PRIVACY NOTICE

BeyondReps Inc (DBA IronRod Health), on its own behalf and on behalf of its affiliates and/or wholly owned subsidiaries, believes that protecting your data privacy is one of our most important responsibilities. We've developed a privacy notice that covers how we collect, use, and securely store your personal information (known as PII). The scope of this Privacy Notice applies to www.ironrod.health, https://portal.ironrod.health, https://stage-portal.ironrod.health, https://app.ironrod.health, https://stage-app.ironrod.health and IronRod Health native applications on Android and iOS.

This Privacy Notice provides that information in a way we have tried to make clear and transparent. Specifically to provide people with information about what personal data we process, what are their rights, how they can exercise those rights, and how to make complaints. If you would like more information about what data we process, for what purpose or how long we keep it for, please use the contact details provided at the end to ask us.

If you do not agree with this Privacy Notice, do not access or use our services or interact with any other aspect of our business.

Who we are

When we refer to 'we', 'us' and 'our', we mean IronRod Health as the "Data Controllers".

Cookies

Please click here to see how IronRod Health manages cookies.

California Consumer Privacy Act

Please click here to see our notice on how you can enforce your rights as a California resident under CCPA.

Nevada Resident Rights

Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

General Data Protection Regulation

Access to personal identifiable information and your rights

The General Data Protection Regulation (GDPR) requires organizations like us to provide a lawful basis to collect and use your information. Our lawful basis to collect and use information from our EEA users include when:

We need it in order to provide you with the services and to carry out the core activities related to our provision of the services.
We need to comply with a legal obligation.
We have a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the services and to protect our legal rights and interests.
You give us your consent to do so for a specific purpose.

Right to access

The right of access is also known as subject access requests. Under GDPR you have the right to obtain:

Confirmation that your data is being processed;
Other supplementary information – that largely corresponds to the information provided in this privacy notice.
We will provide this information to you free of charge unless the request is 'manifestly unfounded or excessive', when we may choose to charge an administration fee or refuse to respond. We will endeavor to provide the information as soon as possible, and never more than one month after receipt of your request. To ensure data security we will request evidence of identification before we supply any personal data.

Right to rectification

Where you tell us that the information, we hold on our records about you, is incorrect, we will update the data as quickly as possible, and no longer than one month after you have let us know.

Right to erasure

The right to erasure is also known as the right to be forgotten. GDPR introduces the right to have your personal data erased. However, this is not absolute and only applies in certain and specific circumstances.

IronRod Health's lawful basis for processing personal data is 'for the performance of a task carried out in the public interest or in the exercise of official authority'. The right to erasure does not apply for this lawful basis.

Right to restrict processing

You have the right to request that we restrict the processing of your personal data in certain circumstances. For example:

You contest the accuracy of the data we hold. In this instance we will restrict your data until we have verified the accuracy of the data;
The data has been unlawfully processed, but you oppose erasure and request restriction instead. This is unlikely, however if this is the case we will retain your data in this instance;
We no longer need the data, and it will be removed under our data retention policy, but you require us to retain the information in order to establish, exercise or defend a legal claim. This is unlikely, however if this is the case we will retain your data in this instance;
You have objected to us processing your personal data under the 'right to object' and we are considering whether our legitimate grounds override those of the individual.

Right to restrict processing

You have the right to request organizations provide you with a copy of your personal data to allow you to move, copy or transfer it from one IT environment to another.

Right to object

You have the right to object to the processing of your personal data in the performance of our tasks.

Right to automated decision making

You have the right to object to us using automated processing techniques, such as profiling, in order to provide services. Within our software IronRod Health does automate processing of data to enhance the users workflow experience.

Right to stop contacting as part of marketing or recruitment processes

You have the right to request that we stop contacting you for marketing purposes or follow-up on any recruitment process.

Recruitment candidates

When you apply for a job with us, we will rely on your consent under article 6(1)(a) of the GDPR to process your data. If your application includes any special categories of data, for example relating to a monitoring of our application relating to minorities, disability or any additional needs you may have, we will rely on your explicit consent under Article 9(2)(a).

