Xyla Inc. Privacy Policy
This Privacy Policy describes the privacy practices of Xyla Inc. and its affiliates, including OpenEvidence (referred to collectively as “Xyla Inc,” “us,” “we” and “our”) in relation to your use of our websites, mobile applications and other resources intended for use by healthcare professionals and which we refer to as the “OpenEvidence Platform,” including the personalized information and services that meet the needs and interests of users of the OpenEvidence Platform, such as medical news, reference content, clinical tools, applications, sponsored programs, advertising, email communications, continuing medical education, market research opportunities and discussion forums (collectively, the “Services”).
This Privacy Policy does not apply to our properties and services that display a link to a different privacy policy. In the event that we expand the OpenEvidence Platform through our acquisition of another company and/or its properties, that company may operate under its own privacy policy accessible via a link on its properties until we integrate its privacy practices with ours, at which point a link to this Privacy Policy will be displayed on its properties.
OpenEvidence is an experimental technology demonstrator. OpenEvidence does not provide medical advice, diagnosis or treatment. User questions and other inputs on OpenEvidence are not covered by HIPAA. It is the responsibility of the user to ensure questions do not contain protected health information (PHI) or any information that violates the privacy of any person. We provide the Services as a professional resource intended to support healthcare professionals in their efforts to provide high quality medical care to patients. You can choose whether or not you want to use the Services. If you do choose to use the Services, you must agree to the OpenEvidence Platform Terms of Use which is a contract between us and users of the Services. By agreeing to the OpenEvidence Platform Terms of Use, you confirm that you have read and understand this Privacy Policy which explains how we collect, disclose, transfer, secure and use information about you in connection with your use of the Services and the rights and choices you have regarding these activities. If you do not want us to collect and use information about you as described in this Privacy Policy, then you should not use the Services. By using the Services, you acknowledge that we will store, use and otherwise process your information in the United States and any other country from where the applicable OpenEvidence Platform property is operated. Please be aware that the privacy laws and standards in certain countries may differ from those that apply in the country in which you reside.
Information Collected
Information about your use of the Services is collected as follows:
- Registration. In order to use the Services, you may be required to register an account and provide certain personal information such as your name, email address, zip/postal code, profession, occupation, specialty and depending on your country of practice, your medical license number or equivalent. You may choose to update or supplement the personal information that you provided at registration at any time through your account settings.
- Services Information. We automatically collect and store information about your use of the Services, such as your engagement with particular content including editorial, advertisements, sponsored informational programs from our advertisers, which may include pharmaceutical companies (“Sponsored Programs”), whether you opened a particular email, clicked on a link, your search queries and how often and when you engage with the Services. We also collect information about your device when you access the Services including IP address, precise location information, browser information (including referring URL), cookie information and advertising ID (which is a unique, user-resettable identification number for advertising associated with a mobile device). We use cookies and other tracking technologies, such as pixels, tags, web beacons and software development kits, to collect the information about your use of OpenEvidence Services and your device.
-
Cross-Device Tracking. We and our service providers collect and store information about users’ interactions with unaffiliated websites and applications that use our technologies, including cookies and similar tracking technologies. This allows us to infer the presence of a common user or household behind multiple devices. We do so in order to:
- provide personalized advertising on each device that is inferred from the browsing patterns on all of the devices;
- detect and prevent fraud;
- allow users to use our service on one device and pick up seamlessly where they left off on another device; and
- limit the number of times a user is shown the same advertisement, across known or inferred devices.
- Market Research. You may be invited to participate in market research surveys conducted by us or on our behalf for our own internal business purposes and also market research surveys conducted by or on behalf of third party sponsors that commissioned the survey. For some surveys, you may be asked to provide personal information for re-contact (e.g., by email or phone) or payment fulfillment purposes.
- Public Forums. When you post a comment on a discussion board or other public forum, by default your username, specialty and degree will be displayed within the forum along with your comment. You may choose to display additional information in your public forum profile, including a photo, by adjusting your discussion profile settings. Information that you post within a public forum is public information and may be used by us and third parties, as further described in the OpenEvidence Platform Terms of Use.
- Information and Registration Forms. From time to time we may offer you the opportunity to receive additional information or services from us or from third parties, including our advertisers (e.g., sample request, sales rep visit, direct marketing, etc.), or to register to attend live events, either in-person or via livestream. If you wish to participate in such opportunities, you may be asked to provide personal information to fulfill the request. Unless otherwise specified in the request form, we may use such information as described in this Privacy Policy and the third party, if applicable, will be required to use such personal information as described at the point of collection.
- Information from Third Party Sources. We may obtain additional information about you from third party sources to assist us in providing the Services. For example, we may use third party information to verify and augment your registration information, for research purposes or to personalize the Services, including advertising.
- Non-registered Users. You must register with the OpenEvidence Platform to gain full access to Services, however, you may be able to access certain limited Services without registering. Even if you have not registered, we collect information about your use of the Services through the use of cookies and other tracking technologies. The information we collect includes the referring website, if applicable, the type of browser you use, the material viewed, and the time and date that you accessed the Services.
How Your Information May be Used
Information about you may be used for the following purposes:
- Provision of the Services. We may use the information collected about you to provide and improve the Services, and to develop new Services.
- Member Profiles. We may associate information that we have collected about your use of the Services with your registration information and any other information we have about you, as described in this Privacy Policy, thereby creating a profile of you that we may update from time to time (“Member Profile”). This processing of your Member Profile is necessary to deliver the Services tailored according to your specialty and interests (known or inferred), as further described below in Personalize the Services Including Advertising.
- Network Profiles. We may use your registration information, as well as information from Third-Party sources such as IQVIA, to create a profile for you that is viewable by other members of the OpenEvidence Platform, which may be associated with content with which you engage and comments you may post (collectively, your “Network Profile”).
- Communications. By registering as a member of the OpenEvidence Platform, you agree to the use of your registration information and other information collected about you as described in this Privacy Policy to communicate with you about the Services and other information that may be of interest to you. These communications may be conveyed through a variety of channels, subject to applicable law, including emails and may contain advertisements and other promotional materials from third party sponsors, including pharmaceutical companies.
- User Data. Your user data, including your questions/prompts, may be sold to third parties or otherwise monetized as a commercial data feed.
-
Personalize the Services Including Advertising.
- We may personalize the Services, including the advertising you see within the OpenEvidence Platform, on third party websites and in our email communications, based on information included in your Member Profile. For example, a user who Xyla Inc believes is a cardiologist or who has browsed cardiology content with the OpenEvidence Platform may be served an advertisement promoting a particular cardiac product within the OpenEvidence Platform, on third party websites and/or within an email that a user who Xyla Inc. believes is a neurologist or has not browsed cardiology content will not see. We partner with third parties to manage and conduct our advertising activities including advertising on our websites and on third party websites. These third parties may use cookies and other tracking technologies to deliver this advertising based on your activities and interests as inferred from your use of the Services and other information they have about you. Also, advertisers may use their own cookies and other tracking technologies in the advertisements served to you through the Services, some of which may enable the advertiser to obtain personal information that can be used to specifically identify you, including the fact that you saw the advertisement, to the extent that you have separately provided consent to the advertiser or to the third party providing the tracking technology. Some advertisers use companies other than Xyla Inc. to serve their advertisements on their behalf and to monitor users’ responses to these advertisements through the use of cookies and other tracking technologies. While Xyla Inc. generally permits the use of third party tracking technologies based on an understanding that they comply with the Xyla Inc. Advertising Policy, we do not have control over these third parties’ use of cookies and other tracking technologies or how they manage the information they gather through them and Xyla Inc. may be unable to verify compliance with the Xyla Inc. Advertising Policy.
-
Personalization is necessary for the performance of the contract between you and us according to which we deliver the Services. We analyze or deduct your preferences and interests based on a number of factors including:
- your profile (information provided at the registration time), enriched with other information obtained from third-party sources such as IQVIA to ensure accuracy of our data and comply with our legal obligations;
-
your interactions with our Services and the OpenEvidence Platform, such as:
- your viewing and search history;
- the time and location of your access to our Services;
- the device you use;
- answers you give to surveys and quiz;
- our content you post, like, share or recommend, including through social media;
- other users with similar tastes and preferences on our Service; and
- your interactions with other websites including with the OpenEvidence Platform, subject to our Cookies Policy.
- This information is used to classify users into different groups or segments, using algorithms and machine-learning. This analysis helps identify links and patterns between different behaviors and characteristics to recommend relevant Services for you. This will never prevent you from accessing and browsing the Services available to you within the OpenEvidence Platform.
- Verification Purposes. We may use your information in conjunction with information from third parties to recognize you as a registered member when you visit one of our properties and to verify your identity and/or professional credentials. We may require you to provide proof of your identity, including that you are a healthcare professional, and if you are unable to do so to our reasonable satisfaction, we reserve the right to deny you access to the Services. While we take steps to verify that our members who identify as healthcare professionals are actually healthcare professionals, we make no guarantee as to their identity, professional credentials or licensure status.
- Account Management. We may use your information to administer your account, respond to your inquiries, fulfill your requests and send you administrative communications about the Services.
- Investigations. We may use your information to detect, investigate and defend against fraudulent or unlawful activity, violations of the OpenEvidence Platform Terms of Use and to otherwise establish, exercise and defend our legal rights.
-
Legal Grounds. Xyla Inc. is relying on personal data. The Services and OpenEvidence Platform provide tailored content from multiple sources through a single interface. We offer a free source of customized information for healthcare professionals. Being a free service, the OpenEvidence Platform and Services rely on advertising and partnership revenues to support the development of specialized content designed for practicing healthcare professionals to help in the diagnosis and treatment of diseases. The optimization of advertising to provide you with relevant commercial communications and messages therefore goes to the heart of our ability to support the creation of high-quality medical content, and is the reason behind many of the uses of personal data described below.
The use of the personal data is necessary, to, respectively:- Perform the contract entered into between Xyla Inc. and you in the context of your use of the Services. The performance of the contract includes knowing who you are, your specialty, your preferences, and centers of interests to provide tailored content, including interest-based sponsored content and tailored commercial communications. This is particularly important because the Services are designed to provide recommended content to you, and the Services are not available to the general public.
- Respond to Xyla Inc.’s legitimate interests based on the maintenance and improvement of its Services;
-
When it comes to:
- Newsletters, sending by email interest-based advertising or sharing granular data with sponsors, we process data based on the consent you gave us, our service providers, our sponsors, which may be revoked at any time (we may in some cases act as data processors for our sponsors);
- Interest-based advertising on our websites and mobile apps and third-party websites and apps including within the OpenEvidence Platform, we process and combine data to enrich your profile to respond to our legitimate interests based on our business model offering free and relevant Services to you. You may oppose the use of certain Cookies and data compiling (see our Cookie notice for more details on how to refuse Cookies and other technologies). Our use of the legitimate interest legal basis is without prejudice to additional requirements on Cookies that may flow from Directive 2002/58 or any subsequent European legislation.
- Process your personal data based on your consent to participate in the market research surveys and the performance of the contract entered into between Xyla Inc. and you in the context of such market research survey; and
- Comply with any legal constraints applicable to Xyla Inc’s or satisfy Xyla Inc.’s legitimate interests based on the protection of Xyla inc’s legal rights in connection with the Services and OpenEvidence Platform.
Sharing Your Information with Third Parties
Information about your use of the Services may be shared as follows:
- Service Providers. We work with third party service providers to help us provide the Services and to otherwise assist us in the operation of the OpenEvidence Platform, including in the areas of email management and deployment, analytics, marketing, advertising, market research, sweepstakes and contest administration, identity and professional credential validation, content distribution, customer service, payment fulfillment, event logistics, website maintenance and data storage and security. We may provide these service providers with personal information about users of our Services so that they can fulfill their responsibilities to us, however, we do require that they agree to limit their use of this personal information to the fulfillment of these responsibilities. To provide you with certain personalization and advertising services described herein, we may share certain information that we may collect from you, such as your email address (in hashed form), IP address or information about your browser or operating system with our Licensed Partner and their affiliates, which may in turn link demographic or interest-based information to your browser.
- Advertising and Sponsored Programs. We may provide your personal information to third party sponsors of advertisements and Sponsored Programs, subject to applicable law. Specifically, when you are exposed to an advertisement through the Services, whether on one of our websites or apps, in an email or through some other means, or when you engage in a Sponsored Program, e.g., access a sponsored information resource, open one of our sponsored emails, Xyla Inc. may provide your personal information, such as your name and specialty (but not your email or postal address) to the applicable sponsor and/or its agents on the sponsor’s behalf. We may also provide such third parties with details about your engagement with the advertisement or Sponsored Program (e.g., whether you viewed or otherwise interacted with certain content), your answers to any questions contained in the Sponsored Program and information about you that we have received from third parties. Additionally, when you register as a member of the OpenEvidence Platform, we may provide your personal information (but not your email or postal address) to potential sponsors of advertisements and Sponsored Programs that may be offered or provided to you through the Services, subject to applicable law. Please review the Privacy Policies of these third parties to familiarize yourself with their practices. All advertisements and Sponsored Programs (including any links to Sponsored Programs) made available within the OpenEvidence Platform, including through emails, will be identified to you by the label Advertisement, Information from Industry, Sponsored, Xyla Inc. Professional or some similar designation indicating that the content, which may pertain to a particular medical condition, therapy, product or service, has been selected by a third-party sponsor.
- Member Profiles. Subject to applicable law, Xyla Inc. may provide Member Profiles, and portions thereof, (excluding contact information and information about your participation in specific named CME and CE activities) to third parties, including our advertising customers, which these third parties may use for their business purposes including marketing.
- Network Profiles. Your Network Profile may be viewable by other members of the OpenEvidence Platform for personalization purposes described above and to allow you to view and connect with other members of the OpenEvidence Platform.
- Market Research. If you receive remuneration for participating in a market research program offered through our Services, we may provide your personal information to our payment fulfillment vendor so that it can process and deliver your payment to you and for its recordkeeping and regulatory compliance purposes, and also to the program sponsor (or the market research company acting on its behalf) for its recordkeeping and regulatory compliance purposes. If you choose to access a survey that is conducted by a third party market research company, we may identify you to this company. Sometimes market research companies send us lists of individuals they wish to reach with particular market research opportunities and we may inform these companies which of these individuals are members of the OpenEvidence Platform so that they can manage their recruitment needs accordingly. Also, certain market research opportunities require us or the market research company to contact you directly to conduct the survey, including by telephone. We will inform you in the research invitation if you will be required to provide additional contact information, e.g., phone number, to participate so that you can decide at that time if you wish to proceed with the opportunity. We do not disclose your survey responses to the sponsor in a manner that identifies you.
- Adverse Event Reporting. If you provide us information about an adverse event regarding a pharmaceutical product or medical device, we may be required to report such information along with your contact information to the manufacturer as required for it to fulfill its reporting obligations to the applicable regulatory authority. If you do not want this information reported to the applicable manufacturer and regulatory authority, then do not provide us with adverse event information.
- Consent. We may disclose your personal information to a third party in a manner not addressed by this Privacy Policy subject to your consent at such time.
- Aggregated Information. We may provide aggregated information about users of our Services to third parties as we deem appropriate in our sole discretion. For example, Xyla Inc. may tell a customer what percentage of registered users of the OpenEvidence Platform reside in a particular geographical area or specialize in a particular clinical area, or what percentage of participants in a market research survey selected a particular response to a survey question.
- Social Widgets. We may include social widgets within our websites and apps which enable you to interact with the associated social media services, e.g., to share an article. These widgets may collect browsing data which may be received by the third party that provided the widget, and are controlled by these third parties. You may be able to manage your privacy preferences directly with the applicable social network platform.
- Affiliates. We may share your information with any member of our group of companies (meaning our subsidiaries, our ultimate holding company and its subsidiaries) for their use for the purposes set forth in this Privacy Policy, including to market to you through a variety of channels as described herein, subject to applicable law.
- Business Transfers. In connection with a corporate change in control resulting from, for example, a sale to, or merger with, another entity, or in the event of a sale of assets or a bankruptcy, we reserve the right to transfer your personal information to the new party in control or the party acquiring assets. In the event of such a change, your personal information will continue to be treated in accordance with this Privacy Policy, as may be modified as described below.
- Legal Requirements. We may release personal information when we believe release (i) is required to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order and to meet national security or law enforcement requirements; or (ii) is reasonable in response to a physical threat to you or others, to protect property or defend or assert legal rights of us or others.
Security of Information
We have implemented appropriate technical and organizational security measures to protect the personal information that we have under our control from unauthorized access, use, disclosure and accidental loss. When you enter personal information, we encrypt the transmission of that information or use SSL connections (Secure Socket Layer) technology. You are solely responsible for maintaining the security and confidentiality of your account username and password. Unfortunately, no method of transmission over the internet or method of electronic storage is completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.
Xyla Inc. shall retain a user’s personal data up to one year after the user’s account deactivation subject to any relevant provisions of applicable law. Thereafter, the data will be archived (notably to comply with any applicable statute of limitations) or fully anonymized.
Choice and Control
- Account Information. You may update your registration information at any time through the Account Management feature available on each of our properties. You may also contact Customer Support at contact@openevidence.com and request that your registration information be updated or deleted. Note that if we delete your account, we may maintain certain de-identified information about you for internal business purposes including research, analytics and reporting.
- Cookies. Most browser software can be set to reject all cookies, including third party cookies, however, if you choose to reject our cookies, your ability to access and use our Services will be limited.
