Effective Date: 2007
Introduction
Our365 offers in-hospital, infant photography services in U.S. hospitals. Our staff takes photographs of newborns with the consent of the mother and with the consent of the hospital, and offers various options for family and friends to view the photos and obtain copies of them. Mothers are also offered a chance to receive additional valuable information, coupons and special offers from the Our365 Club and those select third parties with whom it has entered into a marketing relationship ("Marketing Participants"), including but not limited to insurance, health care, food, pharmaceutical and educational providers.
Protecting the privacy and confidentiality of our Customers' Personal Information has always been a fundamental principle of our company. This Privacy Commitment to the Protection of Customer Information ("Privacy Commitment") describes Our365's commitment to protecting the privacy of its Customers' Personal Information, including information provided by members of the Our365 Club ("Members"). "Customer," "Personal Information" and other terms used throughout this Privacy Commitment are defined below.
The Our365 Privacy Commitment describes the manner in which we collect, use, disclose and otherwise manage the Personal Information collected and controlled by Our365, including Personal Information collected through its web site available at www.Our365.com and www.Our365club.com (the "Web site").
The Principles
Principle 1 - Accountability
Our365 is responsible for Personal Information under its control, including Personal Information transferred to third party service providers performing data processing services on our behalf.
1.1 The Executive Committee of Our365 is accountable for Our365's compliance with the Our365 Privacy Commitment.
1.2 The Our365 Chief of Hospital Operations and Human Resources oversees Our365's compliance with the Our365 Privacy Commitment.
1.3 The management of Our365 has established written procedures and practices to implement the Our365 Privacy Commitment, including procedures designed to protect Personal Information; procedures to receive and respond to complaints and inquiries; communications and training programs to provide information about privacy policies and practices to Our365's staff, Our365 Marketing Participants and Our365's Customer Care Center.
Principle 2 - Identifying Purposes
Our365 collects Personal Information for two primary purposes: to ensure the proper fulfillment of Our365 Newborn Portraits and WebNursery® orders and to meet the Direct Marketing and research requirements of the Our365 Club and its carefully selected Marketing Participants.
2.1 Our365 provides Customers with information that explains:
- The purposes for which Personal Information is being collected; and
- How the Personal Information may be used or disclosed.
2.2 Our365 collects Personal Information from the Customer as a result of a Customer request:
- Through orders taken in-hospital by a Our365 in-hospital representative (i.e., a Our365 employee or a nurse or volunteer acting on behalf of Our365);
- Through online and electronic activity with Our365;
- Through our customer service department;
- Through registration or participation in an online forum or community;
- Through telephone, paper and online surveys, contests and sweepstakes; and
- Through enrollment in the Our365 Club program.
2.3 Our365 collects Personal Information for the following purposes:
- To process Our365 Newborn Portrait orders and returns;
- To process payments by Customers for their orders;
- To process WebNursery search requests and Our365 Club enrollment;
- To communicate information and special offers from the Our365 Club and/or Marketing Participants to Customers;
- To respond to requests for information about our products and services;
- To better understand and analyze Customers responses, needs and preferences; and
- To develop, enhance, market and provide products and services to meet those needs.
2.4 In the course of processing a transaction with you, such as fulfilling a Newborn Portrait order, we may share some of your Personal Information with certain entities that we have contracted to process and manage transactions, data management, and communications on our behalf. Such functions include package deliveries and credit card payment processing. These companies may have access to your Personal Information on a confidential basis only to the extent necessary to provide you with these specific services. We also require companies who have such access to your Personal Information to take other measures to protect your Personal Information, including limiting access to Personal Information to their employees on a "need-to-know" basis.
2.5 We may use Personal Information to communicate information and special offers from Our365 and the Our365 Club. Our365 respects the privacy of its Customers when promoting products and services. If you do not wish to receive marketing or promotional communications from us in electronic, printed or verbal format, simply inform us by writing or sending an e-mail to the address provided in Section 10.1.
2.6 Our365 may also share your Personal Information from time to time with its Marketing Participants so that they can inform you about their products, services, rewards and special offers. If you would like to withdraw your consent to share your information with Marketing Participants for such marketing purposes, you may e-mail or write to us at the address provided in Section 10.1.
Principle 3 - Consent
Our365 obtains consent from Customers for the collection, use or disclosure of Customer's Personal Information at the time of collection. Our365 makes a reasonable effort to ensure that Customers understand how their Personal Information will be used and disclosed.
3.1 Our365 provides Customers with information about the way in which Personal Information will be used through printed materials, the Our365 Web site, and agents in its Customer Care Center.
3.2 Customers can opt-out of the Our365 Club at any time by writing or sending email to Our365, speaking with a Our365 in-hospital representative, and/or making a verbal request during telephone conversations with our Customer Care Center.
Principle 4 - Limiting Collection
Our365 limits the collection of Personal Information to that which is necessary for the purposes specified to the Customer. All information collected by Our365 is gathered directly from the Customer and is never obtained from hospital records or medical files.