We need this information to process your application, and to keep a record of the applications made. We may keep your CV and personal contact details in order to offer you further opportunities in the future.

We hold your data for up to three years after the process is complete.

Online events

We may collect the following categories of personal information when you sign up to attend an online event:

Identifiers, such as name and e-mail address. We collect the information you provide via third-party sources (such as social media websites) when you sign up to attend an online event.
Demographic information collected by such third-party sources (such as LinkedIn analytics).

We use such collected personal information in IronRod Health's legitimate interest to market our products and services, such as:

For email purposes relating to information and campaigns about IronRod Health
For insight on communication strategy
For potential sales lead connections

Links to third-party websites

Our services and websites may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third-party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.

Processing and usage of data

IronRod Health's SaaS solution is an efficient platform which aggregates all the data a physician requires to quickly monitor their patients. The application provides numerous manual and automated tasks for providers, billers, clinicians, and non-clinical technical staff such as support to enable the efficient monitoring of patients throughout the full cardiovascular lifecycle. This includes devices such as blood pressure monitors, smart scales, and ECG devices. The solution is hosted within Amazon Web Services, Google Cloud Platform and Microsoft Azures HIPAA compliant and secure clouds.

_All data is processed and stored within the United States of America. _

Even where IronRod Health has a legitimate interest in processing your personal data, it will not do so to the extent that processing would override your interests, rights and freedoms to protect your personal data.

We may also use your personal data to protect against and prevent fraud, claims, and other liabilities and to comply with or enforce applicable legal requirements, industry standards, and our policies and terms. We use personal data for these purposes when it is necessary to protect, exercise or defend our legal rights, or when we are required to do so by applicable law.

If you are an EEA resident, your personal data held by IronRod Health may be transferred to, and stored at, destinations outside the EEA that may not be subject to equivalent data protection laws, including the United States. When you sign up for service with IronRod Health or inquire about our services, we transfer your information to the United States and other countries as necessary to perform our agreement with you or to respond to an inquiry you make. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers.

Accordingly, by using our services, you authorize the transfer of your information to the United States, where we are also based, and to other locations where we and/or our service providers operate, and to its (and their) storage and use as specified in this Privacy Notice and any applicable terms of service or other agreement between you and IronRod Health. In some cases, IronRod Health may seek specific consent for the use or transfer of your information overseas at the time of collection. If you do not consent, we may be unable to provide you with the services you requested.

The United States, the United Kingdom, and other countries where we operate may not have protections for personal information equivalent to those in your home country.

Where your information is transferred outside the EEA, we will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this Privacy Policy.

Important notes concerning data processing

Google Analytics

IronRod Health uses Google Analytics, a web analytics service provided by Google Ireland Ltd. If the responsible body for the data processing that occurs via this website has their basis outside of the European Economic area and Switzerland, then the associated Google Analytics data processing is carried out by Google LLC. Google Ireland Limited and Google LLC. will hereinafter be referred to as "Google".

Google Analytics uses "cookies", which are text files saved on the site visitor's computer, to help the website analyze their use of the site. The information generated by the cookie (including the truncated IP address) about the use of the website will normally be transmitted to and stored by Google.

Google Analytics is used exclusively with the extension "_anonymizeIp ()". This extension ensures an anonymization of the IP address by truncation and excludes a direct personal reference. Via this extension Google truncates the site visitor's IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional situations will the site visitor's full IP address be transmitted to Google servers in the United States and truncated there. The IP address, that is provided by the site visitor's browser in using Google Analytics will not be merged by Google with other data from Google.

On behalf of the site operator, Google will use the information collected to evaluate the use of the website, to compile reports on website activity and to provide other website and internet related services to the site operator (Art. 6 (1)( f) GDPR). The legitimate interest in data processing lies in the optimization of web and mobile application, the analysis of the use of these websites and the improvement of their content and features. The interests of the users are adequately protected by the pseudonymization of their IP address. No other personal data is collected.

