2.0 About HIPAAtizerHIPAAtizer is a WordPress plugin tool and HIPAA-Compliant online form building service. For more information about HIPAAtizer please see the “About” section of the Website at www.HIPAAtizer.com.
3.0 What Information Do We Collect?
- 3.1.1 Pre-Registration.If you are interested in learning more about HIPAAtizer, our plugin and the Services and products we offer, we may ask for personal information, such as your name, practice name and size, email address, telephone number, and city/state.
- 3.1.1 Pre-Registration.
- 3.2 Account InformationAs a Developer or Commercial User, you can add additional details about your company and employees to your account. We use this information to improve both your experience and the experience of your End Users. With your approval, we may also connect third-party services to your account. Providing such additional information enables you and your End Users to derive more benefit from HIPAAtizer.
- 3.6 Log Files, IP Addresses, and Information About Your Computer and Mobile DeviceWhen you visit or leave HIPAAtizer sites or apps by clicking a hyperlink or when you view a plugin on a third-party site, we automatically receive the URL of the site from which you came or the one to which you are directed. We also receive the internet protocol (“IP”) address of your computer or the proxy server that you use to access the web, your computer operating system details, your type of web browser, your mobile device (including your mobile device identifier provided by your mobile device operating system), your mobile operating system (if you are accessing HIPAAtizer using a mobile device), and the name of your ISP or your mobile carrier. We may also receive location data passed to us from third-party services or GPS-enabled devices that you have set up. Most mobile devices allow you to prevent real time location data being sent to HIPAAtizer, and of course HIPAAtizer will honor your settings.
- 3.1 Data Controllers
4.0 How Do We Use Your Information?We currently use information collected through tracking technologies, such as cookies and web beacons, to improve the functionality of the Website.For example:
- We track the number of visitors using certain portions or features of the Website to make changes that may be necessary to improve the Website's functionality;
- We track the popularity of features on the Website to guide the development of new ones;
- We identify the types of devices our visitors use so that we can improve and optimize our systems; and
- We assess the ways in which Users become aware of or access the Website in order to gauge the quality and methods of our advertising.
- We do not use personal information to make automated decisions.
- If you provide us with your email address, we may use it for our own marketing, promotional, and informational purposes, including solicitations, invitations, newsletters, awareness campaigns, and announcements. We also may share it with partners and affiliates for their marketing purposes. We will not share your email address with unaffiliated third parties.
- We will not retain your information, whether obtained through tracking technologies or provided by you longer than necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Wherever your PII may be held by HIPAAtizer or on its behalf, HIPAAtizer takes reasonable and appropriate steps to protect the PII that you share with us from unauthorized access or disclosure. HIPAAtizer trains its employees on data handling practices. In addition, HIPAAtizer and its service providers enter into agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your PII.
5.0 Sharing Your InformationWe engage certain service providers, identified below, to track and associate internet search and browsing behavior with our advertisements and to provide functionality on the Website.These third-party service providers are limited to using information only as instructed to provide contracted services to us. We have configured the third-party technologies we use: Google Ads and Facebook Pixels to use tracking technologies, such as cookies and web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services, analytics and target ads. More specifically, these companies may use non-personally identifiable information about your visits to other websites, together with non-personally identifiable information about your purchases and interests from other online and offline sources, to provide ads about goods and services of interest to you.In addition, we may share Website usage information with these service providers to manage our content, administer target ads and for market research purposes. Finally, information obtained through these processes may be combined with Personally Identifiable Information in order to analyze our marketing efforts.We will only share PII with third party vendors, consultants, agents, partners, and other service providers with whom we contract to help us provide or improve our services.Please note that HIPAAtizer will only share your information in accordance with this Policy, except in the following situations:
- You have given us your consent to share or use information about you;
- We believe that we need to share information about you to provide a service that you have requested from us or from others;
- We are required by law to disclose information; or
- We believe that it is necessary to protect our rights or to avoid liability or violations of the law;
- To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Policy; or
- To any other person with your consent to the disclosure.
6.0 Your Choices and Obligations
- 6.1 Rights to Access, Correct, or Delete Your Information, and Closing Your AccountYou have a right to (1) access, modify, correct, or delete your personal information controlled by HIPAAtizer, (2) change or remove your content, (3) export your data, and (4) close your account. You can also contact our support team for any account information which is not on your profile or readily accessible to you.If you are a Commercial User and close your account(s) by canceling your subscription, your information will be retained for a limited time so you may resume your subscription at a later date. If you close your account(s) by opting to delete your account or otherwise request removal of your PII, your information will be made available for you to export and download for a period of seven (7) days following your request and then permanently will be removed from the Services within thirty (30) days of your request. HIPAAtizer only uses your personal data for the reason given at the time of collection and is securely deleted after it is no longer needed.
