SELECT Privacy Policy

Last Revised: 11/29/2021

1.  General

We know that your privacy is important to you, and we work hard to earn and keep your trust.  Within3, Inc. (collectively with its subsidiaries, “Within3,” “Company,” “we,” “us,” and “our,”) respects your privacy and is committed to protecting your privacy through our compliance with this Within3 Select Privacy Policy (the “Policy”). Our business collects information on individual health care professionals and their specialties from various sources. 

You may be reviewing this Policy because you received a notice that Within3 is processing your Personal Information (as defined below).  We would like to take this opportunity to tell you how we collect your Personal Information, how we share your Personal Information, and ways in which you may take action with respect to the Personal Information we have, including opting out of future processing. 

This Policy describes:

  • The types of information we collect about you from third-party websites, directories, subscription lists, or other sources through our services (collectively, our “Services”). 
  • Our practices for collecting, using, maintaining, protecting, and disclosing that information. 

This Policy applies to information we collect through third-party resources, both online and offline, as well as information we collect through the Services or in emails and other electronic messages between you and us.

Please read this Policy carefully to understand our practices regarding your information and how we will treat it.  If you do not agree with our policies and practices, then please opt out of our Services by emailing us at [email protected]  By choosing not to opt out, you agree to the terms of this Policy.  This Policy may change from time to time (see below, “Changes to this Policy”).  Your continued decision to not opt out of our Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates. 

2.  What We Collect and How We Collect It

To ensure that we provide our customers with the best possible experience, we will store, use, and share Personal Information about you in accordance with this Policy.  Personal Information is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, household or device (“Personal Information”). In particular, the Services have collected the following categories of Personal Information from individuals within the last 12 months:

Category

Examples

Collected

Identifiers.

A real name, postal address, unique personal identifier, country of residence, online identifier, email address, account name, telephone number, healthcare specialty, and practice name.

YES

Inferences drawn from other Personal Information.

Profile reflecting a person’s preferences, characteristics, predispositions, behavior, attitudes, abilities, and aptitudes.

YES

We obtain the categories of Personal Information listed above from the following categories of sources:

  • From Third-Party Websites and Services.  For example, we may collect information about you from third-party websites, directories, subscription lists, and other resources regardless of whether you have subscribed to the Services or not. 

The information that we collect in each case will vary.  

3.  How We Use Your Information

The information we gather and that you provide is collected to provide you information and the services you request, in addition to various other purposes, including, but not limited to: 

  • providing the information, products and Services our customers request;
  • security, credit, or fraud prevention purposes;
  • providing our customers with effective customer service;
  • selling your Personal Information to interested third parties, including pharmaceutical companies and other life science industry organizations;
  • contacting our customers with special offers and other information we believe will be of interest to them (in accordance with any privacy preferences you have expressed to us);
  • contacting our customers and prospective customers with information and notices related to their use of the Services;
  • better understanding our customer’s needs and interests;
  • improving the content, functionality, and usability of the Services;
  • improving our products and Services;
  • improving our marketing and promotional efforts; and
  • any other purpose identified in an applicable privacy notice, click-through agreement or other agreement between you and us.

4.  How We Share Your Information

We may share your Personal Information by disclosing it to a third party for a business purpose, including, in some cases, selling your Personal Information to interested third parties, such as pharmaceutical companies and other life science industry organizations. 

In the preceding 12 months, we have disclosed the following categories of Personal Information for one or more business purposes:

  • Identifiers; and
  • Inferences drawn from other Personal Information.

We disclose your Personal Information for a business purpose to the following categories of third parties:

  • Our affiliates; 
  • Pharmaceutical companies;
  • Life science industry organizations; and
  • Third-party vendors who provide services that enhance our Services.