4.1 Our365 does not collect Personal Information indiscriminately. Both the amount and the type of Personal Information collected are limited to that which is necessary to fulfill the Customer's request, process an order, enroll in the Our365 Club, register online, participate in certain features on our Web site such as personalizing a family site or any other specified purposes.
4.2 We recognize the importance of safeguarding the privacy of children. We do not knowingly collect personally-identifiable information from children under the age of 13.
4.3 Our Web site also uses cookies. A "cookie" is a piece of information that a Web site sends to your computer while you are viewing the Web site to remember who you are the next time you log on. Many pages on our Web site where you are prompted to log in or that are customizable require that you accept cookies.
4.4 We use cookies on our Web site to understand site usage and to improve the content and offerings on our Web site. For example, we may use cookies to personalise your experience on our Web pages (e.g. to recognise you by name when you return to our Web site). You may set your Web browser to notify you when you receive a cookie. However, should you decide not to accept cookies from our Web site, you will limit the functionality we can provide.
4.5 Our365 collects non-personally identifiable information from users of its Web site. Non-personally identifiable information is anonymous information that cannot be associated with a specific individual. The types of non-personally identifiable information that we collect (either directly, through the use of "cookies," or through the use of a third-party tracking system) include the IP address of the computer making the request. Usually, this IP address is not associated with your personal computer, but with a computer used by the portal through which you accessed the Internet, such as your Internet Service Provider or company network. IP addresses are not linked to Personal Information.
4.6 The Our365 system also gathers information about the areas users visit on the Web site and about the links that users select from within the Web site to other areas of the World Wide Web or elsewhere online.
4.7 Our365 uses information about the areas Web site users visit and the links users select in the aggregate to understand how users as a group use the services and resources provided on our Web site. This way, the company knows which areas of its Web site are most popular, which areas need development and what technologies are being used so that Our365 may continually improve its site and provide users with a positive online experience.
Principle 5 - Limiting Use, Disclosure and Retention
Our365 will only use or disclose Personal Information for purposes specified in this Privacy Commitment or as you otherwise consent.
5.1 Our365 provides Customers a web page for their baby that may be linked to the birth hospital's home page. Customers provide consent to this service prior to baby's web page being posted to the WebNursery® section of Our365.com.
5.2 Only baby's first name, middle name and last initial are ever displayed on the site. Baby statistics including weight, date of birth and time of birth are displayed on baby's web page. Customers also have the option to password protect their baby's web page using the "Parent Log-in" within WebNursery®. When baby's web page is password protected, only those individuals whom the Customer invites will have access to view the baby's web page.
5.3 Our365 does not trade, rent or sell Personal Information, including Member Lists from the Our365 Club program, without your prior consent.
5.4 Our365 may disclose Personal Information that it collects if, in its opinion, such disclosure is required to comply with legal process or procedure, for example, in response to a subpoena, search warrant or other governmental inquiry or order. It may also disclose such information in response to a law enforcement agency's request or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by law. We may also disclose personal information to assist us in collecting a debt owed by you.
5.5 Our365 may also transfer any Personal Information we have about you in the event that all or a portion of our business or assets is sold or transferred to a third party acquirer, including without limitation in the course of insolvency proceedings.
5.6 Our365 retains Personal Information in accordance with documented guidelines and procedures established by Our365. Our365 retains Personal Information only as long as necessary for the fulfillment of the purposes for which it was collected, or as the Customer otherwise consents. If a Customer asks that we no longer send marketing communications, we make the appropriate notation in our database to honor that request.
5.7 Our365 may share non-personally identifiable information with its suppliers and other third parties for trend analysis and other statistical purposes. This information is not linked to any Personal Information that can identify any individual person.
Principle 6 - Accuracy
Our365 makes every effort to keep Personal Information as accurate, complete and up-to-date as possible for the purposes for which it is to be used.
6.1 Our365 updates Personal Information as it is made available by Customers.
6.2 Customers are responsible for informing Our365 about changes to Personal Information, as appropriate.
Principle 7 - Safeguards
Our365 protects Personal Information in its custody and control with reasonable administrative, technical and physical safeguards appropriate to the sensitivity of the Personal Information.
7.1 Our365 has implemented administrative, technical and physical safeguards in an effort to protect the Personal Information in its custody and control against loss or theft, as well as unauthorized access, disclosure, copying, use or modification of Personal Information in our custody and control. Our365 protects Personal Information regardless of the format in which it is held.
7.2 The methods of protection for Personal Information include:
- Physical measures, for example, locked filing cabinets and restricted access to offices;
- Administrative measures, for example, employee confidentiality agreements, security clearances and limiting access on a "need-to-know" basis; and
- Technological measures, for example, the use of passwords, firewalls and encryption.
7.3 In general, you can visit our Web site without telling us who you are or providing us with any information. However, to provide you with an increased level of security, online access to your Personal Information may be protected with a password you select. You alone are responsible for any and all activity that occurs on our Web site under such password. You agree to immediately notify Our365 of any unauthorized use of your password or user name or any other breach of security. You agree to provide true, current, complete and accurate information as requested on any registration form to which our Web site may direct you, and to update that registration information as soon as possible after any information on such registration form changes.
7.4 Personal Information is stored on databases in Our365 production facilities and at a third-party database management and storage facility in the U.S.
7.5 When Our365 uses a third-party service provider to process information on its behalf, the third party is contractually required to protect the privacy and confidentiality of the Personal Information in its custody, and to only permit its employees to access the information to the extent necessary to perform the services. Further, the service providers are contractually required only to retain Personal Information as long as necessary to complete the assigned task, subject to applicable law.
7.6 Our365 has appropriate training programs in place and provides employees with information about its policies and procedures for maintaining the privacy of Customers' Personal Information and the importance of maintaining the confidentiality of Personal Information.
7.7 Personal Information is disposed of or destroyed with care to prevent unauthorized parties from gaining access to the information.
Principle 8 - Openness
Our365 makes specific information about its policies and practices relating to the management of Personal Information readily available to Customer.
8.1 Our365 is open about its policies and practices with respect to the management of Personal Information.
8.2 Our365 makes information about its privacy policies and practices readily available to individuals and its Customers through face-to-face interaction with Our365 in-hospital representatives, through written materials, its Web site, and through agents in its Customer Care Center. In addition, copies of the Our365 Privacy Commitment are available to individuals and Customers upon request or can be found at www.Our365.com.
Principle 9 - Individual Access
Upon request, Our365 provides Customers with a general right of access to their Personal Information held by Our365 and an account of its use and disclosure.
9.1 Customers can request access to their Personal Information held by Our365 by contacting Our365 at the address provided in Section 10.1.
9.2 Our365 may request sufficient information from the Customer including passwords to verify the identity of the Customer and the existence, use and disclosure of Personal Information held by Our365.
9.3 Our365 amends the Personal Information contained in the Our365 databases as required to address inaccuracies or incompleteness of the Personal Information. An amendment may involve the correction, deletion or addition of information.
9.4 A Customer may challenge the accuracy and completeness of the Personal Information contained in the Our365 database and have it amended as appropriate. When Our365 does not resolve a challenge to the satisfaction of the Customer, the Personal Information relating to that Customer will reflect the unresolved challenge.
9.5 If Our365 does not provide access to all the Personal Information it holds about a Customer, it will provide the reasons for denying access to the Customer.
Principle 10 - Challenging Compliance
A Customer may challenge Our365's compliance with the above principles with the Our365 Director of Compliance or any other individual identified by Our365 who oversees Our365's compliance with this Privacy Commitment.
10.1 Customers should forward inquiries about Our365's privacy policies to Our365 Customer Privacy:
Changes to this Policy
We may revise, modify, update, and/or supplement this Privacy Commitment at any time at our sole discretion and without prior notice. Material changes to this Privacy Commitment will be posted, along with their effective date, on our Web site to which this Privacy Commitment applies. You should review the Privacy Commitment periodically to monitor any changes. However, we will treat your Personal Information in accordance with the Privacy Commitment that was in place at the time we collected your information.
Links to Third Party Web sites
Our365's Web site may have links to the sites of other companies such as Our365 Marketing Participants or other business partners, vendors and advertisers. Except as provided herein, we will not provide any of your Personal Information to these third parties without your prior consent. The inclusion of any link does not imply Our365's endorsement of any other company, its web sites, or its products and/or services. Our365 is not responsible for the privacy practices of those companies, nor do we monitor or control the information they collect when you access or use their web sites. Since their treatment of Personal Information may differ from ours, we encourage you to learn about the privacy policies of those companies by reading their separate and independent privacy policies. We have no control over such web sites and therefore have no responsibility or liability for the manner in which the organizations that operate such linked web sites may collect, use or disclose and otherwise treat your personal information.
Definitions
Customer - any individual who visits our Web site, including an individual who places an order with Our365 or enrolls as a member in the Our365 Club and for whom a Our365 Newborn Portrait account number has been established or is being established in the Our365 database.
Direct Marketing - direct communications targeted to Customers, including mail, telephone calls, or electronic mail from Our365 and/or its Marketing Participants.
Personal Information - information about an identifiable individual. Information includes, but is not limited to: first and last name, mailing address, telephone number, e-mail address, baby's name, baby's birth date, and other applicable birth event statistics.
Our365 Club - The Our365 Club is a free program available to all Our365 Customers. Customers receive valuable information and offers from Our365 Club and its carefully selected Marketing Participants. Registration to join the Our365 Club is available through a Our365 in-hospital representative, by completing the online registration form, or by calling the Our365 Customer Care Center. During the registration, Customers are asked to give Personal Information such as first name, last name and email address. This information is used to provide special offers from the Our365 Club and its Marketing Participants.
Our365 Marketing Participant - a third-party corporation or other organization that has an agreement with Our365 to provide promotional offers and discounts to members of the Our365 Club.