2. About Allscripts
Allscripts is a leader in healthcare information technology solutions that advance clinical, financial and operational results. Our innovative solutions connect people, places and data across an Open, Connected Community of Health™. Connectivity empowers caregivers to make better decisions and deliver better care for healthier populations.
3. Information We Collect
Allscripts’ primary goal in collecting personal data from you is to give you a meaningful, enjoyable and customized experience while using our websites and to allow us to develop new products and services that are relevant to visitors like you. Personal data also allows us to provide services and features that most likely meet your needs, and to customize our service to make your online experience smooth and efficient.
- Personal data
- To provide access to certain information on our websites, we need to collect certain personal data identifying who you are, your e-mail address, phone number and your mailing address. Visitors may also be asked to select a user ID and password. If you opt not to provide your personal data, you can still access our websites; however, you may be unable to gain access to certain information.
- Aggregate and statistical data
4. Sensitive Information
We will not collect sensitive information through our websites unless it is required. We ask that you not send us or share any sensitive personal data (e.g., government-issued or financial account numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background or trade union membership) unless we specifically request this information.
5. Children’s Information
Allscripts’ website is not directed to minors. If you believe that we have mistakenly or unintentionally collected personal data of a minor through our website without appropriate consent, please notify us as detailed in our Contact Information section below so that we may immediately delete the information from our servers and make any other necessary corrections.
6. How we use your Information
- We use personal data about you to improve our marketing and promotional efforts; to statistically analyze site usage; to improve our content and product offerings; and to customize our sites' content, layout and services. We may also use your personal data to deliver information to you that, in some cases, is targeted to your interests, new services and promotions. We believe these uses allow us to improve our site and better tailor it to meet our visitors' needs. Allscripts may combine non-personal data collected automatically (e.g., through web log data) with your previously submitted personal data.
Aggregate and statistical data
- Allscripts uses web log information (such as your web browser, operating system, pages visited, etc.) to help us design our website, to identify popular features, and for other managerial purposes. However, web logs may be used if necessary to help identify any person attempting to break into or damage our website. We may share web log information with law enforcement agencies if we believe that we have evidence of a violation of computer security or related laws.
7. Legal Basis of Processing
We collect and process (i.e. use) personal data about you where we have lawful bases. In a majority of the cases, processing will be justified on the basis of:
- In specific situations, we can collect and process your data with your consent.
- When collecting your personal data, we will make clear to you which data is necessary in connection with a particular service.
- Contractual obligations
- In certain circumstances, we need customers’ personal data to comply with our contractual obligations.
- Legal compliance
- If the law requires us to, we may need to collect and process your data.
- Legitimate interest
- In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
- In specific situations, we can collect and process your data with your consent.
8. How We Protect Your Information
Allscripts is committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration. Vendors, contractors, or partners of Allscripts who have access to your personal data in connection with providing services for Allscripts are required to keep the information confidential and are not permitted to use this information for any other purpose than to carry out the services they are performing for us. When necessary, we use secure connections on our web sites to protect information during its transmission. Access to your personal data is password-protected and we regularly monitor our system for possible vulnerabilities and attacks.
9. How Long We Retain your Information
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
10. How We May Share Your Information
Except as stated below, we will not share, trade or sell personal data of our visitors for use by any business. However, aggregated and statistical data from our visitors may be shared with our partners in a manner that does not identify you personally. For example, we may let a partner know that approximately "75% of our visitors use high speed connections or access our site after 7pm." We may share personal data with service providers or contractors that perform services for us and act at our direction. The services they provide may include such activities as direct mailing, fulfillment services, or e-mail campaigns. When you have agreed to receive such services, we also may share personal data with our business partners that provide joint offerings with us. When we do so, such business partners are restricted in using your data to provide the services you’ve agreed to.
Allscripts may share your personal data with any person or company that acquires Allscripts’ business or any portion of the Allscripts business to which your personal data relates. Allscripts will ensure that any person or company to which your personal data is transferred agrees to abide by the same privacy obligations as Allscripts. Allscripts also reserves the right to share personal data to respond to duly authorized information requests of governmental authorities or where required by law. We may also share personal data in responding to requests from law enforcement officials, government bodies or judicial authorities to address matters of personal or public safety, national security, litigation, investigations (including data security incident investigations), and other legal matters where the data is pertinent.
11. Cross-Border Data Transfers
Allscripts operates international offices and has developed global data privacy and security practices designed to ensure that your personal data is appropriately handled and protected. Please note that personal data may be transferred, accessed and stored globally as necessary for the uses and disclosures stated above in accordance with this policy. By providing your personal data to Allscripts you consent to Allscripts transferring your personal data to its affiliates globally and to third party entities that provide services to Allscripts.
For transfers of personal data between Allscripts and its global affiliates as described above, Allscripts maintains an intracompany data transfer agreement to ensure the adequate protection of your personal data. For transfers of personal data originating from the European Economic Area (“EEA”) and the United Kingdom to Allscripts affiliates and unaffiliated third parties located outside the EEA and the United Kingdom, Allscripts relies on the European Commission-approved controller to processor Standard Contractual Clauses, which bind both parties to maintain the privacy and security of the personal data being transferred.
12. Third-party Websites
13. Your Rights Over Your Information
If you are a resident of the EEA or the United Kingdom, subject to certain exemptions, the processing activity and jurisdiction:
- You have the right to:
- Access to the personal data we hold about you, free of charge in most cases. You can access your account information by logging in to your account. If you request access to additional personal data, you can contact us at the information below.
- The correction of your personal data when it is incorrect, out of date or incomplete. You can correct your account information by logging in to your account. If you would like to request correction of additional personal data, you can contact us at the information below.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Allscripts does not currently engage in activities in which decisions are made that are solely based on automatic processing of data (i.e. where no human has yet reviewed the outcome and criteria for the decision); however, to the extent that Allscripts begins to engage in this type of processing, you may request a review of any decision that is made in this manner.
You can send us a request to exercise these rights and access, correct, or remove your personal data by contacting us at any time at: DataProtectionOfficer@allscripts.com
If you send us a written request to access, correct, or remove your personal data or to remove yourself from a database, we will respond to your request within 30 days.
If we choose not to act upon your request we will explain to you the reasons for our refusal.
- Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
- Where we rely on our legitimate interest
- In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
- We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data
- Your right to object to direct marketing
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels.
- You may opt out of e-mail marketing by using our general unsubscribe automated link that is included in Allscripts’ marketing e-mails.
- Checking your identity
- If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
If you are a California resident, you may be afforded certain additional rights under the California Consumer Privacy Act of 2018 regarding our use of your personal information. To learn more about your California privacy rights, visit our CALIFORNIA PRIVACY NOTICE.
14. Contact Information
If you have any questions that we have not answered, please contact our Data Protection Officer who will be pleased to help you:
- Email us at Privacy (at) allscripts (dot) com
- Or write to us at:
Attn: Privacy Officer
222 Merchandise Mart Plaza
Chicago, Illinois 60654
Date of Last Update: November 17, 2020
Discover how, together, we can expand the possibilities at your own organization today—all through the power of Allscripts partnership, solutions and services.