STATEMENT OF IDENTITY
Proxima Platform
90 Alton Road
Miami Beach FL 33139
Data Protection Officer:
Alex de Aybar
305-833-8718
Alex.de.aybar@proximaplatform.net
TYPES OF PERSONAL INFORMATION WE COLLECT
Proxima Platform collects the following information from Healthcare Providers (HCP) in Japan:
First Name
Last Name
Specialty
Hospital Name
Address
City
Province
Postal Code
Email Address
Mobile Number
Gender
Age
PURPOSE OF COLLECTION AND USE
Under Article 21 of the APPI we are required to disclose the Purpose for the Collecting of your information
As a Healthcare Provider in Japan you may receive 3rd Party Promotional/Marketing/Educational & Compliance information from 3rd Parties who may be located in Japan or outside of Japan.
CONSENT
Proxima Platform requires consent from 1st Parties to use any and all Personal Identifiable Information (PII) for the following purposes
Marketing
Advertising
Promotional
Marketing
Educational
Compliance
Healthcare Providers in Japan can provide their consent by visiting:
https://www.proximaplatform.com/hcp-registration-portal
Healthcare Providers in Japan can immediately remove their consent by emailing their request directly to our CEO/Data Protection Officer
3rd Party Sharing
As a Healthcare Professional in Japan by providing your individual consent to Proxima Platform you are consenting to be contacted by our 3rd Party Partners via:
Direct Mail
Mobile
Programmatic Marketing (Display Ad)
As a Healthcare Professional in Japan by providing your individual consent to Proxima Platform you hereby provide your individual consent to include
3rd Party Data Transfer
3rd Party Data Transfer Outside of Japan to USA
DATA SUBJECTS RIGHTS
All data subjects defined as Healthcare Professionals in Japan have a right to access “records of third-party provisions.”
As a Healthcare Provider in Japan you have the right to inspect and or review your Data File by contacting our CEO/Data Protection Officer : alex@proximaplatform.net
As a Healthcare Provider in Japan you have the right to ask for Corrections/Additions/Deletion my contacting our CEO/Data Protection Officer : alex@proximaplatform.net
DATA SECURITY MEASURES
Proxima Platform restricts access to Healthcare Providers to only Authorized Individuals
Proxima Platform uses Key Cards & Biometric Readers to Restrict Access to our Data Center
Proxima Platform use secure encrypted passwords to protect Mainframe Access
Data Retention Policy
INSIGHT We retain data for as long it is useful in our products, either as an actual variable or in order to derive other variables
RECOGNITION We retain data for as long as it improves the matching and linking ability of our recognition products
CONTACT We retain data for as long as we are comfortable it is accurate and can be relied upon
Personal data that is not used for any purpose is deleted. If a data subject under APPI objects to us processing their data, we will remove it from our data products, and then from our environment in accordance with our data deletion cycle, unless we have a valid justification to hold on to it, such as to resolve disputes or comply with our legal obligations. We also retain personal data which is necessary to keep on a suppression file so if we obtain someone’s data again, we will know not to use it.
CHANGES AND UPDATES TO POLICY
Proxima Platform may update is Japan Privacy Policy pursuant to relevant business and or regulatory requirements and or changes. Proxima Platform will post on our Privacy Policy Page the Data and Changes were made.
US DATA PROTECTION POLICY SYSTEM
Please note that Proxima Platforms USA Data Protection Policy System has established security control measures in conformity with the standards prescribed by the APPI.
1. Information Regarding the Personal Data Protection System in the United States of America
The United States of America does not have a single, comprehensive federal law that governs the protection of personal data across all sectors and industries, unlike Japan's APPI or the European Union's GDPR. Instead, data protection in the U.S. is characterized by a sectoral and state-specific approach, enforced by various federal and state agencies.
Key aspects of the U.S. personal data protection system include:
- Sector-Specific Federal Laws: Certain types of personal data are protected by specific federal laws, such as:
- The Health Insurance Portability and Accountability Act (HIPAA) for health information.
- The Children's Online Privacy Protection Act (COPPA) for personal information collected from children under 13.
- The Gramm-Leach-Bliley Act (GLBA) for financial information.
- State-Specific Laws: Several states have enacted comprehensive privacy laws that provide significant rights to residents, such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), which grants consumers rights regarding access, deletion, and opt-out of the sale or sharing of their personal information. Other states are developing similar frameworks.
- Federal Trade Commission (FTC): The FTC is a primary federal agency responsible for enforcing consumer protection laws, including those related to privacy and data security, by prohibiting unfair or deceptive practices.
- Government Access to Data: It is important to note that under certain U.S. laws, such as the Foreign Intelligence Surveillance Act (FISA) and Executive Order 12333, U.S. government authorities may be able to access personal data, including data transferred from abroad, for national security or law enforcement purposes, subject to specific legal processes and oversight mechanisms.
Given this fragmented legal landscape, our transfers are underpinned by robust contractual safeguards to ensure a consistent level of protection.
2. Specific Measures Taken by the Recipient to Protect Your Personal Data
To ensure that your personal data receives an adequate level of protection when transferred to and processed by our recipient entity in the United States (e.g., [Name of US Entity, if applicable, or "our designated U.S. service providers"]), we have implemented the following specific measures:
- Contractual Safeguards: We have entered into legally binding data transfer agreements with the U.S. recipient(s). These agreements incorporate specific clauses that obligate the recipient(s) to:
- Process personal data only for specified, legitimate purposes.
- Implement appropriate technical and organizational security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.
- Limit access to personal data to authorized personnel who are bound by confidentiality obligations.
- Comply with data minimization principles, processing only data that is necessary for the stated purposes.
- Assist us in responding to requests from data subjects regarding their rights (e.g., access, correction, deletion).
- Notify us promptly of any personal data breaches and cooperate in mitigating their effects.
- Undergo regular audits or assessments to ensure compliance with these contractual obligations.
- Flow down similar data protection obligations to any sub-processors they engage.
- Internal Policies and Procedures: The U.S. recipient(s) maintain internal privacy policies and procedures designed to ensure compliance with their contractual obligations and industry best practices for data protection.
- Security Measures: The recipient(s) employ industry-standard technical and organizational security measures, including but not limited to, encryption of data in transit and at rest, access controls, firewalls, intrusion detection systems, and regular security assessments, to safeguard your personal data.
3. Your Rights
You have the right to request further information about this data transfer, including details of the specific contractual clauses and security measures implemented by the recipient.
If you wish to exercise this right or have any questions regarding the processing or transfer of your personal data, please fill in the form below: