Last updated 1/28/2020
- “Attorney” refers to any person or entity that provides legal services.
- “Content” refers to any text, graphics, logos, button icons, images, audio or video content, digital or printable downloads, and other materials that may appear on or may be produced by the Site.
- “Cookies” refer to electronic data stored by the User’s computer browser. The Cookies enable us to facilitate access to different aspects of the Site.
- “Healthcare Provider” refers to any person or entity that provides health care services, including doctors’ offices, clinics, and hospitals.
- “Non-Personal Information” refers to any information collected from a person that cannot be used to identify that person.
- “Personal Information” refers to Personally-Identifiable Information or Protected Health Information, collectively.
- “Personally-Identifiable Information” or “PII” refers to information that can be used to identify a specific individual. Some examples of PII are name, home address, telephone number and email address.
- “Protected Health Information” or “PHI” refers to personal health information that is protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). PHI is defined as Personally-Identifiable information about the past, present, or future physical or mental health or condition of a patient, the provision of health care to a patient, or the past, present or future payment for such care.
- “Site” refers to the Arctrieval websites, www.Arctrieval.com, app.Arctrieval.com and legal.Arctrieval.com.
- “SSL” refers to Secure Socket Layer, a security protocol for securely transmitting information over the Internet. Most modern web browsers support SSL. Web sites that use SSL have a URL that begins with https:// instead of http://.
- “User” and/or “you” refers to any individual who visits the Site and/or uses our services and provides Personal Information, PHI, or non-personal information in the use of the same.
- “We,” “our,” “us,” and “Arctrieval” refer to Arctrieval, Inc., a Delaware Corporation, the entity that runs and maintains the Site.
- “Web beacons” refer to Internet tools, such as transparent images on the Site or in emails that we may send the Users that help us to determine, for instance, whether a page has been viewed or an email opened. For example, when the Users ask us to send them information on a promotion or newsletter, we may use web beacons to determine how many of the emails we sent were actually opened. In general, any electronic image viewed as part of a web page, including a banner ad, can contain a web beacon.
- The Non-Personal Information We Collect and How We Use it. We collect Non-Personal Information about Users, such as IP addresses, browser types, pages viewed, general demographic information, such as age, income, medical demographics, and occupation.
We use this information in the aggregate to determine how much traffic the Site receives, to statistically analyze Site usage, to improve our Content, and to customize the Site’s content, layout, and services. In addition, we may use the User’s IP address to help diagnose problems with our server, to manage the Site and to enhance the Site based on the usage pattern data we receive.
We may use third party service providers to assist us in collecting and analyzing Non-Personal Information, such as but not limited to Google Analytics.
- The Personal Information We Collect. We provide Attorneys, Healthcare Providers and consumers with secure and efficient solutions for health information management and correspondence services. In providing these solutions, we collect both Personally-Identifiable Information and Protected Health Information from Users about themselves, their clients and/or their patients, as applicable and as further described below.
We may use third party service providers, such as PayPal or Stripe, to collect and process payment information. As a result of the nature of our service, we may also receive the User’s Protected Health Information from third parties, such as Healthcare Providers or Attorneys. We are not responsible for nor do we review such third-parties’ privacy policies; therefore, the User is encouraged to review and determine for itself whether it agrees with and wishes to provide personal information to such third parties.
- How We Use the Personal Information We Collect. The collected information is generally used to provide health information management and correspondence services available through the Site. In providing those services, we may disclose Personal Information to Healthcare Providers, to Attorneys or to third-party suppliers specifically involved in the processing of the User’s PHI correspondence, and as otherwise necessary to provide the services request by the User. In addition:
- We may obtain, use, and disclose personal information about Users to process transactions and contact Users in order to send information and updates pertaining to their requests for the release of PHI.
- We may obtain, use and disclose personal information about Users for the purpose of verifying their identity and, for those who are Healthcare Providers or Attorneys, verifying their individual or practice credentials.
- We may use Personal Information to identify products or services that the User may be interested in. The identified services will be communicated in advertisements displayed on the Site and according to the settings on the account preferences page for Users who have set up an account.
- We may disclose or access information upon merger or reorganization of our company or the sale of some or all of its assets.
- We may use Personal Information in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services, and how to improve the Site and our customer service. We may provide this aggregated, non-identifiable information to third parties.
Except as stated above, we will never sell, distribute, or release to a third party the User’s Personal Information.
- Special Note Concerning Protected Health Information. We will comply with (1) the provisions of the HIPAA privacy and security regulations, (2) provisions of the HIPAA Security Rule that apply to business associates under the Technology for Economic and Clinical Health Act of 2009 (the HITECH Act) and (3) the privacy and security provisions of the HITECH Act that are applicable to business associates.
- Consent Forms and Contact Information. We retain the User’s PHI release authorization consent forms and contact information indefinitely. This information is retained to provide an audit trail for the User’s PHI correspondence and to notify Users in the case of any breach of their or their patients’ Personal Information in our possession.
- Financial Information. We collect and retain User’s financial information as necessary to process any fees associated with the services provided and to remit any monies owed. Notwithstanding the forgoing, all payments are processed through our third-party payment processors who have their own data security practices for which we take no responsibility.
