This Policy describes how ChartSpan Medical Technologies, Inc. (“ChartSpan” “Company” “we” or “us”) may collect, use, communicate and disclose and make use of personal information.
Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
We will collect and use of personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law.
We will only retain personal information as long as necessary for the fulfillment of those purposes, or as legally required.
We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
We will protect personal information with reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
We will make readily available to customers information about our policies and practices relating to the management of personal information.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
We collect, use, disclose and process personal data to provide you with the services and to improve your user experience and technical support. ChartSpan may use your personal data to contact and correspond with you, to respond to your inquiries; to track communications with you; to perform safety backups of your personal data; to assist you or your healthcare professional in tracking your health data; to generate global statistics (anonymized data will be used for this purpose); to help the Company develop new services and software features that meet your needs and to improve the software.
The information sharing practices described above are in accordance with federal law. California and Vermont, and various other state law places additional restrictions on sharing information about their residents, and our policies comply with such restrictions.
Cal. Bus. And Prof. Code Section 22575 also require us to notify you how we deal with the “Do Not Track” settings in your browser.
CALIFORNIA CONSUMER PRIVACY ACT SUPPLEMENTAL NOTICE
Overview of California Consumer Privacy Laws
Do California Residents Have Specific Privacy Rights?
Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 179883, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
California Consumer Privacy Act
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect and sets new requirements and rights relating to personal information of California consumers. This section for California residents applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Yes|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||Yes|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes|
|G. Geolocation data.||Physical location or movements.||Yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes|
|L. Sensitive Personal Information||Yes|
We will use and retain the collected personal information as needed to provide the Services or for:
Category A – As long as the user has an account with us
Category B – As long as the user has an account with us
Category G – As long as the user has an account with us
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
Receiving help through our customer support channels;
Participation in customer surveys or contests; and
Facilitation in the delivery of our Services and to respond to your inquiries.
Transfers of Personal Data
The Services are hosted and operated in the United States (“U.S.”) through and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided in the U.S. and will be hosted on U.S. servers, and you authorize ChartSpan to transfer, store and process your information to and in the U.S., and possibly other countries.
Right to Correct Personal Information
Your Right to Correction. You have the right to request the correction of any inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as you may direct.
To help protect the privacy of data and personally identifiable information you transmit through use of this site and any other related services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
Categories of Sources
The CCPA information we collect comes directly from you when you inquire about our products and services via our website or by telephone or when you file a claim for reimbursement or view our website; from your employer (where applicable) where your employer is providing benefits; and from third parties that assist us in providing these benefits.
How We Use Information
We may use or disclose the personal information listed above for the following purposes, as permitted by CCPA and other applicable law:
To provide you with information about our products and services
To administer the products and services that we offer, including to determine eligibility or to review and pay claims
To review product performance to evaluate benefits to be offered
To engage service providers to assist us in administering and providing our products and services
To consult with you or others designated by you, or as allowed by law, regarding your benefits
To provide data analytics to allow us to assess product performance or enhance our products or website
To comply with administrative or legal requests, subpoenas, or otherwise required by law
For any purpose that would be permitted under HIPAA or Gramm-Leach-Bliley.
Selling your Personal Information
We do not sell your CCPA information.
In the future, where the CCPA applies to the product or service we offer, you may have the right to request access, data portability, and deletion rights.
We will not discriminate against you for exercising your CCPA rights.
Changes to Our Privacy Notice
Requesting Notice in Alternative Format/Language
You may be able to request this notice in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information below to request an alternative format.
Withdrawal of consent and Opt-out
Generally not suitable for children under the age of 13
ChartSpan services are not intended for children under the age of 13. We do not knowingly collect personal data via the services from users in this age group. We do, however, collect information about children and babies provided by the parents or legal guardians of such children or babies. We ask our services’ users not to provide information about any baby or child without first getting their parents’ or legal guardians’ consent. By providing personal data regarding any baby or child, you are affirming that you are legally authorized to do so. We encourage parents and legal guardians to talk to their children about their use of the Internet and the information they disclose pursuant to the Services.
ChartSpan uses commercially reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data we collect. However, ChartSpan can’t fully eliminate security and/or privacy risks associated with personal data created, stored or transferred using the internet and internet technologies.
ChartSpan, as the data processor, shall not be liable for any breach, unauthorized disclosure or unlawful use of your personal data or health data that was, at the time of the breach, under the control of your healthcare professional.
Attn: General Counsel
411 University Ridge, Suite 200
Greenville, SC 29601