Last Updated: July 1, 2020.
1. APPLICABILITY OF THIS POLICY
2. HOW DO WE COLLECT INFORMATION FROM YOU?
We collect personally identifiable information (i) when you register to become a user of the Services through the Sites, (ii) when you access and use the Services, (iii) when you “opt in” for certain services or features of the Sites, such as electing to receive our newsletter and other emails, (iv) when you voluntarily provide us with information through emails or providing comments on our Blog and (iv) automatically as further described below.
We also receive the automatic and passive data (both personally identifiable and otherwise) from the computer, mobile phone or other device you use to access the Sites and the Services, and when you interact with the Services. In this regard, the Services use common automated information gathering tools such as logs files that record usage activity. We, and third-party providers of certain applications or functionality on our Sites (such as content sharing functionality from AddThis, Inc.) and analytics tools may also collect information through other monitoring technologies, in particular the following:
- “Clear gifs.” Similarly, we, along with any third-party providers of analytics, functionality or advertising on our Sites may employ a software technology called clear gifs (a.k.a. web beacons/web bugs), that help us better manage content on our Sites and communications by informing us what content is effective. By way of example, our outgoing e-mail may include web beacons. Clear gifs/web beacons are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and/or emails, and are about the size of the period at the end of this sentence. We do not tie the information gathered by clear gifs to our users’ personally identifiable information.
- “Flash LSOs.” When we post videos on our site, third parties may use local shared objects, also known as Flash cookies, to store your preferences for volume control, or to personalize certain video features. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#117118
- We also use tracking tags provided by us by third parties to enable the tracking of activity and actions of visitors while they are on our Sites.
3. WHAT INFORMATION DOES THE COMPANY COLLECT FROM YOU?
Via the Sites or when you register for or otherwise interact with the Services, the Company collects from you: (i) certain non-personal technical and other information, (ii) certain personally identifiable information and (iii) information regarding your usage of the Services.
Non-Registered Visitors or Users of the Sites – In general, if you visit or use the Sites without registering with the Company, you will be using the Sites anonymously; no personally identifiable information is collected (however, see below under the caption “Additional Disclosure For Mobile App Users”). In addition, we will collect certain non-personally identifiable information from non-registered users, as noted in “All Users” section below.
Registered Users – At the time you become a registered user of the Services, you will providing us with the following registration-related information for yourself and/or others within your practice or organization: full name, address, office, home and mobile phone numbers, fax numbers, e-mail addresses, contact modalities and information on the persons or practices that referred you to the Company. In addition, registered users may elect to enter and disclose through use of the Services sensitive information, such as personal health information.
When registered users interact with the Sites and/or the Services, we will capture information on transactions and user activity including:
- the number of transactions or interactions generated or which we process;
- the time of a given transaction or interaction;
- which departments or practices are using or receiving communications through the Services;
- who is initiating the communications and to whom they are directed;
- the contact modalities used;
- misdirected interactions; and
- time elapsed before messages are retrieved.
Depending on how you use the Services, we may collect the following additional personally identifiable information and data:
- information about your use of Services features, how frequently you use them;
- your responses to any offerings and advertisements presented on the Sites;
- the specific Site content that you elect to share with third parties;
- customer service information about you as a registered user; and
- information that you publicly post on our blogs made available by the Sites.
All Users – Regardless of whether you are a registered or non-registered user, when you use the Sites various types of information are collected automatically and passively through log files, cookies and the other tools noted above under the caption “How We Collect Information From You,” including your IP address (a number assigned to your computer when you use the Internet), the name of the web page from which you entered the Sites, type of browser or operating system you are using, the name of your Internet service provider, broad demographic data, your activity while using the Sites (including access times, duration of visit on each page, new and repeat visit information, exit page information, which links were clicked and in what quantity, as well as the aggregate number of links clicked, and other general usage activity), and data relating to malfunctions or problems occurring when you use your computer with the Sites. Such monitoring tools do not collect personally identifiable information such as name, address, telephone number, or e-mail address.
Tracking: We do not engage in the collection of personally identifiable information about your online activities over time and across third party websites or online services. Accordingly, we do not currently process or comply with any web browser’s “do not track” signal or other mechanisms that provide consumers with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third-party websites. However, we allow third-party companies (such as AddThis, Inc., as described below) to collect certain non-personally identifiable information when you visit our Sites which can be combined with non-personally identifiable information during your visits to other websites in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or a third-party web beacon to collect this information. To learn more about this behavioral advertising practice, you can visit www.networkadvertising.org.