- 6.1 Rights to Access, Correct, or Delete Your Information, and Closing Your Account
7.0 General Data Protection Regulation (GDPR)The General Data Protection Regulation (GDPR) aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. HIPAAtizer is committed to always operating in the best interests of our customers and this includes compliance with GDPR.
- 7.1 GDPR Key PrinciplesSeveral major principles underpin many of the requirements found in the GDPR in regards to controlling and processing personal data:
- Fairness and Transparency.Organizations must always process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation.Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that's incompatible with those purposes.
- Data Minimization.Organizations can collect only personal data that is adequate, relevant, and limited to what is necessary for the intended purpose.
- Accuracy.Personal data must be accurate and, where necessary, kept up to date.
- Data Deletion.Personal data must be kept only for as long as it is needed to fulfill the original purpose of collection.
- Security.Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration.
- Accountability.A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.
- Fairness and Transparency.
- 7.2 Data Controller vs. Data ProcessorGDPR sets out responsibilities for entities that manage data, these include data processor and the data controller.
- Data Processor.Data processors process personal data on behalf of a data controller.
- Data Controller.Data controllers decide the “purposes” and “means” of any processing of personal data.
- HIPAAtizer as a Data Controller.Additionally, HIPAAtizer acts as the data controller for the personal data we collect about you, the User of HIPAAtizer Services, including the Website and our mobile applications. We process your personal data necessary for us to perform our contract with you (GDPR Article 6(1)(b)). We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)). This primarily involves financial data and information that we need to meet our accountability obligations under the GDPR. We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
- Data Processor.
- 7.3 Individual RightsUsers have a number of rights regarding how HIPAAtizer handles your personal data:
- Data Access.You have the right to confirm with HIPAAtizer whether HIPAAtizer is processing your personal data.
- Right to Object.You can, in certain cases, object at any time to the processing of your personal data, in particular if the processing is for direct marketing purposes.
- Data Recertification.You can send us a request to correct or complete personal data if the data is inaccurate or incomplete.
- Restriction of Processing.You can request HIPAAtizer to stop access to and modification of your personal data.
- Data Portability.HIPAAtizer provides functionality in the web app to export your data for your users, accounts, and activity in PDF format so that you can transmit your own personal data to another company. In certain cases, you have the right to ask HIPAAtizer to provide additional personal data, also in a structured, commonly used, and machine-readable format such as a CSV file.
- Right to Erasure.This is also known as “the right to be forgotten.” This right empowers you to request that HIPAAtizer delete or remove your personal data in situations such as when the data is no longer needed for the original purpose, when the data subject withdraws consent, or when the data subject objects to the processing and the controller has no overriding legitimate interest in the processing. HIPAAtizer provides you this functionality in the settings section of the HIPAAtizer Website.
- Contact.If you have any questions or feedback, or need to reach our Data Protection Officer, please reach out to our support team by email at support@HIPAAtizer.com.
- Data Access.
- 7.1 GDPR Key Principles
8.0 California Consumer Privacy Act (CCPA)The California Consumer Privacy Act (CCPA) is a U.S. law enacted in the State of California effective beginning January 1, 2020. In general, the CCPA expands the privacy rights of California citizens and requires certain companies to comply with a range of data protection requirements including:
- The consumer's right to receive a copy of the specific personal information collected about them during the 12 months prior to their request;
- The consumer's right to know a company's data collection practices, including the categories of personal information it has collected, the source of the information, the business's use of the information, and to whom the business disclosed the information it has collected about the consumer;
- The consumer's right to have such personal information deleted (with exceptions);
- The consumer's right to know the business' data sale practices and to request that their personal information not be sold to third parties;
- A prohibition on businesses on discrimination for exercising a consumer right; and
- An obligation on businesses to notify a consumer of their rights.
11.0 Key Terms
- Tracking Technologies:Tracking technologies include technologies such as “cookies” and “web beacons,” which are used to analyze trends, administer the Website, and help us provide you with a more personalized experience and improve our services.Cookies are small amounts of text files that are sent from a website to your computer's browser when you visit the site. These cookies are then stored in files within your computer's browser. Websites can access only the cookies that they have stored on your computer. For every future time you access a website, your browser sends the cookie back to the server, which notifies the website of the user's previous activities on the website. Thus, cookies serve several useful purposes, like letting you navigate between pages more efficiently, saving your preferences, and enhancing your user experience with the website.Web beacons (also called transparent GIFs, web bugs, pixels, or action tags) are strings of code that deliver a tiny graphic image on a web page or in an email which is used to monitor the behavior of the user visiting the website or sending the email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page on which the web beacon is placed. In general, any file served as part of a web page can act as a web beacon.
- Internet Protocol (IP) Address:A numerical label separated by periods that identifies every device (e.g., computer, printer) that participates in a network. IP addresses allow these devices to communicate with one another and transmit relevant information.
- Personally Identifiable Information (PII):For purposes of this Policy, PII includes: first and last name; physical mailing address including street name and city/town; email; and telephone number.
- Tracking Technologies: