Supplemental European Union General Data Protection
Regulation Privacy Notice

Last Updated: May 24, 2021

  Back to Privacy Policy

The following European Union (“EU”) General Data Protection Regulation Privacy Notice (“GDPR Notice”) supplement the WRS Health Privacy Policy in order to disclose information about our data processing practices as required by the EU’s General Data Protection Regulation (“GDPR”). This GDPR Notice is effective May 1, 2020.

All defined terms in the WRS Health Privacy Policy shall have the same meaning in this GDPR Notice

I. Applicability of this GDPR Notice

If You are located in the EU, United Kingdom, Lichtenstein, Norway, or Iceland, You may have additional rights under the GDPR with respect to Personal Data, as outlined below.

II. GDPR-Defined Terms Used in this GDPR Notice

As used in this GDPR Notice, the terms “Personal Data” and “processing” shall be defined and applied according to the GDPR. For the sake of summary, “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data, such as collection, use, storage and disclosure. WRS will be the controller of Personal Data processed in connection with the Sites and all products and services offered by WRS, except that WRS may also process Personal Data of Your patients or employees in connection with WRS’s provision of products or services to You, in which case WRS is the processor of Personal Data and You are the controller. For more information about data rights and processing activities, please contact WRS at:

III. GDPR Notice Intended to Supplement Privacy Policy

Where applicable, this GDPR Notice is intended to supplement, and not replace, WRS’s existing Privacy Policy. If there are any conflicts between this GDPR Notice and the balance of the Privacy Policy, whichever, in whole or part, is more protective of Personal Data shall control to the extent of such conflict.

IV. Processing Personal Data

WRS will only process Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and the “legitimate interests” of WRS or others, as further described below. When WRS processes Personal Data based on Your consent, it will be expressly indicated to You at the point and time of collection. From time to time, WRS may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect Your vital interests, or if it is necessary for a task carried out in the public interest.

V. Collection and Use of Personal Data

WRS collects Your Personal Data when You provide such Personal Data directly to WRS, when third parties such as WRS’s business partners or service providers provide WRS with Your Personal Data, or when Your Personal Data is automatically collected in connection with Your use of the Sites or and receipt or use of products and services offered by WRS.

WRS may also collect Personal Data in the form of PHI regarding Your medical patients in accordance with a specific Business Associate Agreement that has been executed between You and WRS, providing that such PHI is transmitted and used in full compliance with HIPAA.

WRS receives certain Personal Data directly from You when You provide WRS with such Personal Data, including without limitation the following: first and last name; email address; mailing address; telephone number; medical credentials and job title.

WRS collects and processes these categories of Personal Data as a matter of contractual necessity so that WRS can operated the Sites receipt or use of products and services offered by WRS. When WRS processes Personal Data due to contractual necessity, failure to provide such Personal Data will result in Your inability to use some or all of the Site and related WRS products and services requiring such Personal Data.

WRS may also collect Case Record information from You when You provide it to WRS. By sharing this user content in a public forum, You are choosing to disclose any Personal Data included in such content, and WRS does not have control over Your decision. WRS processes user content, including any Personal Data included in any such user content, on the basis of WRS’s legitimate business interest in providing the Site and related WRS products and services.

WRS also use the Personal Data it collects directly from You to operate, improve, understand and personalize the Site and related WRS products and services based on our legitimate business interest in operating in a way benefiting both You and WRS.

VI. Information from Third-Party Sources

Some third parties may provide WRS with Personal Data about You, such as the following:

  • Account information for third party services: If You interact with a third-party service when using the Site or related WRS products and services, for example, if You use a third-party service to log-in to the Site, or if You shares content from the Site through such third-party service, this service will send WRS certain Personal Data if the service and your account settings allow such sharing. The Personal Data WRS receives as a result will depend on the policies and account settings with the applicable third-party service.
  • Information from advertising partners: WRS receives information about You from some of its service providers that provide marketing or promotional services to WRS related to how You interacts with the Site or related WRS products and services.
  • Information automatically collected: Some Personal Data is automatically collected when You use the Site or related WRS products and services, such as the following: IP address; device identifiers; web browser information; page view statistics; browsing history; usage information; cookies and other tracking technologies; location information; and log data.

VII. Cookies

In collecting the Personal Data, WRS sometimes use “cookies” and other tracking technologies. Cookies allow WRS to recognize a browser or device and “remember” a browser during subsequent visits for purposes of functionality, preferences, and website performance.

Most browsers automatically accept cookies but have an option for blocking or deleting cookies, which will prevent a browser from accepting new cookies, as well as allow a user to decide on acceptance of each new cookie in a variety of ways. A user can usually access these options through the “Settings” or similar menu in a browser. Please note that if You block or delete cookies, some portions of the Site and related WRS products and services may not work properly.

VIII. Other uses of Personal Data

WRS may also process the Personal Data collected on the basis of the following legitimate business interests:

  • Operation and improvement of WRS’s business, products and services;
  • Marketing of products and services;
  • Provision of customer support;
  • Protection from fraud or security threats;
  • Compliance with legal obligations; and
  • Completion of corporate transactions.

IX. Sharing of Data

WRS shares Personal Data with vendors, third-party service providers and agents who provide WRS with services related to the purposes described in this GDPR Notice, the Privacy Policy or WRS’s Terms of Use. WRS also shares Personal Data when necessary, to complete a transaction You initiated or authorized or to provide You with a requested product or service.

WRS also shares Personal Data when it is necessary to:

  • Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
  • Protect WRS, its business or its users, for example to enforce the Terms of Use, End User License Agreement, prevent spam or other unwanted communications and investigate or protect against fraud; and
  • Maintain the security of the WRS products and services

WRS also shares Personal Data with third parties when You authorize WRS to do so.

If WRS chooses to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if WRS, or substantially all of its assets, were acquired, or if WRS goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and WRS would share Personal Data with the party that is acquiring the assets. Any acquirer of WRS or its assets may continue to use the Personal Information as set forth in this GDPR Notice.

X. Retention

WRS retains Personal Data for as long as You maintain an open account with WRS or as otherwise necessary to provide and improve the Site and related WRS products and services for all users. In some cases, WRS may retain Personal Data for longer, if doing so is necessary to comply with its legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, WRS may retain some information in a depersonalized or aggregated form.

XI. Security

WRS seeks to protect Personal Data by using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity.

XII. Personal Data of Children

WRS does not knowingly collect or solicit Personal Data from anyone in the EU, United Kingdom, Lichtenstein, Norway, or Iceland under the age of 16. If WRS learns that it has collected Personal Data from a child under age 16, WRS will delete that information as quickly as possible. If You believe that a child under 16 may have provided WRS with Personal Data, please contact WRS at

XIII. Personal Data Rights

You may have certain rights with respect to Personal Data, including those set forth below:

  • Access
  • Rectification
  • Erasure
  • Withdrawal of Consent
  • Portability
  • Objection
  • Restriction of Processing
  • Right to File Complaint

For more information about these rights, or to submit a request, You may email WRS at Please note that in some circumstances, WRS may not be able to fully comply with Your request.