Google LLC has certified their compliance with the EU-U.S. Privacy Shield Framework and on that basis they provides a guarantee to comply with European data protection law. The data sent and linked to the Google Analytics cookies, e.g. pseudonymized IP addresses will be automatically deleted after 50 months. The deletion of data whose retention period has been reached is done automatically once a month.

The website visitor may refuse the use of cookies by selecting the appropriate settings in their browser. The website visitor can also prevent Google from collecting information (including their IP address) via cookies and processing this information by downloading this browser plugin and installing it: http://tools.google.com/dlpage/gaoptout

Further information concerning data processing and use by Google, the settings and deactivation possibilities can be found in the Google Privacy Policy (https://policies.google.com/privacy ) as well as in the Google Ads Settings (https://adssettings.google.com/authenticated ).

Wix

IronRod Health may store user data within Wix which hosts the companies marketing website. This is specifically related to inbound requests such as recruitment and sales inquiries. Data within Wix is periodically removed.

Paylocity

IronRod Health may store user data within Payocity to manage the recruitment process for inbound applications. Data within Paylocity is periodically removed.

Pipedrive

IronRod Health may store user data within Pipedrive during the commercial lifecycle. Only data which is directly required for contractual agreements will exist in this platform. This data includes:

User information for contract points of contact
Number of contact attempts
Lead times and metrics for client onboarding and support
Sales targets and fulfillment

Data within Pipedrive is periodically removed and only used for interim performance metrics, and to make sure client contact remains within SLA agreements.

Atlassian

IronRod Health utilizes Atlassian products (JIRA, Jira Service Management, Confluence) to aid with support response and documentation. When a user files a support request via Jira Service Management form, or by email, a ticket is filed which includes the user's details. This data is stored on Atlassian's servers. IronRod Health's legitimate business interests are to make sure support requests are tracked to the user who flagged themselves for help and lead time metrics until a solution is found. This data is routinely removed on success and metrics gathered. Data is removed following IronRod Health and Atlassian guidelines.

Microsoft Office365

IronRod Health utilizes Office365 to collaborate and communicate internally. IronRod Health employs a third party IT manage service provider to guarantee HIPAA compliant policies and procedures for the storage and access to PII and ePHI inline with the need to know principal. Only required employees within IronRod will process user and patient data within PowerBI and Excel to quantify and monitor high quality service for the end patient.

FreshDesk (FreshWorks)

Compliance and security

IronRod Health has implemented administrative, physical, and technical safeguards to help protect the personal data that we transmit and maintain. Secure services and tools used by IronRod Health include:

HIPAA and Cyber Essentials Certification
Encryption of data in transit and at rest using 128 and 256 AES encryption
Mandatory internal security, regulatory, and HIPAA training for all staff
Adherence to the Secure Software Development Lifecycle which includes static analysis and manual security processes within Product and Engineering
Use of AWS, GCP and Azure ISO 27001 certified cloud services
Where ePHI is processed and stored IronRod Health only uses services covered under a BAA within AWS, GCP, Microsoft Office365 and Microsoft Azure

However, no system or service can provide a 100% guarantee of security, especially a service that relies upon the public internet. Therefore, you acknowledge the risk that third parties may gain unauthorized access to your information. Keep your account password secret and please let us know immediately if you think your password was compromised. Remember, you are responsible for any activity under your account using your account password or other credentials.

Updates and changes to Privacy Notice

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes in our processing of your personal data and privacy practices. We may also engage with different SubProcessors. We will post a prominent notice on each of IronRod Health's websites to notify you of any significant changes to our Privacy Policy and indicate at the top of the Privacy Policy when it was most recently updated.

This policy is effective as of July 7, 2022.

Contact us

If you have any questions or comments about this Privacy Notice, the use of cookies, if you would like us to update personal data we have about you or your preferences, or to exercise your rights, please email our Data Protection Officer at odp@ironrod.health or write to us at:

Data Protection Officer, IronRod Health, 2999 N 44th St Suite 145, Phoenix, AZ 85018

Privacy Notice

Cookie Policy

CCPA

CONTACT

2999 N 44th St., Suite 145

Phoenix, AZ 85018

888.743.3866