Arctrieval Inc. Privacy Policy
Last updated 7/13/2023
At Arctrieval, Inc., we respect the privacy of our Users’ information and are committed to protecting Personal Information that Users disclose on our website. This Privacy Policy describes how we will use and protect our Users’, their patients’ and their clients’ personal information and how we will notify our Users in the event of a security breach. This Privacy Policy is a part of our Terms of Use, which Users are required to accept in order to use the Site.
BY USING THIS SITE, USERS AGREE TO BE BOUND BY THE TERMS OF THIS PRIVACY POLICY. ANY USERS WHO DO NOT AGREE WITH THESE TERMS SHOULD NOT USE THIS SITE!
- About Our Privacy Policy. This Privacy Policy applies to www.Arctrieval.com, app.Arctrieval.com and legal.Arctrieval.com. The Site may contain links to other Web sites. We are not responsible for the privacy practices of other Web sites that Users may enter by, for example, clicking on an advertisement, service, or content link on the Site. We strongly encourage Users to review the privacy policy of every Web site that they visit through a link or advertisement on the Site. We also are not responsible for Users’ or own data security practices.
- Changes to Our Policy. We reserve the right to modify or amend this Privacy Policy at any time. All changes to this Privacy Policy will be effective immediately upon their posting to the Site. We will notify Users of material changes to this Privacy Policy by conspicuously posting the changes on the Site. Information collected before changes are made will be treated in accordance with the previous Privacy Policy. Each version of our Privacy Policy will be prominently marked with an effective date. CONTINUED USE OF THE SITE AFTER THE EFFECTIVE DATE OF A PRIVACY POLICY WILL INDICATE THE USER’S AGREEMENT TO ANY MODIFIED TERMS.
- Definitions/Glossary. The following terms are used in this Privacy Policy and having the meaning set forth below.
- “Attorney” refers to any person or entity that provides legal services.
- “Content” refers to any text, graphics, logos, button icons, images, audio or video content, digital or printable downloads, and other materials that may appear on or may be produced by the Site.
- “Cookies” refer to electronic data stored by the User’s computer browser. The Cookies enable us to facilitate access to different aspects of the Site.
- “Healthcare Provider” refers to any person or entity that provides health care services, including doctors’ offices, clinics, and hospitals.
- “Non-Personal Information” refers to any information collected from a person that cannot be used to identify that person.
- “Personal Information” refers to Personally-Identifiable Information or Protected Health Information, collectively.
- “Personally-Identifiable Information” or “PII” refers to information that can be used to identify a specific individual. Some examples of PII are name, home address, telephone number and email address.
- “Protected Health Information” or “PHI” refers to personal health information that is protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). PHI is defined as Personally-Identifiable information about the past, present, or future physical or mental health or condition of a patient, the provision of health care to a patient, or the past, present or future payment for such care.
- “Site” refers to the Arctrieval websites, www.Arctrieval.com, app.Arctrieval.com and legal.Arctrieval.com.
- “SSL” refers to Secure Socket Layer, a security protocol for securely transmitting information over the Internet. Most modern web browsers support SSL. Web sites that use SSL have a URL that begins with https:// instead of http://.
- “User” and/or “you” refers to any individual who visits the Site and/or uses our services and provides Personal Information, PHI, or non-personal information in the use of the same.
- “We,” “our,” “us,” and “Arctrieval” refer to Arctrieval, Inc., a Delaware Corporation, the entity that runs and maintains the Site.
- “Web beacons” refer to Internet tools, such as transparent images on the Site or in emails that we may send the Users that help us to determine, for instance, whether a page has been viewed or an email opened. For example, when the Users ask us to send them information on a promotion or newsletter, we may use web beacons to determine how many of the emails we sent were actually opened. In general, any electronic image viewed as part of a web page, including a banner ad, can contain a web beacon.
- The Non-Personal Information We Collect and How We Use it. We collect Non-Personal Information about Users, such as IP addresses, browser types, pages viewed, general demographic information, such as age, income, medical demographics, and occupation.
We use this information in the aggregate to determine how much traffic the Site receives, to statistically analyze Site usage, to improve our Content, and to customize the Site’s content, layout, and services. In addition, we may use the User’s IP address to help diagnose problems with our server, to manage the Site and to enhance the Site based on the usage pattern data we receive.
We may use third party service providers to assist us in collecting and analyzing Non-Personal Information, such as but not limited to Google Analytics.
For how we respond to Do Not Track requests regarding such information, please see this Privacy Policy.
- The Personal Information We Collect. We provide Attorneys, Healthcare Providers and consumers with secure and efficient solutions for health information management and correspondence services. In providing these solutions, we collect both Personally-Identifiable Information and Protected Health Information from Users about themselves, their clients and/or their patients, as applicable and as further described below.
