Privacy Policy
We at Magnus Health are committed to protecting the information we have about you, our clients. We only use that information to help our clients manage their medical information. We are committed to being transparent about our practices surrounding how we manage and store your information.
Our Privacy Policy below describes how we collect personal information (including your medical information), how we protect that information, and what we do with it. Although we recommend that you read the entire policy, here is a summary of its main points:
- We will only use information to provide services to your school or camp.
- We will not sell your data.
- We have also taken the Student Privacy Pledge, which is a commitment made by companies who are entrusted with student data to treat that data responsibly.
Our customers use Magnus Health in part because of the security measures we use to protect information. Those measures are often substantially stronger than what our customers were previously using internally. You can find out more about our security measures on our Privacy and Security page.
Please contact your school or camp with any questions you may have about how his or her information is protected and used. Our service is just a small part of how they protect and use that data.
MAGNUS HEALTH, LLC PRIVACY POLICY
1. What This Privacy Policy Covers
This Privacy Policy describes how we, Magnus Health, LLC, collect, use and disclose personal information that we collect and receive through our main Magnus Health service (located at https://secure.magnushealthportal.com ), our apps for smartphones and tablets, our other websites, including www.magnushealth.com and www.magnus911.com, and our related services. The use of information collected through our service is limited to the purpose of providing the service for which our client has engaged Magnus Health, LLC. This Policy does not apply to the practices of companies that we do not own or control, or to people who we do not employ or manage. Similarly, this Privacy Policy does not affect any of the privacy policies, terms, and/or agreements between our Customers and their constituents.
We may provide links within our sites and services to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any personal information by such third parties, and we encourage you to review those third parties’ privacy policies and to ask them questions about their privacy practices as they relate to you.
As you read this Privacy Policy, you will notice that certain parts of it apply only to our public websites, which we refer to as the “Public Site.” Other parts apply only to Magnus Health service and its related websites and apps, which we refer to as our “Service.” Also, you will notice references to our “Customer”; this term refers to the school or camp which has engaged us to provide the Service.
This Privacy Policy uses the term “Personal Information” to refer to any information about a person which can be used to identify them or to distinguish them from other people. Personal Information includes information like a person’s name, address, phone number, login information to our Service, and demographic and health information.
When Personal Information relates to an individual (or their legal guardian), we refer to this as “Personal Information.” If it relates to a Customer, prospective Customer, vendor, or business partner (or any of their employees), then we refer to it as “Business Information.”
2. Personal Information We Collect
We collect the following Personal Information:
- Name, email and contact information received from visitors to our Public Site who request information regarding our Service on the Contact Us page or who download Veracross resources on our Resource Center, or who send us email or connect with us through social media;
- Personal Information received from Customers in connection with the implementation and provision of the Service. For example, Customers provide basic personal information, manually or through integration with student information systems, in connection with the Service when they are setting up the Service for use.
- Personal information received from parents or guardians when they use the Service on behalf of their students. This includes age, immunization history, allergies, and other information used by Customers in connection with the Service. Note that children under age 18 may not have their own account in the Service. Instead, their accounts are administered by their parent or guardian. We do not contact children under age 18 about our Service and do not ask them for Personal Information.
- Information regarding individuals who maintain accounts with our Service.
3. What we do with Personal Information
The Service helps schools and camps manage health care matters relating to their constituents, including students, their parents, their faculty, staff, and other related persons. We use Personal Information, such as demographic, health, and collected form information to provide the Service to our Customers and to provide support to them, which might include answering their questions and resolving their issues about individuals.
We may also provide Personal Information to emergency personnel and other healthcare professionals as described in our Service, consistent with applicable laws regarding privacy of Personal Information. These professionals may use your Personal Information to perform medical services as authorized, and to communicate with you.
We may also use Personal Information to derive aggregate information about large groups of individuals. That aggregate information might include, for example, the average age at which individuals are vaccinated against various diseases or the percentage of people who have nut allergies, but will not include any Personal Information. We may use this aggregate information for any purpose.
We use Business Information for our business purposes. We may use Business Information about Customers and prospective Customers to provide information about our products and services, other companies’ products and services and educational information. Business Information may be stored in our customer relationship management system and other systems in order to help us run our business.
We may provide Personal Information to companies that assist us in providing Services, such as a hosting provider or a customer service provider. These companies are authorized to use Personal Information only as necessary to provide these services. If any of these providers receive Personal Information, we will ensure that they are bound to restrictions at least as protective of Personal Information as the Student Privacy Pledge, described in section 7, below.
We will not sell any information to any third party except as allowed by section 8, which discusses what happens if our company is acquired.
4. Disclosures for Legal Reasons
In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose Personal Information in response to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.
In addition, we may share Personal Information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, or as otherwise required by law.
When we make any disclosure of Personal Information described by this section, we will limit the disclosure to only the minimum amount of information which is necessary, and will attempt to ensure that any information we do disclose is kept protected by, for example, submitting it under seal, obtaining a protective order or by requiring the party to whom it is disclosed to agree to keep the information confidential.
5. When we delete Personal Information
We generally keep Personal Information for the duration required to comply with legal requirements. We will, however, hold it longer if needed to provide the Service to our Customers, if we have a legal obligation to keep it for longer or if we require it to resolve a legal dispute.
We may delete Business Information when we determine that it is no longer useful to us, when required by law, or in accordance with our internal data retention practices and policies.
6. Technical Information
We gather certain information about the use of our Service and Public Site automatically. This information includes internet addresses, browser types, internet service providers (ISP), referring/exit pages, operating systems, date/time information, and click-stream data. Mobile devices may record information such as how often our app is used, the events that occur within the app, aggregated usage, performance data, and where the app was downloaded from.
We and our partners, analytics provider, and online customer support provider use this information to analyze trends, to administer the Service and the Public Site, to track users’ movements around the Service and the Public Site and to gather overall demographic information about our user base. We do not link this automatically collected data to other Personal Information.
Visitors to our Public Site can control the use of cookies at the individual browser level. Rejecting cookies may, however, limit some features or areas of the Public Site. Our mobile apps may also use and record geolocation data to provide location-based services to users. Users may opt-out of location-based services at any time by editing the setting at the device level. This may limit some features of the app.
7. Student Privacy Pledge
We have taken the Student Privacy Pledge, which is a public commitment made by providers of services to K-12 schools to responsibly collect and use student data. We take this pledge in addition to the other commitments we make in this Privacy Policy. The Student Privacy Pledge is incorporated into this Privacy Policy in its entirety. If this Privacy Policy would allow us to do something that the Student Privacy Pledge would not, then we will comply with the Student Privacy Pledge.
8. Acquisitions
If we are acquired, either because an unrelated entity has merged with us or has acquired our assets, then we will ensure that the acquirer also commits itself to the Student Privacy Pledge before providing it with any Personal Information. Once they take the Student Privacy Pledge, we will provide the acquirer with Personal Information so they can continue to provide the Service and related support. If the acquirer’s privacy policy is substantially different than ours, we will notify Customers before Personal Information is provided to the acquiror.
9. Access and Changes to Your Data
You may determine if we have any of your Personal Information and access, correct, or request deletion of your Personal Information by contacting us through our help desk . Before providing you with any information or allowing you to make changes, we will need evidence of your identity. In addition, much of the Personal Information we have can be updated through the Service. We will respond to your request within a reasonable timeframe.
Note that we do not have a direct relationship with individuals. Individuals may also contact their school or camp to determine how to access or correct Personal Information, including Information that is imported into the Service from a Information System.
10. Data Security
We maintain a comprehensive security program designed to protect Personal Information in our possession, which includes organizational, physical and technical safeguards. Certain of these measures are described on our Privacy and Security page.
11. Testimonials
We display personal testimonials of satisfied customers on our website in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@magnushealthportal.com.
12. Social Media Share Buttons and Widgets.
Our Public Site includes social media features, such as the Facebook Like button and widgets, as well as the ShareThis button and other interactive mini-programs that run on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our web site. Your interactions with these features are governed by the privacy policy of the company providing it.
13. Email Preferences / Unsubscribe
If you no longer wish to receive email from us on a going-forward basis, you may opt-out of receiving these emails by clicking “Unsubscribe” at the bottom of any email you receive from us.
14. Advertising Choices and Control
Magnus does not participate in behavioral advertising through its subscription Service and on related web sites (such as the Magnus web site used by Customers to enter information), and will not display ads on its Service. If our third-party partner(s) are providing advertising on our Public Site and you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here [https://optout.aboutads.info/] if you are based in the US, or here [https://www.youronlinechoices.eu/] if located in the European Union. Magnus cannot control all advertising you see while browsing our Public Site as this can be dependent on your individual browser and/or computer settings.
15. EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework
Veracross, LLC and its subsidiary, Magnus Health, LLC comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Magnus Health, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. Magnus Health, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
Magnus Health, LLC is responsible for the processing of personal data it receives, under the EU-U.S. DPF and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Magnus Health, LLC complies with the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over Magnus Health, LLC’s compliance with the EU-U.S. DPF and Swiss-U.S. DPF. In certain situations, Magnus Health, LLC may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF and the Swiss-U.S. DPF, Magnus Health, LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
16. Questions about Data Privacy
If you have questions or suggestions regarding our Privacy Policy or our Privacy Practices, please contact us at:
Magnus Health, LLC
Customer Care – Privacy Policy Issues
401 Edgewater Place
Suite 360
Wakefield, MA 01880
Or contact us through our Privacy Team.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time by posting a new version on our Public Site. We will notify users of the Service about significant changes in how we treat Personal Information by sending a notice to the primary email addresses listed in their accounts or by placing a prominent notice in the Service before the changes become effective.
Effective Date: May 24, 2022