementing training procedures, planning and allocating resources and budgets, performing data modelling, facilitating internal reporting, analyzing growth strategies, creating and aggregating analytics, and/or processing personal data to create anonymized data (e.g., for service improvement, analytics, etc.).
      • LOGISTICS: Processing your personal data is necessary to enable HMG’s business operations to run more efficiently, e.g., establishing how to allocate resources or to predict future demand.
      • RESEARCH AND DEVELOPMENT: Processing your personal data is necessary for us to deliver and/or improve the Site. This includes processing your personal data to determine whether the Site is working as intended, monitoring usage and conduct, and identifying and troubleshooting issues.
      • MARKET INTELLIGENCE AND ANALYTICS: HMG has a legitimate need to conduct market intelligence so that it can better promote the Site by creating a better understanding of User preferences. This could include using diagnostic analytics to optimize services, and/or marketing campaigns by assessing/monitoring Users’ usage of the Site and/or conduct while using the Site. Common metrics for evaluation could include monitoring pages and links accessed, ad performance and conversion tracking, number of posts, number of page views, patterns of navigation, time at a page, devices used, User reviews, User location, hardware used, operating system version, advertising identifiers, unique application identifiers, unique device identifiers, browser types, languages, wireless or mobile network information, etc. These metrics could be used to personalize services and communications; determine which Users should receive specialized communications based on how they use the Site, create aggregate trend reports, determine the most effective advertising channels and messaging, and/or measure the audience for a certain communication.
      • PERSONALIZATION: We process personal data in order to enhance and personalize the experience we offer our current and/or prospective Users on the Site.
      • MONITORING: In order to identify recurring problems and/or analyze the patterns of behavior of Users, and comply with certain legal/regulatory obligations, it is necessary for HMG to monitor your performance/behavior on the Site.
      • DIRECT MARKETING: Processing your personal data is necessary for direct marketing purposes to occasionally update Users regarding the Site and other services and products which may be of interest to Users, including occasional communications regarding updates to our activities, services, and/or events.
      • MARKETING AND SALES: HMG has a legitimate interest in processing personal data in the context of marketing the Site to prospective advertisers, third-party content providers, and Users.
      • DUE DILIGENCE: It is necessary for HMG to process your personal data for the purposes of conducting due diligence. This could include, for example, monitoring official watch-lists, sanction lists and “do-not-do-business-with” lists published by governments and other official bodies globally. This could also include keyword searches of industry and reputable publications to determine if companies and individuals have been involved in or convicted of relevant offenses, such as fraud, bribery, and/or corruption.
      • FRAUD DETECTION AND PREVENTION: Processing your personal data is necessary for HMG to help detect and prevent fraud, e.g., verifying that the registered address of the cardholder for a particular credit or debit card is the same as the cardholder’s normal place of residence or work.
      • UPDATING USER DETAILS AND PREFERENCES: Processing your personal data is necessary to verify the accuracy of your User data and to create a better understanding of our past, present, and/or prospective Users.
      • NETWORK AND INFORMATION SECURITY: Processing your personal data is necessary for the purposes of ensuring our network and information security, e.g., monitoring users’ access to the Site for the purpose of preventing cyber-attacks, inappropriate use of data, corporate espionage, hacking, system breaches, etc. This could include preventing unauthorized access to electronic communications networks and malicious code distribution and stopping “denial of service” attacks and damage to computer and electronic communication systems.
      • BUSINESS CONTINUITY/DISASTER PLANNING: HMG processes your personal data because it is necessary to allow for the backup and protection of your information (e.g., utilizing cloud-based services to archive/protect data) in order to ensure that such information is not improperly lost or modified. Such processing is also necessary to archive/protect data in accordance with legal, regulatory, organizational, and/or contractual obligations.
      • ARTIFICIAL INTELLIGENCE: In processing your personal data, HMG may process your data utilizing an algorithm that helps to streamline organizational processes, or your User experience e.g., recommending suggested content based upon your past activity on the Site.
      • COMPLIANCE WITH LAWS AND REGULATIONS: HMG may be subject to binding legal or regulatory obligations and may need to process your personal data in order to comply with such laws or regulations. Examples include: complying with reporting obligations, complying with screening obligations, responding to law enforcement requests, and/or responding to judicial/regulatory agency requests.
      • REPORTING POTENTIAL THREATS TO PUBLIC SECURITY/SAFETY: HMG has a legitimate interest in reporting possible criminal acts or threats to public security/safety that we identify as part of our processing activities to a competent authority.
    4. Legal or Regulatory Obligations.  HMG is permitted to process your personal data where it has a binding legal or regulatory obligation to perform the processing to stay in compliance with applicable laws or regulations (e.g., tax reporting purposes). Other examples could include where HMG or one of its affiliates is required to respond to a court order, subpoena, or law enforcement agency request, to prevent fraud or abuse, or to protect the safety of individuals.