Except as described in this Policy, we will not share your information with third parties without your notice and consent, unless it is under one of the following circumstances:  

  • Legal Reasons.
    • We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, subpoena, or court order;
    • To respond to duly authorized information requests from law enforcement or other governmental authorities;
    • To investigate and prevent security threats, fraud, or other malicious activity; or
    • To respond to an emergency that we believe in good faith requires us to disclose such information to assist in preventing the death or serious bodily injury of any person or Company employee.
  • Sale of Business or Merger. There are circumstances where the Company may decide to buy, sell, or reorganize its business in selected countries.  Under these circumstances, it may be necessary to share or receive Personal Information with prospective or actual partners or affiliates. In such circumstances, the Company will ensure your information is used in accordance with this Policy.

5.  Your Choices and Selecting Your Privacy Preferences

We want to provide you with relevant information that you have requested.  When possible, we will always provide options as to what information we collect and how you can manage any preferences that pertains to such information.  

If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed.  Transactional or service-oriented messages, such as delivery confirmation messages, are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services, and are not intended for the purposes of marketing.

We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information.  After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email.  Please note that by opting out or unsubscribing you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.  

6.  Accuracy and Access to Your Personal Information

We strive to maintain and process your information accurately.  We have processes in place to maintain all of our information in accordance with relevant data governance frameworks and legal requirements.  We employ technologies designed to help us maintain information accuracy on input and processing. 

Where we can provide you access to your Personal Information in our possession, we may ask you for information to authenticate your identity.  To view and change the Personal Information that you have provided to us, you can contact us directly for assistance.

7.  Information of Minors

We do not intentionally seek to gather information from individuals under the age of 18.  We do not target the Services to minors, and would not expect them to be engaging with our Services.  We encourage parents and guardians to provide adequate protection measures to prevent minors from providing information unwillingly on the internet.  If we are aware of any Personal Information that we have collected about minors, we will take steps to securely remove it from our systems.  

8.  Third-party Websites 

This Policy does not apply to websites or other domains that are maintained or operated by third parties or our affiliates.  Because this Policy is not enforced on these third-party websites, we encourage you to read any posted privacy policy of the third-party website before using the service or website and providing any information.  

9.  Your California Rights

Shine the Light Law.  California Civil Code Section 1798.83 permits California residents whose Personal Information is collected through our Services to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected], or write us at P.O. Box 450679, Westlake, Ohio 44145 . 

Do Not Track Signals.  Other than as disclosed in this Policy, the Services do not track users over time and across third-party websites to provide targeted advertising.  Therefore, the Services do not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser. 

10.  For Services Users or Visitors Outside of the United States

We do not warrant or represent this Policy or the Services’ use of your Personal Information complies with the laws of any particular jurisdiction around the world.  Furthermore, to provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours.  Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.  

11.  For Services Users or Visitors in the European Union (“EU”)

Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”), individuals in the EU are afforded specific rights with respect to their Personal Information, or “personal data” as defined under the GDPR.  For the purposes of this Policy, the Company operates as a data controller.  Any personal data we collect from you is processed in the United States and under the terms of this Policy.  

Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing.  You may always withdraw your consent to our use of your personal data as described below.  We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below. 

The Data Controllers are:

NAME: Within3, Inc. 

ADDRESS: P.O. Box 450679, Westlake, Ohio 44145

EMAIL ADDRESS: [email protected]

You can exercise any of the following rights, subject to verification of your identity, by notifying us as described below: 

  • Access. You may email us at [email protected] to request a copy of the personal data our Services databases currently contain. 
  • Automated Processing and Decision-Making.  You may email us at [email protected] to request that we stop using your personal data for automated processing, such as profiling.  In your email, please explain how you wish us to restrict automated processing of your personal data.  When such restrictions are not possible, we will advise you accordingly.  You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data.
  • Correction or Rectification. You can correct what personal data our Services database currently contains by emailing us at [email protected] to request that we correct or rectify any personal data that you have provided to us or that we have collected.  We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause information to be incorrect.  Where applicable, we will ensure such changes are shared with trusted third parties. 
  • Restrict Processing. When applicable, you may restrict the processing of your personal data by submitting a request via email to [email protected]  In your email, please explain how you wish us to restrict processing of your personal data.  When such restrictions are not possible, we will advise you accordingly.  You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data. Where applicable, we will ensure such changes are shared with trusted third parties. 
  • Object to Processing. When applicable, you have the right to object to the processing of your personal data by submitting a request via email to [email protected]  When such objections are not possible, we will advise you accordingly.  You can then choose to exercise any other rights under this Policy, to include withdrawing your consent to the processing of your personal data.  Where applicable, we will ensure such changes are shared with trusted third parties.  
  • Portability. Upon request and when possible, we can provide you with copies of your personal data.  You may submit a request via email to [email protected]  When such a request cannot be honored, we will advise you accordingly.  You can then choose to exercise any other rights under this Policy, to include withdrawing your consent.  Where applicable, we will ensure such changes are shared with any trusted third parties.
      
  • Withdraw Consent. At any time, you may withdraw your consent to our processing of your personal data through the Services by notifying us via email at [email protected]  Please type the words “WITHDRAW CONSENT” in the subject line of your email.  Upon receipt of such a withdrawal of consent, we will confirm receipt, take steps to authorize your identity, and proceed to stop processing your personal data.  Where applicable, we will ensure such changes are shared with trusted third parties. 
  • Erasure. If you should wish to cease use of our Services and have your personal data deleted from our Services, then you may submit a request by emailing us at [email protected]  Upon receipt of such a request for erasure, we will confirm receipt, proceed to authorize your identity, and we will confirm once your personal data has been deleted.  Where applicable, we will ensure such changes are shared with trusted third parties. 
  • Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below.  If you reside in a European Union member state, you may also lodge a complaint with the supervisory authority in your country.

12.  Safeguarding the Information We Collect

We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure.  However, we can never promise 100% security.  Please also notify us of any actual or suspected unauthorized use of your Personal Information.      

13.  Changes to this Policy

This Policy describes our current policies and practices with regard to the information we collect through the Services.  We are continually improving and adding to the features and functionality of the Services along with the products and services we offer through the Services.  If we make any changes to this Policy, a revised Policy will be posted on this webpage and the date of the change will be reported in the “Last Revised” block above.  You can get to this page from any of our webpages by clicking on the “Privacy Policy” link (usually at the bottom of the screen).

14.  How to Contact Us

We value your opinions and welcome your feedback.  To contact us about this Policy or your Personal Information, please contact us by email at [email protected]

 Information We Collect

Information we collect to improve our services

Within3, Inc., is committed to Users’ ongoing needs. Our goal is to constantly improve the quality and depth of the services we provide to Users on the Site. In order to continuously improve the Site, we need to learn from the way Users interact with our system. For example, we are interested in what features Users access frequently, how Users find out about the Site (e.g. if you linked to the Site from another Web site, the address of that Web site), and how we can use the information you provide to us (geographic location, previous searches, interests) to make search results more relevant to each individual User. We also store information about the technology you use to access the Site, such as the type of browser (e.g. Internet Explorer, Firefox, Chrome) and operating system (e.g. Windows, OS X) you use. We strive to provide a system that meets your needs and adapts to better serve you. Therefore, we store information about the way each User accesses and uses the Site, and we use this information to improve the services we provide to you.

Finally, Within3, Inc., collects information about our Users at the aggregate level. Some examples of aggregate information may include, without limitation, the number of Users utilizing the Site, the number of Users utilizing the Site within a particular specialty or geographic region, statistics on the number of times a particular search term was used, and the number of Users who accessed “opt-in” portions of the Site. This information may be used in various ways to enhance the Site, and we may share anonymous versions of this information with third parties to improve and/or fund the services we provide to you. In cases of onward transfer to third parties of data of EU and Swiss individuals received pursuant to the EU-US and Swiss-US Privacy Shield, Within3, Inc., is potentially liable.

Information we collect to provide additional features and services

From time to time, you will be asked to provide certain personal information. If provided, we will store such information, and you will not be anonymous to us. For example, we will ask you to provide and we will collect certain information at registration when you enter your member profile, which may include your name, business/practice name, and email address. At the time of registration, we will clearly label which information is required and which information you may optionally provide at your discretion. We may also ask you to provide additional information after registration in order to provide you with additional services and features.

We recognize that some users may want to access additional features provided by organizations other than Within3, Inc. and that the structure and environment provided by the Site may uniquely complement or enhance those features. At the same time, we understand that many such services require Users to provide personal information. We are committed to protecting your personal information and providing you with unique opportunities through the Site. Therefore, to meet both goals, we may provide you with opportunities in which you may participate by electing to “opt-in”. Within3, Inc., will inform you when a particular feature would require you to “opt-in”, and we will not share your personal information unless you explicitly grant us permission to do so.

Several features on the Site allow you to post personal information that will be viewable to certain Users of the Site. For example, any information contained in a discussion board message, along with the message’s associated name will be viewable by certain registered Users. When posting messages on the discussion boards, you should not reveal anything that you want to keep private. If the information you are providing is going to be stored on our systems, we will notify you at the time of input.

Use of cookies

Cookies are a technology used by the Site to identify Users as they move through the Site. Your browser allows us to place some information on your computer’s hard drive that identifies the computer you are using. We use cookies to personalize the Site and to track your usage. Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to you. If your browser is set to reject cookies, websites that are cookie-enabled will not recognize you when you return to the website, and some website functionality may be lost. The Help section of your browser will tell you how to prevent your browser from accepting cookies.

Although cookies do not normally contain personally identifiable information, if you are a registered user, we may associate your registration information with cookies the Site places on your computer’s hard drive. Associating a cookie with your registration data allows us to offer increased personalization and functionality. For example, you can elect to have the Site “remember” your username and password and bypass the sign-in process on each visit to the Site. Without cookies, this functionality would not be possible.

 

How We Use Your Information

This section of our Privacy Policy identifies the ways we use the information we collect about you.

Under certain circumstances, Within3, Inc., may be required to disclose information about particular Users when required by law. For example, we may be required to provide information in response to subpoenas or court orders. We may also provide information regarding particular Users in the event that we must establish or exercise our legal rights or defend against legal claims. For example, we may disclose the information if we are notified or suspect that a User or group of Users are engaging in illegal activities, fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Within3, Inc., takes both the privacy and the safety of our Users very seriously, and we will do our best to protect both.

The Site may contain links to other websites and Internet resources (e.g., online journals, news sources) to supplement your experience on the Site. This Privacy Policy only pertains to the information you submit to the Site. Information you elect to submit to other websites or services by accessing optional features or leaving the Site is not protected by this Privacy Policy. Those features or websites may have their own policies, and we encourage you to review the privacy policies of the websites and services you access.

Other disclosures

When you register, you will have the choice to have your personal information displayed to other Users, based on the degrees of separation that exist between you and the other Users. By opting to display your personal information with other Users, you are expressly authorizing other Users to contact you and send you messages. You may change your disclosure preferences at any time. We may transfer information about you in the event that Within3, Inc, or substantially all of Within3, Inc.’s assets become owned or controlled by other individuals or entities.

Protection of Collected Information and Limitations

This section addresses the ways we safeguard your information as well as the limitations on such protection.

Your communications

The Site provides an internal communication system so you can easily communicate with other Users on the Site. Within3, Inc., respects the privacy and sensitivity of your communications. Because the messages exchanged on the Site reflect the beliefs and views of the Users who send them, Within3, Inc., is not responsible for the content of the messages exchanged on our system. Within3, Inc., is committed to a collegial and cooperative environment. If you receive or become aware of inappropriate (e.g. defamatory comments, harassment, threats, etc.) messages on the Site, please notify us immediately. To provide you this communication service, Within3, Inc., must act as a messenger between you and other Users. Therefore, when you click “Send” to submit a message on the Site, we interpret that act as your authorization for us to deliver that message. Please be careful when selecting recipients for your message, as we cannot “unsend” a message once you have sent it. If you choose to share your information with any other party, Within3, Inc., is not responsible in any way for loss of privacy or any other claim relating to or arising from such disclosure.