Other Discretionary Contact With Us – The Sites provide information on how to contact us electronically through the Sites and through email for purposes of sales inquiries, customer support, needs assessment and trials. Whenever you make any such contact, you will be providing us with your name and contact information, such as email address and phone number and business title, and hospital and/or physician group practice where you work or which you otherwise represent, and any information you choose to include in the text of your message.
If you make any comments on a blog or forum associated with our Sites, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these blogs and forums.
4. ADDITIONAL DISCLOSURE FOR MOBILE APP USERS
The terms of this Policy generally apply to users of the “PerfectServe Practitioner”, “PerfectServe Care Team”, “PerfectServe Charge Capture”, “Telmediq – HIPAA Messenger”, and “Lightning Bolt Solutions Balanced Physician Scheduler” mobile applications, any additional mobile applications available from the Company at the time this Policy was last updated (the “Mobile Apps”). However, in addition, users of the Mobile Apps or those who merely download the Mobile Apps should note that the Mobile Apps collect and store types of personally identifiable information not usually obtained through typical web-based applications. These additional items of personally identifiable information include: device information (such as device OS version and device hardware), unique device identifiers (including device IP address), mobile phone number, geolocation data, as well as information regarding usage of the mobile device, including login times and usage activities log.
5. HOW IS YOUR INFORMATION USED?
Our Use of Information. We collect, retain, and use the information we collect via the Sites and Services for legitimate business purposes only: primarily to provide the Services which facilitate communications to and from your practice, patients and any hospitals who utilize the Services. This use will allow us to provide the Services as they exist today, but as we add innovative features in the future, the information we receive about you can be used in new ways.
We may use the information we collect about the transactions or interactions processed through the Services and how users interact with the Services to improve the Services, develop best practices for use of our Services and for clinical communications generally, to inform and educate the healthcare industry with regards to clinical communications, for articles and white papers. However, we will not publish or distribute the content of or any personally-identifiable information related to any transactions or interactions processed through the Services, except for limited purposes as explained in the Our Sharing of Information section below.
In addition, we may use the information we receive about you:
- to help keep the Sites safe and secure, and protect users’ rights or property;
- to measure or understand the effectiveness of our Sites and Services, and, if applicable the ads you and others see; and
- to correspond with you regarding the Sites or matters relating to your use or potential use of the Services, or to inform you of developments in our Company or with our Services that we believe may be of interest to you.
Where our vendors, such as AddThis, provide additional functionality on the Sites, we use any information they may collect on our behalf consistent with the foregoing and, if applicable, as described in any interface for that functionality.
Mobile Apps. The Company uses the information collected from your mobile device in a manner consistent with the foregoing. In addition, such information is used for the following three purposes. First, it is used by our support associates to support you if and when you have a problem with our Mobile Apps. Second, our product management team uses the information to make decisions about what devices and operating system versions to support. Finally, usage activity information is required to meet Federal HIPAA regulations.
While you are allowing us to use the information, we receive about you, you always own all of your information.
Our Sharing of Information. Your trust is important to us, which is why we don’t share information we receive about you with others unless we have:
- received your permission; or
- given you notice, such as by telling you about it in this Policy; or
- removed your name or any other personally identifying information from it.
We do not sell or rent your personally identifiable information to third parties for marketing purposes.
We may share your personal information as follows:
- When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of the Company, our users, or others; and in connection with the enforcement of terms which may govern our Site.
- The contents of your online communications, as well as other information about you as a Site user, may be accessed and disclosed (i) in response to lawful governmental requests or legal process (for example, a court order, search warrant or subpoena) and (ii) in other circumstances in which we have a good faith belief that a crime has been or is being committed by you or another user or that an emergency exists that poses a threat to the safety of you or another person.
As noted above under the caption “What Information Does the Company Collect From You,” information collected by AddThis through the Sites is used for online behavioral advertising purposes.
Legal basis for processing (EEA visitors only):
If you are a visitor from the European Economic Area (“EEA”), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to initiate and agreement with you (e.g. to provide you with our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to collect personal information from you. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need to use your personal information. If we process personal information in reliance on your consent, you may withdraw your consent at any time.
If you have questions about, or need further information concerning, the legal basis on which the Company collects and uses your personal information, please contact us using the contact details provided under the “Contact Us” section below.
