Scope and overview
This Website Privacy and Cookie Notice (the “Notice”) explains how DeepHealth, Inc. (“DeepHealth,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you visit our websites, microsites, portals, and other online services such as social media pages to the extent DeepHealth controls the processing on those pages (together, “websites”). It incorporates our cookie policy and serves as our comprehensive online privacy policy. It also explains your choices and rights under laws in the European Economic Area (EEA), the United Kingdom (UK), and the United States (US).
This Notice applies globally to our website processing. Where laws differ, we shall process personal data in accordance with applicable legal requirements, including but not limited to the EU General Data Protection Regulation (GDPR), UK GDPR, Swiss Data Protection Act, and applicable national implementations. For websites, forms, pages, or redirects associated with DeepHealth subsidiaries, acquired businesses, affiliates, or country-specific operations, this Notice applies to processing controlled by DeepHealth, Inc. or processing expressly linked to this Notice. Where required by applicable law, supplemental local notices will identify the relevant local controller, local contact, and supervisory authority information for that local processing.
This Notice does not apply to protected health information handled in our clinical products or services. When we act as a business associate or service provider under HIPAA or similar laws, privacy terms are governed by our contracts, Business Associate Agreements, and product-specific notices. We do not collect customer information for the specific purpose of market analysis, competitive intelligence, site-selection analysis, customer benchmarking, commercial strategy, or competitive advantage for DeepHealth, RadNet, or any affiliate.
To the extent we collect technical, support, security, or service-related usage data, we collect and use that information only for legitimate operational purposes, such as service delivery, account administration, support, security, fraud prevention, legal compliance, product maintenance, and internal performance monitoring needed to operate the service. We do not disclose customer market analysis data, utilization data, or similar business metrics to RadNet or any affiliate for competitive purposes. Nor do we permit that information to be used to build or maintain commercial intelligence concerning any customer, prospect, or competitor.
Definitions used in this Notice
For purposes of this Website Privacy and Cookie Notice, the following terms have the meanings described below. Where a term is defined differently under applicable law, the definition that provides the greatest protection to individuals applies.
Personal data means any information that identifies or relates to an identified or identifiable individual, including direct identifiers (e.g., name, email address) and indirect identifiers (e.g., IP address, device ID, unique cookie ID).
Sensitive Personal Information means information defined as “sensitive” under applicable law, including but not limited to:
- Precise geolocation
- Account log-in credentials
- Racial or ethnic origin
- Religious or philosophical beliefs
- Union membership
- Biometric identifiers or biometric information
- Genetic dataInformation concerning a person’s sex life or sexual orientation
- The contents of a consumer’s mail, email, or text messages, unless we are the intended recipient.
Sell means disclosing personal data to a third party for monetary or other valuable consideration as defined by applicable law.
Share means disclosing personal data to a third party for cross-context behavioral advertising or similar targeted advertising uses, as defined by applicable law.
Consumer health data means information that identifies or is reasonably linkable to a consumer, and that reveals physical or mental health status or is processed to infer such status or health information, as defined by applicable state law.
Cookies include browser cookies, SDKs, pixels, tags, local storage, and similar technologies.
Profiling means automated processing of personal data to evaluate personal aspects relating to an individual, such as analyzing or predicting preferences, interests, health, behavior, location, or movements.
Precise geolocation means data derived from a device that can locate an individual within a specific radius as defined by applicable law.
Service provider/contractor means a person or entity that processes personal data on behalf of DeepHealth under a written contract limiting use to specific services and prohibiting sale or sharing for other purposes.
What we collect
Categories of personal data
- Identifiers and contact data such as name, email address, and phone number when you submit forms.
- Online identifiers such as IP address and device identifiers.
- Internet or network activity including pages viewed, links clicked, session duration, and referring URLs.
- Approximate geolocation derived from IP address at city or region level.
- Inferences created from analytics solely to improve website functionality, accessibility, performance, and security.
- Feedback and communications you send to us.
