Effective Date: 15 September 2023
LAST UPDATED 15 September 2023
Hercules Study P.C and it’s affiliates, (“Hercules”, “us,” “we,” or “our”) is committed to protecting the privacy of Personal Data (i.e., information reasonably related to a specific individual). This Privacy Notice describes how we process Personal Data collected through our websites, emails, social media accounts, mobile applications, and other properties (collectively, our “Digital Properties”) and through other online and offline interactions, such as when you receive a Hercules scan at one of our locations.
Some of the Personal Data we receive or obtain about you may be subject to different state and federal privacy laws governing the use and disclosure of health information. We comply with applicable state and federal privacy laws and descriptions in this Privacy Policy regarding our collection, use and disclosure of Personal Data may be subject to or further restricted by the requirements of these laws.
We may update this Privacy Notice from time to time. Any updated Privacy Notice will be effective when posted. Please check this Privacy Notice periodically for updates. If required by law, we will contact you directly to provide you with an updated Privacy Notice.
1. Sources of Personal Data
“Personal Data” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Data does not include publicly available information, de-identified or aggregated information, or information covered by certain federal and state laws.
We collect Personal Data about you from the following sources:
A. Directly from you. We may collect Personal Data you provide to us directly, such as when you contact us through our Digital Properties, interact with us in person at one of our locations, sign up for offers or newsletters, communicate with us, place or customize orders, or sign up for an account or other services.
B. Data collected automatically and through tracking technologies. We may automatically collect information or inferences about you, such as through cookies and other tracking technologies, when you interact with our Digital Properties. This may include information about how you use and interact with our Digital Properties or otherwise interact with us, information about your device, and internet usage information.
C. From third parties. We may collect Personal Data from third parties, such as physicians and other medical professionals who practice through our affiliated professional companies, service and content providers, business partners, data brokers, lead generators, companies that provide or sell lists of potential customers, social media companies or other parties who interact with us.
D. From publicly available sources. We may collect Personal Data about you from publicly available sources, such as public profiles and websites. We may combine and use information and make inferences from information that we receive from the various sources described in this Privacy Notice, including third party sources. We may also use or disclose the combined information and inferences for the purposes identified below.
2. Types of Personal Data We Collect
We may collect the following types of Personal Data:
A. Identifiers, such as your name, email address, physical address, telephone number, business contact information, account number, and device identifiers (e.g., cookie IDs and IP address).
B. Records about you, such as preference information (including marketing and purchasing preferences), account settings (including any default preferences), the content, timing and method of communications you have with us, such as online chats, calls, and emails, signatures and physical characteristics or a description of you.
C. Protected class and demographic information, such as age (including birthdates) and gender.
D. Commercial information, such as purchase or subscription information, information about products you order or are interested in, payment details, delivery details, and other commercial or financial information; and legal information relating to your transactions, such as fraud checks or flags raised about your transactions, payment card refusals, complaints and information related to their resolution, and legal requests and communications.
E. Internet or other electronic network activity information, such as your browsing history, search history, and other information regarding your interactions with and use of the Digital Properties. For more information about cookies and other device data, please see the Cookies and Other Tracking Technologies section below.
F. Non-precise geolocation data, such as your approximate location based on your IP address.
G. Audio, electronic, visual, or other sensory information, such as photographs taken at events, call recordings, and video recordings.
H. Professional or employment-related information, such as job title, organization, professional licenses, credentials, professional specialty, professional affiliations, and other professional information.
I. Education information.
J. Inferences drawn from any of the information we collect to assess the level of interest in our products and services based on frequency of visits and contact and determine your preferred frequency for receiving offers.
K. Sensitive Personal Data, including the following: 1. Racial or ethnic origin 2. Content of mail, email, and text messages where we are not the intended recipient (such as messages that we host as a Controller but are not sent to us). 3. Information about your health. 4. Medical or health insurance information, including insurance policy number; 5. Information concerning your sex life.