We collect information that Users voluntarily share with us, which may include a User’s, client’s and/or its patients’ (1) contact information (such as name, address, email address, and phone number), (2) payment information (such as credit card information), (3) login information (such as a password, Username, and security questions/answers), (4) date of birth, and (5) Protected Health Information, subject to applicable laws and the terms of this Privacy Policy.
We may use third party service providers, such as PayPal or Stripe, to collect and process payment information. As a result of the nature of our service, we may also receive the User’s Protected Health Information from third parties, such as Healthcare Providers or Attorneys. We are not responsible for nor do we review such third-parties’ privacy policies; therefore, the User is encouraged to review and determine for itself whether it agrees with and wishes to provide personal information to such third parties.
- How We Use the Personal Information We Collect. The collected information is generally used to provide health information management and correspondence services available through the Site. In providing those services, we may disclose Personal Information to Healthcare Providers, to Attorneys or to third-party suppliers specifically involved in the processing of the User’s PHI correspondence, and as otherwise necessary to provide the services request by the User. In addition:
- We may obtain, use, and disclose personal information about Users to process transactions and contact Users in order to send information and updates pertaining to their requests for the release of PHI.
- We may obtain, use and disclose personal information about Users for the purpose of verifying their identity and, for those who are Healthcare Providers or Attorneys, verifying their individual or practice credentials.
- We may also use or disclose Personal Information to resolve disputes, investigate problems, and enforce our Site Terms of Use or if we otherwise consider it necessary to do so to maintain service and improve our services.
- We may disclose or access information upon merger or reorganization of our company or the sale of some or all of its assets.
- We may use Personal Information in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services, and how to improve the Site and our customer service. We may provide this aggregated, non-identifiable information to third parties.
- Legal Disclaimer. We reserve the right to disclose Personal Information as required by law and when we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use, or as otherwise required by law.
Except as stated above, we will never sell, distribute, or release to a third party the User’s Personal Information.
- Special Note Concerning Protected Health Information. We will comply with (1) the provisions of the HIPAA privacy and security regulations, (2) provisions of the HIPAA Security Rule that apply to business associates under the Technology for Economic and Clinical Health Act of 2009 (the HITECH Act) and (3) the privacy and security provisions of the HITECH Act that are applicable to business associates.
- Handling of Electronic Records. In general, we will retain all information collected through the Site for, at a minimum, the length of time required by law or as otherwise provided for in this Privacy Policy. Our policies on specific types of information are described below:
- Consent Forms and Contact Information. We retain the User’s PHI release authorization consent forms and contact information indefinitely. This information is retained to provide an audit trail for the User’s PHI correspondence and to notify Users in the case of any breach of their or their patients’ Personal Information in our possession.
- Financial Information. We collect and retain User’s financial information as necessary to process any fees associated with the services provided and to remit any monies owed. Notwithstanding the forgoing, all payments are processed through our third-party payment processors who have their own data security practices for which we take no responsibility.
- Other Personal Information. We will delete any other Personal Information in our database not identified above, upon account termination, upon a User’s request, or as otherwise required by law. However, such information stored in backup files will be handled as described in below.
- Non-Personal Information. We may retain Non-Personal Information indefinitely.
- Backup Files. We maintain backup files as a protection against natural disasters, equipment failures or other disruptions. Backup files protect both the Users and us because they lower the risk of losing valuable data. Backup files may contain records with the User’s Personal Information. Removing a record from our main files does not remove that record from any backup systems. Additionally, information deleted from our main files for any reason, including upon termination of the User’s account or upon the User’s specific request, are not actively deleted from our backup systems. Such data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.
- Security. We employ technologically reasonable and current methods to help prevent unauthorized access, maintain data accuracy, and ensure correct use of information as described below.
- NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE TRY TO PROTECT THE USER’S PERSONAL INFORMATION, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION THAT USERS TRANSMIT TO US, AND USERS DO SO AT THEIR OWN RISK.
- USERS SHOULD ALWAYS BE CAREFUL WHENEVER THEY VOLUNTARILY DISCLOSE PERSONAL INFORMATION ONLINE—FOR EXAMPLE ON MESSAGE BOARDS, THROUGH EMAIL OR IN CHAT AREAS— AS THAT INFORMATION CAN BE COLLECTED AND USED BY OTHERS.
- Data System Security. Passwords and information to access account information are stored in an encrypted format. The data systems are located in a PCI-compliant datacenter located in the United States.
- Physical Security. Our data systems are housed in a secured and guarded facility. Access to the facility is limited to authorized personnel only and secured with military-grade pass cards and biometric finger scan units. The facilities are monitored through closed circuit televisions and security teams are present onsite 24 hours a day, 7 days a week, and 365 days a year.
- Communications between Our Systems and the User’s Browser. Communications between the User’s browser and portions of the Site containing Personal Information are protected with Secure Socket Layer (SSL) encryption. Users must have a browser that supports 128-bit encryption to access those portions of the Site.
- Personal Information is Password Protected. For Users who choose to set up an account, any Personal Information and account information is only accessible using the password specified for the account. Passwords are stored on our systems in an encrypted format. We recommend that Users do not share their password with anyone. Our personnel will never ask a User for their password in an unsolicited phone call or in an unsolicited email. Users should remember to sign out of their account and close their browser window when they have finished their session. This is to help ensure that others cannot access their Personal Information and correspondence if they share a computer with someone else or are using a computer in a public place where others may have access to it. Attorney and Healthcare Provider account access is limited to those Users who have login details provided by the Attorney or Healthcare Provider. All access and use of the Site in password-protected areas is recorded.
- In the Event of a Security Breach of the User’s Personal Information. If we determine that a User’s Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify the User, at the contact information provided to us, within a reasonable time in accordance with applicable state and federal law, so long as the notification would not interfere with a criminal investigation.
- International Transfer. We operate globally so it may be necessary to transfer Users’ information internationally. In particular, your information will likely be transferred to and processed via servers in Georgia and Arizona, United States, where many of our central databases operate. The data protection and other laws of other countries may not be as comprehensive as those in your country. Please be assured that we take reasonable steps to ensure that your privacy is protected. By accessing our Site you consent to your information being collected, used and transferred as set forth in this Privacy Policy
- How Users Can Update, Correct or Delete Their Personal Information.
- Access to Personal Information in Our Systems. Users who choose to set up an account will have access to an account preferences page. An account preferences page will allow Users to view the Personal Information in our systems, view their health information management activities and history, and specify their communication preferences for alerts, updates, and other notifications.
- Correction of Personal Information. Users can update, correct or delete Personal Information and change the ways in which we use Personal Information in conjunction with the Site, through an account preferences page or by contacting us using the contact information below.
- Notice to Minors. In addition to protecting the privacy of children under age (13) we are committed to protect the privacy of minors. Though our Web site is not targeted to minors nor is it intended to be used by minors, if, for any reason a minor has shared information via our Site said minor may request and obtain removal of such information by contacting us at info@arctrieval.com. Although we offer deletion capability for our Site, you should be aware that the removal of content may not ensure complete or comprehensive removal of that content or information posted through the Site.
- Third-Party Practices. This Privacy Policy addresses only the use and disclosure of information we collect from Users. If Users disclose information to third party websites, even those linked from our Site, different rules may apply to the third party’s use and disclosure of the information disclosed to them. We do not control the privacy policies of third parties, and Users are subject to the privacy policies of those third parties where applicable. We encourage Users to review the privacy policy and any other policies of third party sites before disclosing their Personal Information or engaging the third party for services.
- Children under the Age of 18. Users must be 18 years of age or older to use the Site. Users under the age of 18 must leave this site immediately. Parents are urged to monitor and supervise their children’s online activity. No Personal Information is knowingly collected from a child under the age of 18. However, a parent or legal guardian may use the Site, including creating an account and submitting information, on behalf of a child under the age of 18. If we discover that a child under 18 has provided us with Personal Information without permission, we will delete that child’s Personal Information from our records to the extent possible.
- User Consent. By using the Site, the User consents to the collection and use of their Personal Information and that of their patients in the manner we describe in this Privacy Policy.
- Your California Privacy Rights. California Civil Code Section § 1798.83 permits Users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not share personal information with third parties for direct marketing purposes. If that should change in the future, you will be provided with a cost-free means of preventing such disclosures of personal information through an opt-in or opt-out process.
- Our Newsletter and How to Opt-Out. We may send you company news and information from time to time. If you no longer wish to receive marketing information, press releases or any other type of information from us, including our newsletter, you may send us an email or fax to change your preferences or follow the “unsubscribe” link provided in any email that you receive from us.
- Do Not Track (DNT) Disclosure. Please note that while you may have the opportunity to opt-out of targeted advertising as discussed in the “How to Opt-Out” section above, and you may be able to control the use of cookies through your Web browser as described in the “Use of Cookies” section below, some Web browsers may also give you the ability to enable a “do not track” setting. This setting sends a special signal to the Web sites you encounter while Web browsing. This “do not track” signal is different from disabling certain forms of tracking by declining cookies in your browser settings, as browsers with the “do not track” setting enabled still have the ability to accept cookies. We do not respond to Web browser “do not track” signals at this time. If we do so in the future, we will describe how we do so in this Privacy Policy. For more information about “do not track,” visit www.allaboutdnt.org.
- Inquiry into Use and Disclosure of Personal Information. Upon written request and verification of the User’s identity and legal authority to receive such PHI, we will provide Users with the applicable Personal Information in our possession as well as the Personal Information that we have disclosed to third parties. Requests for information should be sent to the contact information below.
- Cookies and Web Beacons. We do not currently use cookies or web beacons in the provision of our services. In the event we implement the use of cookies this Privacy Policy will be updated.
- Contact Us. Users who have any questions or concerns about privacy that are not addressed by this document, are encouraged to contact us by email at privacy@arctrieval.com or complete the contact form at http://www.arctrieval.com/contact-us.html.