- Call recordings for quality assurance, training, or incident response, where permitted by law and with required notices provided at the start of such calls.
Sources
- Directly from you when you submit forms or communicate with us.
- Automated collection from your browser or device when you access our sites.
- Service providers that support our websites, analytics, and security.
- From third parties where permitted by law, such as event organizers, co-hosts, referrals, and publicly available professional sources relevant to your interaction with us.
We do not obtain customer operational, utilization, performance, install-base, or similar business metrics from third parties for market analysis, competitive intelligence, site-selection, or competitive advantage for DeepHealth, RadNet, or any affiliate. To the extent we collect technical, support, security, or service-related usage data through our websites or related interactions, we collect that information only for legitimate operational purposes and not for competitive purposes.
How we use personal data
We use personal data to:
- Provide, operate, and secure websites and online services.
- Respond to inquiries and manage relationships.
- Measure website performance, content, accessibility, security, and user experience.
- Detect, prevent, and investigate security incidents and fraud.
- Send requested communications, including newsletters and event-related communications, and manage subscriptions and registrations.
- Comply with legal obligations and enforce terms.
Legal bases for processing in the EEA and UK
- Legitimate interests to operate and secure our websites, respond to inquiries, manage business relationships, administer subscriptions and event registrations, and improve website functionality, balanced against your interests and fundamental rights.
- Consent where required for cookies and similar technologies that are not strictly necessary.
- Compliance with legal obligations.
Who we disclose personal data to
- Service providers that host our sites and provide security, analytics, and customer support. These providers are bound by contract to use personal data only to provide services to us and not for their own market analysis, competitive intelligence, or other independent commercial purposes. To the extent service providers process technical, support, security, or usage data, they may do so only to deliver, support, secure, maintain, or improve the applicable service for DeepHealth and not to benchmark, profile, or generate competitive intelligence about any customer.
- Corporate affiliates that assist with website operations, subject to this Notice and only to the extent necessary for those operational, administrative, legal, compliance, security, or support functions. Any affiliate access shall be role-based, need-to-know, and limited to the personal data reasonably required for that function.
- Public authorities where required by law, court order, or to protect rights and safety.
- Professional advisors (e.g., lawyers, auditors) under confidentiality.
- Event co-hosts and promotional partners as described at the time of registration. When you register for a co-hosted event, your information may be provided to that partner, subject to a link to their privacy notice.
- Business transfers: If we are involved in a reorganization, merger, acquisition, or sale of assets, personal data relevant to the transaction may be transferred as part of that deal solely as reasonably necessary to evaluate, negotiate, complete, integrate, or administer the transaction, subject to applicable data laws and any required notices. Any such disclosure shall be subject to confidentiality restrictions and shall not authorize use of customer operational, utilization, performance, install-base, or similar business metrics for unrelated competitive analysis, market intelligence, site-selection, or competitive expansion planning.
Cookies and similar technologies
Consent and control
We set only strictly necessary cookies by default. For DeepHealth websites that use analytics or other non-essential cookies or similar technologies, those technologies load only after you consent through the applicable cookie preferences tool, where required by law. You can withdraw consent at any time through the same interface, and we will stop further non-essential cookie deployment from that point forward. We maintain consent records where required by law.
Cookie registry
For DeepHealth websites that use a cookie preferences tool, the applicable tool provides the current cookie registry for that site and identifies each cookie or similar technology, its provider, purpose, duration, and category.
Examples of cookies we use
- Necessary cookies. Required for site functionality and security (e.g., session management, load balancing).
- Preference cookies. Remember your settings and choices (e.g., language selection).
- Statistics cookies. Help us understand how visitors interact with the site (e.g., analytics tools) for website performance, functionality, security, and user experience purposes only. We do not use cookies, analytics, or similar telemetry to derive customer market analysis, customer operational patterns, utilization trends, or similar business intelligence for competitive purposes.advertising.
For the most current and complete list for a particular DeepHealth website, see the applicable cookie preferences tool for that site, where available.
Embedded content and social media
Where technically supported and required by law, we block non-essential embedded content until you opt in to the relevant category.
Operational Consent
- Prior blocking. Where required by law, non-essential cookies, tags, and embeds do not load until consent is provided.
- Withdrawal symmetry. When you withdraw consent, we stop further non-essential cookie and similar technology deployment from that point forward.
- Signal handling. Where required by applicable law and technically supported, we honor legally recognized universal opt-out signals for that browser or device.
- Change control. New non-essential tags or embeds require privacy review before release.
- Emails and web beacons. Our marketing emails may include web beacons or similar technologies that provide delivery and engagement metrics (e.g., opens, link clicks) for campaign administration and performance measurement only, and not to generate competitive intelligence about any customer or its operations. You can unsubscribe at any time using the link in the message; when you unsubscribe, we shall suppress future marketing emails and update linked systems to honor your preference across future campaigns.
Selling, sharing, and targeted advertising
We do not sell personal data for money. If a particular analytics, advertising, or cookie technology is deemed a sale, sharing, or targeted advertising under applicable law, you may opt out through the applicable cookie preferences tool or by using a recognized opt-out preference signal where supported. We do not disclose customer market analysisx data, customer operational or utilization data, or similar business metrics to RadNet or any affiliate for competitive purposes, whether through analytics, advertising technologies, affiliate disclosures, or otherwise. Nor do we permit those channels to be used to build or maintain commercial intelligence concerning any customer, prospect, or competitor. Where required, our websites provide access to available consent and opt-out controls.
We do not offer financial incentives in exchange for personal data, and we do not discriminate against you for exercising your rights.
Universal opt-out signals
Where required by applicable U.S. state privacy law and technically supported, we honor legally recognized universal opt-out signals, such as Global Privacy Control, for that browser or device. Because there is no uniform legal or technical standard for “Do Not Track” signals, we do not respond to DNT at this time.
Consumer Health Data and Sensitive Personal Information
We do not collect consumer health data or sensitive personal information through our websites, except in limited cases where you choose to provide such information in connection with an inquiry or interaction with our products or services.
When this occurs, it may include:
- Information you voluntarily provide about your current physical or mental health status in connection with inquiries about our products or services.
- Information relating to the provision of healthcare to you that you choose to disclose through our contact forms, communications, or uploads.
- Data that, with your explicit consent for analytics cookies or similar technologies where required by law, may be processed in aggregated form to understand engagement with our website content, communications, and offerings. Such processing is limited to website analytics and communications performance and is not used to generate customer market analysis, competitive intelligence, site-selection analysis, or competitive advantage for RadNet or any affiliate. We do not use browsing data for individual decision-making or profiling related to health.
Purposes of collection and use, sources of data, and disclosures of consumer health data and sensitive personal information are described in the sections “How we use personal data,” “Sources,” and “Who we disclose personal data to” above. Applicable GDPR legal grounds are described in “Legal bases for Processing in the EEA and UK,” and retention periods are listed in “How long we keep personal data.” Where such data constitutes “special categories of data” under GDPR, it is processed only under a lawful basis permitted by Art. 9(2).
We do not actively collect biometric identifiers, genetic data, or precise geolocation tied to healthcare facility visits through our website. If our practice changes to include additional categories, we will update this Notice and obtain any consents required by law before collection.
Additional protections:
- We do not use geofencing to identify, track, or target individuals seeking in-person healthcare services.
- We do not sell consumer health data or sensitive personal information for monetary consideration.
- Separate, prior consent is obtained before collecting consumer health data where required by law, and again before any sharing of such data with third parties.
Links to other sites
Our websites may contain links to third-party sites not operated by us. Where a subsidiary, affiliate, or country-specific website links or redirects you to a DeepHealth-controlled website or form, this Notice shall apply to the personal data processing DeepHealth controls after that redirect, unless a supplemental local notice states otherwise. Where a local DeepHealth affiliate operates a website, form, or page as controller, the applicable local or supplemental notice shall govern that local processing. We are not responsible for the privacy practices, content, or security of third-party sites.
International data transfers
If we transfer personal data outside the country where it was collected, we shall rely on appropriate safeguards or other lawful transfer mechanisms, including applicable adequacy decisions, the EU Standard Contractual Clauses and the UK International Data Transfer Addendum. We conduct transfer risk assessments as required by law.
How long we keep personal data
We keep personal data only as long as necessary for the purposes described or as required by law. The following retention guide applies to website data.
- Web server logs: 12 months.
- Analytics event data: up to 24 months.
- Contact form submissions: case life plus 24 months.
- Marketing preferences: until you unsubscribe, 24 months after your last engagement, or kept only as long as needed to honor your opt-out choices.
- Consent receipts and rights request logs: as required by law and audit obligations.
- Aggregated location analytics: up to 14 months for website performance, security, and traffic measurement purposes only, and not for customer market analysis, site-selection, or competitive intelligence.
- Inference and profile data: retained for the duration of the browsing session or de-identified and aggregated within 24 months solely for lawful website performance, security, fraud prevention, compliance, and service improvement purposes, and not for customer benchmarking, market intelligence, site-selection, or competitive advantage for RadNet or any affiliate.
We may retain aggregated or de-identified data for longer periods, provided it cannot be reasonably used to identify you or a specific customer and is not used or disclosed to derive customer market analysis, utilization trends, install-base insights, customer benchmarking, site-selection inputs, or other competitive intelligence for RadNet or any affiliate.ou.
Consent evidence and accountability
- Where required by law, we log consent and preference events with appropriate metadata.
- Where required by law and technically supported, we keep records of legally recognized opt-out signals we honor.
- We retain request and appeal records and outcomes within our retention schedule.ion schedule.
Your privacy rights
Depending on your location, you may have rights to access, correct, delete, and obtain a portable copy of personal data, to opt out of sale, sharing, and targeted advertising, and to limit the use of sensitive personal information. Where applicable, you may object to or restrict processing and withdraw consent. EU/UK residents may also lodge a complaint with a supervisory authority in their country of habitual residence, place of work, or where an alleged infringement occurred.
How to exercise your rights
- Use the applicable cookie preferences tool, where available, to manage cookie consent and available opt-outs.
- Submit a request by emailing [email protected].
- Use a browser based opt-out preference signal to opt out of sale, sharing, or targeted advertising.
- To the extent a right to limit the use of sensitive personal information applies, you may submit that request by emailing [email protected].
Authorized agents for California residents
You may use an authorized agent to submit access, deletion, correction, or opt-out requests. We require proof of the agent’s authority such as a signed permission, notarized letter, or a valid power of attorney, and shall either verify your identity directly or receive confirmation from you that you authorized the agent. We do not require identity verification to process an opt-out of sale, sharing, or limiting sensitive personal information request.
Appeals of denied requests
If we deny your request, you may appeal our decision. We will respond to appeals within applicable timelines and, where required, provide a method to contact the relevant state authority.
Children
Our websites are not directed to children under 16. We do not knowingly sell or share personal information of consumers under 16. We do not knowingly collect personal information from children under 13 in accordance with U.S. Children’s Online Privacy Protection Act (COPPA). If we learn we have collected such information without a legal basis, we shall delete it.
Security
We apply administrative, technical, and physical safeguards appropriate to the nature of the personal data and the risks of processing. Where call recording is used, you will be informed at the outset and may end the call or use alternative contact channels if you prefer it not to be recorded.
Website-related processing is subject to the controls for secure development, encryption, access management, logging, and regular security testing defined within our Information Security Management System (ISMS).
Breach Notification
In the unlikely event of a data breach affecting your personal data, we will notify you without undue delay as required by applicable law, including any specific timeframes set by relevant regulations.
Accessibility
We aim to provide this Notice and our preference center in formats that conform to WCAG 2.1 AA. Contact [email protected] if you need an alternative format.
EU and UK specific information
In addition to contacting us or our Data Protection Officer, you can lodge a complaint with your local supervisory authority, including the Commission Nationale de l’Informatique et des Libertés (CNIL) in France where applicable. Contact details are available from the European Data Protection Board and the UK Information Commissioner’s Office.
Automated decision-making and profiling
If we use automated tools to personalize website content or communications, we do so to support human decision-making for website and communications administration only. We do not use automated tools to profile customers or analyze customer operational, utilization, performance, or similar business metrics for market analysis, competitive intelligence, site-selection, or competitive advantage for RadNet or any affiliate. Where required, we will provide meaningful information about the logic involved and the significance and consequences, and honor opt-out rights.hts.
AI Processing
Where we use Artificial Intelligence (AI) in connection with this website, we shall provide clear information about its purpose. Any such AI use is limited to legitimate website, support, security, compliance, or service-related functions and shall not be used to mine customer operational, utilization, performance, install-base, or similar business metrics for market analysis, competitive intelligence, site-selection, or competitive advantage for RadNet or any affiliate. We design such systems to meet applicable legal requirements, including GDPR, and, where applicable, the EU Artificial Intelligence Act.
United States State Privacy Annex
This annex summarizes rights under state privacy laws and supplements the main notice.
- California. Rights to know, delete, correct, data portability, opt out of sale and sharing, and limit the use of sensitive personal information. Recognition of Global Privacy Control.
- Colorado. Rights to access, correct, delete, portability, and opt out of targeted advertising and sale, and to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. Recognition of universal opt-out mechanisms and Colorado’s requirement for opt-in consent to process sensitive data (as defined by the CPA). You may appeal a denied request.
- Connecticut, Utah, Oregon, Texas, Florida, Iowa, Delaware, New Jersey, New Hampshire, Nebraska, Montana, Tennessee, Indiana, Minnesota, Maryland, and other states with similar laws. Rights to access, correct, delete, portability, and opt out of targeted advertising and sale, and, where applicable, the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. These laws also provide rights regarding sensitive data, which in many of these states requires your opt-in consent for processing. Recognition of opt-out preference signals where required.
- Virginia. Rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. The processing of sensitive data (as defined by the VCDPA) requires opt-in consent. You may appeal a denied request, and we shall respond to your appeal within the legally required timeframe. If we deny the appeal, our written explanation will include a method for you to contact the Virginia Attorney General.
- Washington and Nevada consumer health data laws. Additional notice and consent requirements and a prohibition on certain geofencing practices, as described above.
Changes to this notice
We may update this Notice. The version and effective date appear at the top. For material changes, we will provide a prominent notice on our website.
GDPR Processing Annex
As a supplement to this Notice, we provide a processing table that summarizes the specific purposes, legal bases, and retention periods for each category of personal data.
Click HERE to download DeepHealth’s GDPR Processing Annex
Important Notice: Not for patient information
This website is not intended for submitting medical or patient information. Do not include PHI or other medical information in any form submissions or communications through this site. If you need to share clinical information, please use the secure channels provided by your healthcare provider. We determine retention based on operational necessity, legal requirements, and documented schedules; where timelines and notice requirements are stated, they reflect maximums for the website context.
Accountability and Contact Information
DeepHealth is committed to complying with all applicable privacy and data protection laws and maintaining practices consistent with the commitments in this Notice. We regularly review and update our privacy practices, technical safeguards, and contractual protections to align with legal requirements and industry standards. If you have questions about this Notice, our privacy practices, or wish to exercise your rights, please contact us at:
Controller: DeepHealth, Inc., 212 Elm St. Somerville, MA 02144, unless a specific website, form, page, or supplemental local notice identifies a DeepHealth affiliate as controller for the relevant processing.
General Privacy Contact: [email protected]
Data Protection Officer: [email protected]
Accessibility: If you need this Notice in an alternative format, contact [email protected].
Click here to manage your communication preferences.
This notice was last updated on July 9th, 2026.