6. PROTECTING YOUR PERSONALLY IDENTIFIABLE INFORMATION
Because security is important to both the Company and you, we maintain data handling and storage practices and procedures that are designed to maintain the integrity and confidentiality of the personally identifiable information (or “PII”) submitted to us, both during transmission and once we receive it. Industry standard internet security methods and technologies are used in an effort to prevent unauthorized access, maintain data accuracy, and ensure correct use of information. For example, where appropriate, when you enter sensitive information, such as personal health information, we encrypt that information using secure socket layer (“SSL”) technology. No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security (for example, as a result of unauthorized acts by third parties that violate applicable law or the policies of the Sites and its service providers).
Data transmitted via the Sites (other than credit card payment information) is stored on servers which are owned or controlled by us and such data is store for as long as it is necessary to provide Services to you and others. Typically, information associated with your account will be kept until your account is deleted. For certain categories of data, we may also tell you from time to time about specific data retention practices. Where we are the data controller of personal information (for example, personal information relating to PerfectServe Website visitors, Attendees and individuals who register to use our Services), then we retain the personal information we collect where we have an ongoing legitimate business need to do so (for example, to provide you with our Services, to enable your participation in an event, and to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or aggregate it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If you suspect unauthorized access to your information, it is your responsibility to contact the Company immediately. Please be aware that data transmission is not always secure and we cannot warrant that information you transmit through the Sites is secure.
7. THIRD PARTY SERVICES, ADVERTISERS AND APPLICATIONS
The Sites now or in the future may reference or provide links to third party services, websites, applications or products, including through third party advertisements. As noted under the caption “APPLICABILITY OF THIS POLICY,” this Policy does not apply to information about you collected by third party services, websites, applications or advertisements associated with, linked to or otherwise accessible from the Sites. The Company does not control and is not responsible for such third-party services, applications, websites or advertisements, or for the privacy policies or information practices of such third parties or their services. You should review the privacy policies applicable to such third-party services, applications, websites and advertisers.
8. COMMUNICATION YOU MAY RECEIVE FROM US
The Company uses voluntarily provided information to provide the Services that you request and give you better customer service. In addition, we use your contact information to send you from time to time announcements (via email or other electronic means) of new Services, updates, promotional information and newsletters. You may unsubscribe or “opt out” from these emails and other communications at any time by following the opt-out link provided in any email received or by contacting us via email at email@example.com. Please allow ten (10) days to process such “opt-out” requests. Please note that even if you unsubscribe from promotional email messages, we may still need to contact you with important transactional information related to your account and your use of the Services. For example, even if you have unsubscribed from our email messages, we will still send you emails confirming your preferences needed to deliver our Services.
9. INTERNATIONAL USERS – APPLICABLE LAW
10. MODIFICATIONS AND DELETIONS TO PERSONAL INFORMATION, AND OTHER PRIVACY INFORMATION
We strive to maintain the accuracy of any personally identifiable information that may be collected from you, and will use our commercially reasonable efforts to respond promptly to update our database when you tell us the information in our database is not accurate. It is your responsibility to ensure that such information is accurate, complete and up-to-date. You may obtain from us, by e-mail the registration information in our records and/or files. Information will be updated as soon as reasonably practicable. Removed information may persist in backup copies for a reasonable period of time but will not be generally available.
Once you are no longer a user of our Services, your account is permanently deleted from the Sites. It typically takes about one month to delete an account, but some information may remain in backup copies and logs for up to ninety (90) days.
Notice to End-Users
Our Services are intended for use by healthcare enterprises. Where our Services are made available to you through a customer of ours, that enterprise is the data controller of your personal information. Your data privacy questions and requests should initially be submitted to the customer in its capacity as your data controller. The Company is not responsible for our customers’ privacy or security practices which may be different than this Policy.
11. YOUR DATA PROTECTION RIGHTS AND HOW TO EXERCISE THEM
You have certain choices available to you when it comes to your personal information. Below is a summary of those choices, how to exercise them and any limitations.
Correcting, updating and removing your information:
An individual who seeks to exercise their data protection rights in respect of personal information stored or processed by us on behalf of a customer of ours within the Services (including to seek access to, or to correct, amend, delete, port or restrict processing of such personal information) should direct his/her query to our customer (the data controller). Upon receipt of a request from our customer for us to remove the personal information, we will respond to their request within thirty (30) days. We will retain personal information that we process and store on behalf of our customers for as long as needed to provide the Services to our customers.
Accessing and updating or deleting your information:
In cases where we act as the data controller of your personal information, we will provide you with information about whether we hold any of your personal information upon request. We will respond to such requests within a reasonable timeframe. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Deactivating your user profile:
If you no longer wish to use our Services, our customer may be able to deactivate your account. First, please contact customer with your request. If you are a customer and are unable to deactivate an end-user account through your administrator settings, please email firstname.lastname@example.org. Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services.