3. How We Use Personal Data
We may use Personal Data for the following purposes:
A. To provide you with services related to a clinical study, such as providing and delivering you the services of the study, providing customer service; processing or fulfilling orders and transactions, verifying customer information; processing payments; communicating with you about the study; hosting informational webinars; verifying eligibility for certain programs or benefits; responding to requests, complaints, and inquiries; and providing similar services or otherwise facilitating your relationship with us.
B. For our internal study purposes, such as maintaining or servicing enrollees; operating our Digital Properties and customizing the content; maintaining internal study records; enforcing our policies and rules; conducting organizational analysis; completing management reporting; managing our assets and global workforce; undertaking work planning, both administratively and organizationally (including work schedules and billing of clients); project management; auditing; maintaining records on business activities, such as accounting, commercial, procurement, document management and other similar activities; budgeting; real estate management; IT administration of our network, intranet, and other technologies; and IT security management and tasks.
C. For our internal research and product improvement purposes, such as verifying or maintaining the quality or safety of our services; improving our products or services; designing new products and services; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
D. For legal, safety or security reasons, such as complying with legal requirements, processes, or orders; fulfilling reporting and similar requirements; complying with government inspections and other requests from government or other public authorities; pursuing legal rights and remedies; investigating and responding to claims against us and our customers and employees; protecting our, your, our customers’, and other individuals’ safety, property or rights; addressing security and health and safety issues (including managing spread of communicable diseases) and malicious, deceptive, fraudulent, or illegal activity; and receiving legal advice or approval.
E. [Omitted]
F. For marketing and targeted advertising, such as marketing our products or services or those of our affiliates, business partners, or other third parties. For example, we and our business partners may use Personal Data we collect to personalize advertising to you on this website or others, to analyze interactions with our email communications or website areas viewed, to develop product, brand or services audiences (including by identifying you across devices/sites) to better target our advertising to you, or to send you newsletters, surveys, questionnaires, promotions, or information about events or webinars. You can unsubscribe to our email marketing via the link in the email or by contacting us using the information in Section 9 (Contact Information) below.
We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.
4. How We Disclose Personal Data
We may disclose Personal Data to third parties, including the categories of recipients described below:
A. Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units pursuant to an appropriate confidentiality agreement.
B. Service providers that work on our behalf to provide the study services or support our relationship with you, such as IT providers, internet service providers, web hosting providers, data analytics providers, and companies that provide business support services, financial administration, or event organization.
C. Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.
D. Law enforcement, government agencies, and other recipients for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our Terms of Use and other agreements or policies, and to protect our, your, our customers’, or other third parties’ safety, property, or rights.
E. [Omitted]
F. Business partners that may use Personal Data for their own purposes, such as companies that operate cookies and other tracking technologies, social media companies, data brokers, marketing and advertising partners, and other business partners for their own marketing, research, or analytics purposes. Where required by law, we will obtain your consent prior to disclosing your Personal Data to our business partners. Where recipients use your Personal Data for their own purposes independently from us, we are not responsible for their privacy practices or personal data processing policies. You should consult the privacy notices of those third-party services for details on their practices.
G. Entities to which you have consented to the disclosure.
5. Cookies and Other Tracking Technologies
Our Digital Properties and authorized third parties use cookies and other tracking technologies to collect information about you, your device, and how you interact with our Digital Properties. This section contains additional information about:
- The types of tracking technologies we use and the purposes for which we use them
- The types of information we collect using these technologies
- How we disclose or make information available to others
- Choices you may have regarding these technologies
A. Types of cookies and tracking technologies we use
We and the third parties that we authorize may use the following tracking technologies:
- Cookies, which are a type of technology that install a small amount of information on a user’s computer or other device when they visit a website. Some cookies exist only during a single session and some are persistent over multiple sessions over time.
- Pixels, web beacons, and tags, which are types of code or transparent graphics. In addition to the uses described below, these technologies provide analytical information about the user experience and help us customize our marketing activities. In contrast to cookies, which are stored on a user’s computer hard drive, pixels, web beacons, and tags are embedded invisibly on web pages.
- Session replay tools, which record your interactions with our Digital Properties, such as how you move throughout our Digital Properties and engage with our webforms. In addition to the uses described below, this information helps us improve our Digital Properties and identify and fix technical issues visitors may be having with our Digital Properties.
- Embedded scripts and SDKs, which allow us to build and integrate custom apps and experiences on our Digital Properties
B. Purposes for using these technologies
We and authorized third parties use these technologies for purposes including:
- Personalization, such as remembering language preferences and pages and products you have viewed in order to enhance and personalize your experience when you visit our Digital Properties;
- Improving performance, such as maintaining and improving the performance of our Digital Properties;
- Analytics, such as analyzing how our websites are used. For example, we use Google Analytics to help us improve the user experience. Google Analytics may use cookies and other tracking technologies to perform their services. To learn how Google Analytics collects and processes data, please visit: “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners;
- Advertising, such as conducting advertising and content personalization on our Digital Properties and those of third parties; tracking activity over time and across properties to develop a profile of your interests and advertise to you based on those interests (“interest-based advertising”); providing you with offers and online content that may be of interest to you; and measuring the effectiveness of advertising campaigns and our communications with you, including identifying how and when you engage with one of our emails; and
- Security, such as preventing fraud and malicious behavior
C. Information collected
These tracking technologies collect data about you and your device, such as your IP address, location (both approximate and precise) cookie ID, device ID, Ad ID, operating system, browser used, browser history, search history, and information about how you interact with our Digital Properties (such as pages on our Digital Properties that you have viewed).
D. Disclosures of your information
We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Digital Properties, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Digital Properties.
E. Your tracking technology choices
Some of the third parties we work with participate with the Digital Advertising Alliance (“DAA”) and Network Advertising Initiative (“NAI”). The DAA and NAI provide mechanisms for you to opt out of interest-based advertising performed by participating members at http://www.aboutads.info/choices/ and https://optout.networkadvertising.org/. We adhere to the DAA’s Self-Regulatory Principles for Online Behavioral Advertising. You may also click on the AboutAds icon on a Company advertisement and follow the instructions on how to opt out.
You can also refuse or delete cookies using your browser settings. If you refuse or delete cookies, some of our Digital Properties’ functionality may be impaired. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies. If you change computers, devices, or browsers; use multiple computers, devices, or browsers; or delete your cookies, you may need to repeat this process for each computer, device, or browser. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives.
Some browsers have incorporated Do Not Track (“DNT”) preferences. At this time, we do not honor Do Not Track signals.
6. Your Preferences
You may email us to request corrections or changes to any Personal Data we maintain about you by using the contact information below in the “Contact Information” section.
You may opt out of receiving certain email communications from us by using the unsubscribe link in the footer of the email, updating your email preferences within your Services account settings (for registered users), or by contacting us to have your contact information removed from our promotional email list or registration database. Opting-out of certain email communications does not mean we will not contact you by email about your account or transactions between us.
7. Data Security and Data Retention
We maintain reasonable security procedures and technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, disclosure or use. However, no data transmission over the Internet can be guaranteed to be fully secure. We recommend that you take reasonable precautions to protect the Personal Data you send and receive from us.
Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to retain it for longer by applicable law. This includes retaining your Personal Data to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest. If you would like to know more about the retention periods applicable to your Personal Data, you can contact us using details provided in Section 9 (Contact Information) below.
8. Children’s Privacy
Our Digital Properties are intended for individuals 18 years of age and older. The Digital Properties are not directed at, marketed to, nor intended for, children under 18 years of age. As a general rule, we do not knowingly collect any information, including Personal Data, from children under 18 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 18, please contact us at the address in Section 9 (Contact Information) below, and we will take prompt steps to delete the information.
9. External Links
Our Digital Properties may contain links to external sites or other online services that we do not control, including those embedded in third party advertisements or sponsor information. We are not responsible for the privacy practices or data collection policies of such third-party services. You should consult the privacy notices of those third-party services for details on their practices.
10. International Transfers of Personal Data
If you are located outside of the United States and provide Personal Data to us, your Personal Data will be transferred to the United States, where data protection laws may differ from those of your home country. By providing us with your Personal Data, you acknowledge that your Personal Data will be transferred to the United States and processed on servers in the United States. If you do not want to have you Personal Data transferred and processed in the United States, please do not submit it us.
11. Contact Information
If you have questions regarding this Privacy Notice, please contact us at: legal@Hercules.com
12. Supplemental Information for Residents of Nevada
If you are a Nevada resident, you have the right to opt out of the sale of certain Personal Data, including your name and mailing address, to third parties. Please note, however, that we do not sell your Personal Data.
13. Supplemental Information for Residents of California
In addition to the disclosures above, if you are a California resident, this section provides supplemental information about how we process Personal Data about you and your rights regarding Personal Data. Please note that some of the Personal Data we collect about you (e.g., health information) may be subject to various health data privacy laws, and is therefore not subject to the California Consumer Privacy Act (“CCPA”).
A. Data Subject Rights
If you are a resident of California, you may have certain rights regarding Personal Data:
- Right to Know. You may have the right to request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, selling, or sharing the Personal Data, and to whom we have disclosed your Personal Data and why. You may also request the specific pieces of Personal Data we have collected about you.
- Right to Delete. You may have the right to request that we delete Personal Data that we have collected from you.
- Right to Correct. You may have the right to request that we correct inaccurate Personal Data that we maintain about you.
- Right to Opt Out of Sales/Sharing/Targeted Advertising. You may have the right to opt out of (i) the sale or sharing of your Personal Data and (ii) targeted advertising.
- Right to Opt Out of Profiling. You may have the right to opt out certain automated processing activities that are used to evaluate characteristics about you.
You may exercise the rights available to you by calling us at 1-833-773-6886 or emailing us at legal@Hercules.com.
In order to fully exercise the Right to Opt Out of Sales/Sharing/Targeted Advertising you must disable the use of advertising cookies and other tracking technologies by clicking the “palette” link in the bottom left side of the Hercules home page. You must complete this step on each of our websites from each browser and on each device that you use. These steps are necessary so that we can place a first-party cookie signaling that you have opted out on each browser and each device you use. Please note:
a. If you block cookies, we will be unable to comply with your request to opt out of sales/sharing/targeting with respect to device data that we automatically collect and disclose to third parties online using cookies, pixels, and other tracking technologies.
b. If you clear cookies, you will need to disable the use of all advertising cookies and tracking technologies in the preference center again on each browser on each device where you have cleared cookies. To the extent required by law, we will honor opt-out preference signals sent in a format commonly used and recognized by businesses, such as an HTTP header field or JavaScript object. We will process opt-out preference signals at the browser level.
We will not discriminate against you for exercising your privacy rights.
Verification: In order to process rights requests, we may need to obtain information to locate you in our records or verify your identity depending on the nature of the request. In most cases we will collect some or all of the following data elements: first and last name, email address, and telephone number. In some cases, we may request different or additional information, including a signed declaration that you are who you say you are. We will inform you if we need such information.
Authorized Agents: Authorized agents may exercise rights on behalf of an individual by submitting a request via legal@Hercules.com and indicating that they are submitting the request as an agent. We may require the agent to demonstrate authority to act on behalf of the individual by providing signed permission from the individual. We may also require you to verify your own identity directly with us or to directly confirm with us that the individual provided the authorized agent permission to submit the request.
Additional California Rights: California law also permits California residents to request certain information regarding our disclosure of certain categories of Personal Data to third parties for those third parties’ direct marketing purposes. To make such a request, please reach out to us at legal@Hercules.com. This request may be made no more than once per calendar year, and we reserve our right not to respond to requests submitted other than to the email or mailing addresses specified below.
B. Additional Data Processing Disclosures
Disclosure of Personal Data
Although we have not “sold” Personal Data for money in the past 12 months, we engage in routine practices with our Digital Properties involving third parties that could be considered a “sale” or “sharing” (i.e., for targeted advertising) as defined under California law. We do not knowingly sell or share any Personal Data of minors under the age of 16.
We only use and disclose Sensitive Personal Data for the following essential business purposes: (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use, including non-personalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) for purposes that do not infer characteristics about you.
Below please find a chart detailing the categories of Personal Data we collected and with whom it was sold, shared, or disclosed for a business purpose in the past 12 months.