- Interest-Based Ads. You can opt-out of interest-based advertising on our websites by rejecting cookies as described above. Please note that even if you reject cookies and opt-out of interest-based advertising, you may continue to receive generic advertisements through the Services. Note that our websites do not respond to web browser “do not track” signals. Note that if you delete cookies, use a different device, or change web browsers, you may need to opt out again. As we cover below, if you are in the EU or any country with stricter privacy laws than the US, please do not use OpenEvidence or any of its related services and sites as it is not governed or protected by EU safeguards.
- Mobile Opt-out. You may control interest-based advertising on your mobile device by enabling the “Limit Ad Tracking” setting in your iOS device’s settings or “Opt out of Ads Personalization” in your Android device’s settings. This will not prevent you from seeing advertisements, but will limit the use of device advertising identifiers to personalize ads based on your interests.
- Precise Location Information. You may disable the transmission of precise location information through your device settings. To change location settings on your device, please refer to your device’s official knowledge base.
- Email Communications. If you no longer wish to receive a particular type of email communication from us, you may unsubscribe by clicking the “unsubscribe” link located at the bottom of the email and following the instructions. Also, you may manage your newsletter subscriptions within the newsletter subscriptions area within your account settings. Note that certain email communications that we send to members are service-related and as long as you are a member of the OpenEvidence Platform, you may not unsubscribe from such emails. Also, if you have provided us with more than one email address, we may continue to contact you using the other email address not associated with the emails from which you have unsubscribed, until you unsubscribe from emails sent to that other address.
- Push Notifications. We may send you push notifications from time-to-time to notify you of upcoming events or promotions we think may be relevant to you. If you no longer wish to receive these types of notifications, you may turn them off at the device level.
- California Residents. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information.
- In so far as granted by applicable law (in particular in the European Union), you may ask for access to your personal data or ask us to rectify, erase, restrict or port your personal data and object to the use of your personal data. When the personal data processing is based on your consent, you have the right to withdraw your consent concerning such data processing, at any time, without affecting the lawfulness of processing based on consent before your withdrawal. For processing necessary to perform the contract, or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that you can no longer access the Services as a OpenEvidence Platform member. To exercise these rights, please contact Customer Support at contact@openevidence.com.
- If you have concerns, you have a right to complain to your local data protection authority if you are concerned about how your personal data is used through or in the context of the OpenEvidence Platform or Services.
- Some of the personal data is required if you become an OpenEvidence Platform member. If you do not want to provide your (or part of your) personal data, You may not enjoy all or part of the OpenEvidence Platform and Services.
- We make no automated decisions about you that create legal effects or otherwise significantly affect you.
Note to Users Outside of the United States
Xyla Inc., OpenEvidence and most of our group companies are located in the United States, as is a majority of the OpenEvidence Platform’s technical infrastructure including its data hosting facilities. In order to provide the Services to you, we will likely transfer your personal information outside of your country of residence including to the United States where it will be stored and processed in accordance with this Privacy Policy. We may transfer your information outside the United States to service providers with operations in other countries. As part of providing you the Services, personal data is transferred to Xyla Inc. in the US. This means that if you are located in the EU, your personal data is transferred to the US which is not considered to have the same level of data protection as in the EU. Therefore if you are in the EU or any country with stricter privacy laws than the US, please do not use OpenEvidence or any of its related services and sites as it is not governed or protected by EU safeguards.
Note that your personal information may be available to the United States government or its agencies under legal process made in the United States.
Children’s Privacy
The OpenEvidence Platform and the Services are designed and intended for use by adults, and are not intended for nor designed to be used by children under the age of 18. We do not collect personal information from any person we know is under the age of 18.
Privacy Policy Changes
We reserve the right to modify this Privacy Policy at any time and any changes will be effective upon posting of the modified Privacy Policy unless we advise otherwise. If we make any material changes to this Privacy Policy we will notify you by email (sent to the email address included in your account profile) and/or by means of a notice on our websites before the change becoming effective. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices. By continuing to use the Services after changes are made to this Privacy Policy, you agree to such changes.
Contacting Us
If you have general questions about your account or the Services, contact Customer Support at contact@openevidence.com. For questions about this Privacy Policy or how your personal information may be used when you use the Services, please contact our Privacy Office by email at contact@openevidence.com:
Xyla Inc.
Office of Privacy
245 Main Street
Cambridge, MA
02142
Xyla Inc’s users from the EEA may contact our Data Protection Officer at contact@openevidence.com
Please note that if you contact us to assist you, we may need to verify your identity before fulfilling your request.
Effective date: April 1, 2024