Request that we stop using your information:
You may request that your personal information no longer be accessed, stored, used and otherwise processed where you believe that the Company does not have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this Policy. Where you gave us consent to use your personal information for a limited purpose, you can contact us to withdraw that consent. You can also opt-out of our use of your personal information for marketing purposes by contacting us, as provided below. When you make such requests, we may need time to investigate and facilitate your request. Please note that an end-user of a customer should first contact that customer with a request to stop access, storage, use of personal information. If there is delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or the dispute is resolved, provided the customer does not object (where applicable).
Opt-out of communications:
We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non-transactional communications by sending a request to privacy. You may opt-out of receiving promotional communications from us by using this unsubscribe link within each email. Even after you opt-out from receiving promotional messages from us, if you are an agent of a customer, then you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings.
Other data protection rights:
If you wish to exercise any other data protection rights that are available to you under your local data protection laws (such as the right to data portability or to data restriction) then please send your request to email@example.com and we will respond to your request in accordance with applicable data protection laws. You have the right to complain to your local data protection authority if you are unhappy with our data protection practices.
The Services are intended for healthcare professionals. Accordingly, in compliance with the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501-06 and 16 C.F.R. §§ 312.1-312.12, the Company will not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register. If you are under 13, please do not attempt to register for the Sites or send any information about yourself to us, including your name, address, mobile device number, or email address. By using the Sites, you represent that you are not under 13 years of age.
13. BUSINESS TRANSFER
The Company may, in the future, sell or otherwise transfer some or all of its assets to a third party. Your information, including personally identifiable information and technical and usage information we obtain from you directly or automatically via the Sites or your use of the Services, may be disclosed to any potential or actual third-party purchasers of such assets and/or may be among those assets transferred.
14. UPDATES TO THIS POLICY
The Company reserves the right to modify this Policy at any time, so please review it frequently. If we make any changes to this Policy, we will change the “Last Updated” date above. If we decide to change our Policy in regards to how we utilize any personally identifiable information, we will post a notice or link to those changes on our homepage. If we make other material changes to this Policy or if we change our email practices, we will notify you here, by email, or by means of a notice on our home page. If you use our Sites or Services after we post these changes, this indicates your acceptance of them.
15. SUPPLEMENTAL PRIVACY TERMS APPLICABLE TO CERTAIN REGIONS
Personal information (as the term is defined in the Personal Information Protection and Electronic Documents Act of Canada (“PIPEDA”)) will be collected, stored, used and/or processed by the Company in compliance with the Company’s obligations under PIPEDA.
The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.
Information We May Collect:
We may collect the following categories of information:
- Demographic Information
- Commercial Information
- Internet or other electronic network activity information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
For each category of information, we collect the information from a variety of sources, including directly from you, from your devices, from your social media profiles, and/or from third party providers. We collect the information to provide you with services, protect our customers and ourselves (including the services), and to improve the services. We do not share personal information with Third Parties as the term is defined under the CCPA.
We do not sell personal information of any individual, including personal information of minors under 16 years of age.
We have disclosed the following categories of personal information for a business purpose in the twelve (12) months prior to this Policy’s last update.
- Demographic Information
- Commercial Information
- Internet or other electronic network activity information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
- Inferences drawn from any of the above information.
We have not disclosed any personal information for valuable consideration in the twelve (12) months prior to this Policy’s last update.
You may have certain rights with respect to your personal information, including:
- The right to access, including the right to know the categories and specific pieces of personal information we collect;
- The right to deletion of your personal information, subject to certain limitations under applicable law;
- The right to request disclosure of information collected;
- The right to disclosure of information disclosed for valuable consideration; and
- The right not to be discriminated against for exercising certain rights under California law.
To exercise these rights, please submit a request by emailing firstname.lastname@example.org. Please be as specific as possible in relation to the personal information you wish to access. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information to verify your identity, we will let you know. We will respond to your request within forty-five (45) days of receipt, or notify you if we require additional time. If you would prefer, you may designate an authorized agent to make a request on your behalf.
If you have questions regarding this Policy or about the Company’s privacy practices, please contact us by email at email@example.com, or at:
Attn: Cooper N. Gallimore, Esq., Corporate Attorney & Chief Privacy Officer
2160 Lakeside Centre Way, Suite 301
Knoxville, TN 37922, United States
16. CONTACT US
If you have questions or concerns regarding your privacy or security on our Sites or Services, feel free to contact us at firstname.lastname@example.org.