- Other Personal Information. We will delete any other Personal Information in our database not identified above, upon account termination, upon a User’s request, or as otherwise required by law. However, such information stored in backup files will be handled as described in below.
- Non-Personal Information. We may retain Non-Personal Information indefinitely.
- Backup Files. We maintain backup files as a protection against natural disasters, equipment failures or other disruptions. Backup files protect both the Users and us because they lower the risk of losing valuable data. Backup files may contain records with the User’s Personal Information. Removing a record from our main files does not remove that record from any backup systems. Additionally, information deleted from our main files for any reason, including upon termination of the User’s account or upon the User’s specific request, are not actively deleted from our backup systems. Such data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.
- Security. We employ technologically reasonable and current methods to help prevent unauthorized access, maintain data accuracy, and ensure correct use of information as described below.
- NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE TRY TO PROTECT THE USER’S PERSONAL INFORMATION, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION THAT USERS TRANSMIT TO US, AND USERS DO SO AT THEIR OWN RISK.
- USERS SHOULD ALWAYS BE CAREFUL WHENEVER THEY VOLUNTARILY DISCLOSE PERSONAL INFORMATION ONLINE—FOR EXAMPLE ON MESSAGE BOARDS, THROUGH EMAIL OR IN CHAT AREAS— AS THAT INFORMATION CAN BE COLLECTED AND USED BY OTHERS.
- Data System Security. Passwords and information to access account information are stored in an encrypted format. The data systems are located in a PCI-compliant datacenter located in the United States.
- Physical Security. Our data systems are housed in a secured and guarded facility. Access to the facility is limited to authorized personnel only and secured with military-grade pass cards and biometric finger scan units. The facilities are monitored through closed circuit televisions and security teams are present onsite 24 hours a day, 7 days a week, and 365 days a year.
- Communications between Our Systems and the User’s Browser. Communications between the User’s browser and portions of the Site containing Personal Information are protected with Secure Socket Layer (SSL) encryption. Users must have a browser that supports 128-bit encryption to access those portions of the Site.
- Personal Information is Password Protected. For Users who choose to set up an account, any Personal Information and account information is only accessible using the password specified for the account. Passwords are stored on our systems in an encrypted format. We recommend that Users do not share their password with anyone. Our personnel will never ask a User for their password in an unsolicited phone call or in an unsolicited email. Users should remember to sign out of their account and close their browser window when they have finished their session. This is to help ensure that others cannot access their Personal Information and correspondence if they share a computer with someone else or are using a computer in a public place where others may have access to it. Attorney and Healthcare Provider account access is limited to those Users who have login details provided by the Attorney or Healthcare Provider. All access and use of the Site in password-protected areas is recorded.
- In the Event of a Security Breach of the User’s Personal Information. If we determine that a User’s Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify the User, at the contact information provided to us, within a reasonable time in accordance with applicable state and federal law, so long as the notification would not interfere with a criminal investigation.
- How Users Can Update, Correct or Delete Their Personal Information.
- Access to Personal Information in Our Systems. Users who choose to set up an account will have access to an account preferences page. An account preferences page will allow Users to view the Personal Information in our systems, view their health information management activities and history, and specify their communication preferences for alerts, updates, and other notifications.
- Correction of Personal Information. Users can update, correct or delete Personal Information and change the ways in which we use Personal Information in conjunction with the Site, through an account preferences page or by contacting us using the contact information below.
- Notice to Minors. In addition to protecting the privacy of children under age (13) we are committed to protect the privacy of minors. Though our Web site is not targeted to minors nor is it intended to be used by minors, if, for any reason a minor has shared information via our Site said minor may request and obtain removal of such information by contacting us at firstname.lastname@example.org. Although we offer deletion capability for our Site, you should be aware that the removal of content may not ensure complete or comprehensive removal of that content or information posted through the Site.
- Children under the Age of 18. Users must be 18 years of age or older to use the Site. Users under the age of 18 must leave this site immediately. Parents are urged to monitor and supervise their children’s online activity. No Personal Information is knowingly collected from a child under the age of 18. However, a parent or legal guardian may use the Site, including creating an account and submitting information, on behalf of a child under the age of 18. If we discover that a child under 18 has provided us with Personal Information without permission, we will delete that child’s Personal Information from our records to the extent possible.
- Your California Privacy Rights. California Civil Code Section § 1798.83 permits Users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. At this time, we do not share personal information with third parties for direct marketing purposes. If that should change in the future, you will be provided with a cost-free means of preventing such disclosures of personal information through an opt-in or opt-out process.
- Our Newsletter and How to Opt-Out. We may send you company news and information from time to time. If you no longer wish to receive marketing information, press releases or any other type of information from us, including our newsletter, you may send us an email or fax to change your preferences or follow the “unsubscribe” link provided in any email that you receive from us.
- Inquiry into Use and Disclosure of Personal Information. Upon written request and verification of the User’s identity and legal authority to receive such PHI, we will provide Users with the applicable Personal Information in our possession as well as the Personal Information that we have disclosed to third parties. Requests for information should be sent to the contact information below.
- Contact Us. Users who have any questions or concerns about privacy that are not addressed by this document, are encouraged to contact us by email at email@example.com or complete the contact form at http://www.arctrieval.com/contact-us.html.