Effective Date: September 25th 2020
This Privacy Policy describes the privacy practices that Good Methods Global Inc. dba CareStack (“CareStack” or “us” or “we”) follows when collecting and using information about you on our website (located at https://www.carestack.com/ ), mobile applications, and any other channel or mobile feature that we operate (collectively, the “Site”). We ask that you please read this Privacy Policy before using the Site. It describes what information we gather from you and others who visit or use the Site, how we use that information, and what we do to protect it. When you access or use the Site, certain information, including Personal Information may be collected, transferred, processed, stored, and in certain circumstances, disclosed or shared as described in this Privacy Policy.
This Privacy Policy complies with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Privacy Policy. Capitalized terms used but not defined in this Privacy Policy have the definitions provided in our Terms of Use (located at https://www.carestack.com/legal/2020-1/termsofuse/ ). Parts of the Terms of Use affect this Privacy Policy, so unless you have already done so, please review the Terms of Use prior to using the Site.
BY CREATING AN ACCOUNT ON OUR SITE OR OTHERWISE PROVIDING US WITH YOURS OR OTHERS’ PERSONAL INFORMATION, YOU EXPRESSLY CONSENT TO THE INFORMATION HANDLING PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND YOU ACKNOWLEDGE AND CONFIRM THAT YOU HAVE PERMISSION TO PROVIDE US WITH ALL PERSONAL INFORMATION PROVIDED. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR THE TERMS OF USE, PLEASE DO NOT ACCESS, USE, OR REGISTER FOR AN ACCOUNT ON THE SITE.
We collect data to provide the products and services you request, ease your navigation on the Site, communicate with you, and improve your experience using the Site. Some of this information is provided by you directly to us, such as when you schedule an appointment or book a demo. Some of the information is collected through your interactions with the Site. We collect such data using technologies like Cookies, action tags, and other tracking technologies, error reports, and usage data collected when you interact with our Site. Some of the information is collected from your use of, and interactions with, us and others on social media, including but not limited to Facebook®, Twitter®, LinkedIn®, and YouTube® (collectively “Social Media”).
The data we collect depends on the products, services, and features of the Site that you use, and includes the following:
When you visit the Site without creating an account, you can browse without submitting Personal Information about yourself. In general, we collect Personal Information that you submit to us in the process of creating or editing your account and user profile on the Site or that you submit to us voluntarily through your use of the Site. Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household is “ Personal Information.”
In particular, the Site has collected the following categories of Personal Information from users in the last twelve (12) months. We obtain these categories of Personal Information with the methods described in more detail below.
Category | Examples | Collected |
---|---|---|
A. Identifiers. |
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. |
YES |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. |
YES |
C. Protected classification characteristics under California or federal law. |
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). |
YES |
D. Commercial information. |
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
YES |
E. Biometric information. |
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. |
YES |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES |
G. Geolocation data. | Physical location or movements. | YES |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | NO |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other Personal Information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
Personal Information does not include:
Additionally, the following types of personal information are excluded from the CCPA’s scope:
We may also collect Personal Information from third parties, such as Social Media, Payment Processors, product vendors, and other partners. Our collection of this information allows us to provide you with our products and services, establish, maintain and support your user account on the Site, and communicate with you in accordance with our Terms of Use.
Certain individually identifying health information that you may provide to us is protected under HIPAA (“PHI”), which offers different protections than privacy laws such as the CCPA. When CareStack is acting as a “Business Associate” (as defined in HIPAA), and to the extent that you provide such PHI, we will handle your PHI in accordance with HIPAA requirements. This means that CareStack will only use or disclose your PHI as authorized by you or as otherwise permitted under the law.
Similar to other websites, we use tracking technologies to automatically collect certain technical information from your web browser, mobile, or other device when you visit our Site. This data may include, without limitation, your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time of your visits. Our collection of this data, described in more detail below, allows us to provide more personalized services to you and to track usage of the Site.
We automatically derive and collect certain data based on your interactions with the Site using cookies and similar technologies (collectively, “Cookies”). Our collection of data through Cookies includes information about your browser and Site usage patterns, which may include your IP address, browser type, browser language, referring/exit pages and URLs, pages viewed, links clicked, whether you opened an email, and information about the device you use to access the Site. Our collection of this information allows us to improve your user experience in various ways, such as to personalize our display of the Site to you, to “remember” whether or not you are signed in, and to provide better technical support to you.
Please note: If you restrict, disable, or block any or all Cookies from your web browser or mobile or other device, the Site may not operate properly, and you may not have access to certain services or parts of the Site. We will not be liable for any interruption in, or inability to use, the Site or our services or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.
We may use Pixels to automatically record certain technical information about your interactions when you visit the Site or otherwise engage with us, to help deliver Cookies on our Site, or count users who have visited the Site. We may also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements and related information of Site users. Unlike Cookies, which are stored on a user’s computer hard drive, Pixels are embedded invisibly on web pages or in HTML-based emails. The data we receive through Pixels allows us to effectively promote the Site to various populations of users, and to optimize external advertisements about the Site that appear on third-party websites.
We may obtain both personal and non-personal information about you from business partners, contractors, suppliers, and other third parties and add it to your account information or other information we have collected. We, and the third parties we engage, may combine information we collect from you over time, and across the Site, with information obtained from other sources. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.
We collect precise geolocation data from you or your device, as well as your address information, e.g., shipping and billing address, when you set up your account and order our products or services. We also collect and use information about your general location (e.g., your state of residence) and can infer your approximate location based on your IP address in order to track our general Site usage or to tailor any pertinent aspects of your user experience to the region where you are located.
You may also provide us with a third party’s Personal Information in connection with scheduling an appointment or booking a demo, among other things. We collect and handle any such Personal Information about others consistent with this Privacy Policy. You represent and warrant that you have obtained any required consent, provided any required notice, and otherwise fully complied with all applicable laws, including any data protection laws, with regard to any information that you provide to us about others.
If you interact with us or our other users regarding CareStack and its products and services on any Social Media: (a) the Personal Information that you submit by and through such Social Media can be read, collected and/or used by us (depending on your Social Media privacy settings) as described in this Privacy Policy and (b) where CareStack responds to any interaction with you on Social Media, your account name/handle may be viewable by any and all members or users of CareStack’s Social Media accounts. We are not responsible for the Personal Information that you choose to submit or link on any Social Media. Social Media operates independently from CareStack, and we are not responsible for Social Media interfaces or privacy or security practices. We encourage you to review the privacy policies and settings of any Social Media with which you interact to help you understand their privacy practices. If you have questions about the security and privacy settings of any Social Media that you use, please refer to the applicable privacy notices or policies.
We also use Google Analytics, Facebook, and other third party analytics providers (“Analytics Providers”) to collect information about Site usage and the users of the Site. These Analytics Providers use Cookies in order to collect demographic and interest-level information and usage information from users that visit the Site, including information about the pages where users enter and exit the Site and what pages users view on the Site, time spent, browser, operating system, and IP address. Cookies allow Analytics Providers to recognize a user when a user visits the Site and when the user visits other websites. Analytics Providers use the information they collect from the Site and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit the Site and other websites and purchase items. For more information regarding our Analytics Providers’ use of Cookies, collection and use of information, and how to opt-out of tracking, see:
The Site contains links to third party websites and services, including links to Social Media. We are not responsible for any of the content or features or functionality of other linked websites or services. We are also not responsible for the privacy practices and the terms and conditions of use for any external websites or services. The linked websites and services may collect Personal Information from you that is not subject to our control. The data collection practices of linked third party websites and services will be governed by that third party’s privacy policy and terms of use.
We may use or disclose the Personal Information identified above for one or more of the following business purposes (“Business Purpose”):
When you create an account with us and provide us with your email we may, subject to applicable law, use your email address to send you Site-related notices (including any notices required by law, in lieu of communication by postal mail), updates, news, and marketing messages. For example, when you register, you will receive a welcome email. If the Site or our services are temporarily unavailable, we may also send you an email notice.
Email communications you receive from us will generally provide an unsubscribe link or instructions allowing you to opt out of receiving future emails or to change your contact preferences. If you have registered for an account with us, you can also change your contact preferences within your account settings. Please remember that even if you opt out of receiving marketing e-mails, we may still send you important service information related to your account and the Site. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses.
CareStack uses third party service providers to serve advertisements or collect data on our behalf across the internet and on this Site (“Advertisers”). Some of these Advertisers may collect your Personal Information about your Site visits and your interactions with our products and services to tailor marketing messages on other sites, or to trigger real-time interactions, customize the Site, or enhance your profile. Advertisers may use Cookies, Pixels and other technologies to collect your Personal Information, measure the effectiveness of their advertisements, and personalize the advertisements on other sites. Some of these Advertisers may collect your Personal Information that you share on the Site via a web form automatically and prior to your submission of the Personal Information (i.e., before you click, “Submit”). Advertisers may be able to use information from your Site visits to send marketing messages to you in a way that could personally identify you. The information collected by Advertisers may include your IP address, email addresses and other user and device level information. For example, when Advertisers send advertisements and links that appear on the Site directly to your browser, they automatically receive your IP address. Please keep in mind that your browser settings may not permit you to control Advertisers’ technologies, and this Privacy Policy does not apply to, and we cannot control the activities of Advertisers. If you would like more information about Advertisers’ practices, please see http://optout.aboutads.info/#!/
We may use non-personally identifiable information, such as anonymized and/or aggregated Site usage data, in any manner that does not identify individual users for the purpose of improving the operation and management of the Site, including to develop new features, functionality, and services, to conduct internal research, to better understand Site usage patterns, to resolve disputes, to troubleshoot problems, to fulfill user requests, or for security and compliance purposes. Any non-personally identifiable information that is combined with Personal Information will be treated by us as Personal Information.
If you purchase or pay for products or services via the Site, the transaction may be handled by our service providers or third party vendor(s) responsible for processing your payment (“Payment Processors”). These entities have their own privacy policies and those terms will apply to you. Please be sure to review them at the links provided during payment processing.
When we disclose Personal Information for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and use only for performance of the contract, and not for any other purpose. We share or make your information available, including any Personal Information, in the circumstances described below.
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a Business Purpose, as more fully described in Section 4:
We disclose your Personal Information for a Business Purpose to the following categories of third parties:
Please note: Affiliated persons or our third party service providers may augment, extend, and combine non-personally identifiable information with data from additional third party sources in order to assist us in our operation of the Site
Under the CCPA, the sale of Personal Information means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to another business or a third party for monetary or other valuable consideration” (Cal. Civ. Code § 1798.140(t)(1)). We make your Personal Information available to third parties, subject to your right to opt-out. In the preceding twelve (12) months, we have made available the following categories of Personal Information:
We make your Personal Information available to the following categories of third parties:
We reserve the right to disclose all information collected via the Site, internally, to affiliates, or to third parties, for any lawful purpose or to prevent harm to us or others. For example, and without limitation, in our discretion we may disclose information to government regulators, law enforcement authorities or alleged victims of identity theft. We will notify you in the event of a government or legal request for your information unless otherwise prohibited by law.
If we should ever transfer or restructure the operational ownership of the Site, such as through a merger with another entity or a reorganization of all or a part of our operational responsibilities or assets, we may disclose, transfer, assign our rights, and/or delegate our duties to your information without notice and consent, including to prospective or actual recipient or acquiring entities. Should this occur, we will require any third party receiving your Personal Information as described under this subsection to be contractually required to provide the same level of privacy compliance as provided by us under this Privacy Policy.
We cannot ensure that all of your Personal Information will be disclosed only in the ways described in this Privacy Policy. For example, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your Personal Information that they collect from the Site. Even with the most rigorous information security standards, no transmission of data over the internet can be 100% secure.
You may always decline to provide your Personal Information to us. Registering for an account or otherwise providing your Personal Information is not required to access some of our online content. If you choose not to provide certain Personal Information to us, some of your experiences may be affected (for example, we cannot schedule an appointment without your name and certain contact information).
We use the Personal Information of our users as needed for the purposes for which it was collected or where you have consented to our use of such information. If you do not wish to provide information to us or do not wish to consent to the uses described in this Privacy Policy, please do not use the Site, set up an account, or supply the requested information to us.
You may have the right under the CCPA to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
You may have the right under the CCPA to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) or vendor(s) to:
If you are 16 years of age or older, you may have the right under the CCPA to direct us not to make your Personal Information available for valuable consideration at any time (the “right to opt-out”). We do not make available the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in may opt-out at any time.
To exercise the right to opt-out please complete this form:
https://www.carestack.com/legal/privacyoptoutform/
. Alternately, to exercise the right to opt-out or opt-in, you (or your
authorized representative) may submit a request to us by sending us an e-mail
at
privacyconcerns@carestack.com
or, once you make an opt-out request, we will wait at least twelve (12) months
before asking you to reauthorize certain information sharing practices.
However, you may change your mind and opt back in at any time by sending us an
e-mail at
privacyconcerns@carestack.com. We will only use Personal Information provided in an opt-out request to
review and comply with the request.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Visiting https://www.carestack.com/legal/2020-1/accessordeletionrequest/
Sending us an e-mail at https://www.carestack.com/legal/2020-1/accessordeletionrequest/
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make such a request for access or data portability twice within a twelve-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Most browsers are initially set up to accept Cookies, but you can reset your browser to refuse all Cookies or to indicate when a cookie is being sent. However, some features and services of the Site (particularly those that require sign-in) may not function properly if your Cookies are disabled. Similarly, if you choose to delete session objects from our Site, you may not be able to access and use all or part of the site or benefit from some or all of the information or features and services offered.
Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have the user’s online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about that browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many websites, including the Site, do not respond to DNT signals.
We use certain physical, managerial, and technical safeguards designed to preserve the security of your information that we maintain in connection with your use of the Site. For example, we encrypt all data with secure sockets layer (SSL) or similar technologies when we transmit your data. This, however, does not guarantee that your information may not be accessed, disclosed, altered, or destroyed by any breach of our physical, technical or managerial safeguards. In the event that any of your Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and will notify you, as appropriate, in accordance with pertinent laws and regulations.
We or our third party hosting providers store Personal Information in operating environments that are safeguarded against public or unauthorized access and protected from internal access with physical and technical security measures. While these measures are helpful to safeguard your Personal Information after we receive it, no transmission of data over the internet is 100% secure.
Please be aware that we have offices in the United States. The Site is governed by United States law. If you are using any of our products or services from outside of the United States, your information may be transferred to, stored, and processed in the United States where our servers may be located. The United States might not offer the same level of privacy protection as the country where you reside or are a citizen. BY USING THE SITE, COMMUNICATING WITH US VIA MAIL, EMAIL OR TELEPHONE, OR OTHERWISE PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER TO, AND PROCESSING OF, YOUR INFORMATION IN THE UNITED STATES.
Residents of the European Economic Area (“EEA”) may be entitled to rights under the GDPR. If you qualify, these rights are summarized below.
If you request to exercise your rights under the GDPR, we may require verification of your identity before we respond to any such request. If you are entitled to these rights, you may exercise the following rights with respect to your Personal Information that we collect and store:
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above-listed rights may be made to: privacyconcerns@carestack.com. If you are an EEA resident, you have the right to lodge a complaint with a Data Protection Authority about how we process your Personal Information at the following website: https://edpb.europa.eu/about-edpb/board/members_en.
California Civil Code § 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed Personal Information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacyconcerns@carestack.com.
While the Site is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacyconcerns@carestack.com. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your content or information from the Site does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
Because our privacy practices and privacy law necessarily evolve over time, we reserve the right to revise this Privacy Policy from time to time in our sole discretion, upon notice to you such as by posting updated Privacy Policy on the Site, sending you an email to your account email, or by any other reasonable means. You should periodically review this Privacy Policy to ensure that you are familiar with the most current version. Your continued use of the Site after the Effective Date posted above will constitute your acceptance of the updated Privacy Policy.
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information described in this Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at
E-mail: | privacyconcerns@carestack.com |
Postal Address: |
|