Within3, Inc.’s services facilitate the collection and distribution of medical advice and opinions among medical professionals. Within3, Inc., requests that you carefully consider the advice you receive on the Site and that you take all precautions to protect the identity of your patients. In accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, please do not transmit or allow the transmission of any individually identifiable medical information without PRIOR authorization from the respective patient.

International Data Transfers

Within3 offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union and the United Kingdom, and other international transfers of personal information. Please contact us at [email protected] for a copy of our standard data processing addendum, which incorporates Model Clauses.

Within3 remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, although it is not currently relying on these frameworks for the transfer of personal data.

Within3, Inc., is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

EU-US and Swiss-US Privacy Shield

Within3, Inc., complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Within3, Inc., has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Within3, Inc., commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Within3, Inc., at:

Within3, Inc.
Attention: John Wallenhorst
14701 Detroit Avenue, Suite 600
Lakewood, OH 44107
United States

Within3, Inc., has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a nonprofit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.auto.bbb.org/eu-privacy-shield-complaint-form/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under certain limited conditions you may invoke last resort binding arbitration before a Privacy Shield Panel.

Within3, Inc., is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

EU General Data Protection Regulation (GDPR)

Within3 supports the strong data privacy protections and security principles brought forth in the EU’s GDPR. We obtain your explicit consent to process your data when you choose to set up an account on our website. You can remove your account and all other personal data from our system at any time by contacting us at [email protected].

California Consumer Privacy Act (CCPA)

Within3 supports the rights of California consumers as brought forth in the California Consumer Privacy Act or “CCPA”. Please see the “Information We Collect” and “How We Use Your Information” sections as they describe our approach to personal data. Within3 does not sell the personal information we collect. Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt-out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights. California consumers can pursue these rights by contacting us at [email protected].

Security

Information you submit to Within3, Inc., is encrypted using the Transport Layer Security (“TLS”) encryption standard. TLS is the industry standard means to protect sensitive, personal information (e.g. credit card numbers, bank account information) as it passes over the Web to a server. TLS does two things: (i) the encryption helps prevent information from being intercepted by a third party while in transit on the Web, and (ii) because a website must obtain a “digital certificate” to implement TLS, it authenticates that the server receiving your information is who it claims to be. Within3, Inc., also uses care to protect your information once it is stored on our database. Unfortunately, no transmission of information over the Internet or local area networks can be guaranteed to be completely secure, but Within3, Inc., has implemented industry-standard security measures to protect your information.

Within3 employees

Employees of Within3, Inc., are required to keep User information obtained in the performance of their duties under confidence. Only a limited number of employees are authorized to access your personal information. We require all employees to comply with the terms of our Privacy Policy.

Managing Information We Collect

This section informs you of the procedures available for accessing your information as well as the choices you have regarding amending, deleting, or modifying your personal information.

Access to information and choices

If you believe that your personal information stored on the Site is in error, you may edit your personal profile any time directly on the Site. Requests for deletion of your record may result in your removal from the registry, but we may keep certain demographic information about you for product improvement purposes. You may contact Customer Support at [email protected] and ask for the changes that you would like to make.

Within3, Inc., may revise or update this Privacy Policy at any time. Please periodically visit this page, and if you wish, print the latest version for your records. The information you submit and store on the Site will be subject to the current Privacy Policy. In the event that we make significant changes to our Privacy Policy, we will conspicuously post those changes and/or notify you. If you have any questions or comments, please contact us.

Changes to our Privacy Policy

Within3, Inc., reserves the right to modify, add, or remove portions of this Privacy Policy at its discretion. If we decide to change this Privacy Policy, we will post those changes in this location. Continued use of our communities following any changes in our Privacy Policy indicates your consent to the amended Privacy Policy. If you would like your personal information removed following a change to the Privacy Policy, or if you have any questions about our Privacy Policy, you may contact by using our email address: [email protected].

“The virtual format reduces the burden on the
advisors and on my team, at a significantly
reduced cost.”

MEDICAL AFFAIRS TEAM LEADER, RARE DISEASE