Revised January 31, 2020
1. Information Collection and Use
We collect two types of information: personally identifiable information and non-personally identifiable information. Our service providers also mass aggregate client data as part of their general business practices. Such aggregated data is used to identify and analyze trends to improve our systems and to create derivative materials that may be marketed to potential clients and used to service current clients; it does not contain your personally identifiable information. As set forth in further detail in Section 3, we collect this information from you when you use our Website or our Services.
In general, you can browse the Website and opt-out from providing us with any Personally Identifiable Information (as defined below). Once you agree to provide us with Personally Identifiable Information, you are no longer anonymous to us. If you choose to use and/or purchase certain Services we may require you to provide contact and identity information, billing information, and other Personally Identifiable Information as indicated on the forms throughout the Website. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use or purchase a particular service.
a. Personally Identifiable Information
We may disclose Personally Identifiable Information to attorneys, collection agencies, or law enforcement authorities to address potential violations of our agreements and other policies, other contract violations, or illegal behavior. We disclose any information demanded in a court order or otherwise required by law or to prevent imminent harm to persons or property..
b. Non-Personally Identifiable Information
c. Information from Other Sources
We also may supplement the information we collect with information from other sources to assist us in providing our goods and services. In addition, we may use this supplemental information in evaluating and improving our goods and services and to determine your preferences so that we can tailor our Website and goods and services to your needs. Information obtained from other sources and compiled with your information by us is the sole property of Myndshft.
2. Protection of Personally Identifiable Information
We use various data security tools to protect Personally Identifiable Information. Unfortunately, even with these measures, we cannot guarantee the security of Personally Identifiable Information. By using our Website and the Services, you acknowledge and agree that we make no such guarantee, and that you use our Website at your own risk.
We may collect information under the direction of users of the Services and we have no direct relationship with the owners of any PHI that may be collected across the Website or through the Services. If you are patient of one of our users and would no longer like to be contacted by the user(s) of the Website, please contact the user(s) that you interact with directly.
3. Where and When is Information Collected on Our Website
We may collect information including Personally Identifiable Information regarding you in different manners and at different places and times throughout our Website. The following is a description of the areas and/or manners in which we primarily collect information about you.
a. Becoming a Registered User
We may ask that you complete certain steps to become a registered user of the Website. In such instance, you may be required to provide us with information (including Personally Identifiable Information) such as your personal information or that of your company (e.g. name, business address, email address, and information regarding your business).
b. Cookies and Action Tags
We also may collect Non-Personally Identifiable Information passively using cookies and action tags through our Website. Cookies are small text files that are placed on your computer in order to identify: (i) your Web browser; (ii) the activities of your computer on our Website; and (iii) your activity in connection with our marketing and promotional efforts.
Cookies may be used to: (i) personalize your experience on our Website (e.g. to dynamically generate content on web pages specifically designed for you); (ii) assist you in using our services (e.g. to save you time by not having to reenter your name upon each visit to our Website); and (iii) allow us to statistically monitor how you are using our Website for purposes of improving our offerings.
You do not have to accept cookies to use our Website; however, you may not be able to use certain offerings, features, or resources of our Website if you do not accept cookies. Although most browsers are initially set to accept cookies, you may reset your browser to notify you when you receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the help section of the toolbar. You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Refer to your browser’s instructions to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third party advertising companies online at http://www.networkadvertising.org/choices/.
Action tags, also known as web beacons or gif tags, are a web technology used to help track website usage information, such as how many times a specific page has been viewed. Action tags are invisible to you, and any portion of our Website or email sent to you on our behalf may contain cookies that are associated with action tags that are located on our Website. Unlike cookies, action tags are not placed on your computer.
We may select and use different third parties from time to time to track website usage through action tags on our Website and on our advertisements on other websites.
If you do not want to receive email from us in the future, please let us know by sending us an email to firstname.lastname@example.org.
If you supply us with your postal address on-line you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by sending us an email at the email address above or calling us at the phone number above.
Persons who supply us with their telephone numbers on-line may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by sending us an email at the email address above or by calling us at the phone number above.
The security of your Personal Information is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website and the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to log out of the Services at the end of each session.
5. Privacy Breach
The purpose of this Breach Notification Policy is to provide guidance to the staff of Myndshft when there is a breach in acquisition, access, use, or disclosure of our internal or vendor related personal or confidential information. A breach means the acquisition, access, use, or disclosure of personal or confidential information by any unauthorized party outside the organization.
a. Discovery of Breach
A breach shall be treated as discovered as of the first day on which such breach is known to us or, by exercising reasonable diligence, would have been known to us or any person, other than the person committing the breach, who is a workforce member or agent of Myndshft.
Workforce members who believe personal information has been used or disclosed in any way that compromises the security or privacy of that information shall immediately notify his/her supervisor and/or the Security Committee.
Following the discovery of a potential breach, Myndshft shall begin an investigation, conduct a risk assessment, and, based on the results of the risk assessment, begin the process of notifying each affected individual of the breach. We shall also begin the process of determining what notifications are required or should be made, if any, to any of our vendors involved in the breach.
In the event of a breach discovered by non-Myndshft employees, the breach or unauthorized access should be immediately reported to the Myndshft security committee for further review.
b. Notification to affected parties
If it is determined that breach notification must be sent to affected individuals, Myndshft’s standard breach notification letter (as modified for the specific breach) will be sent out to all affected individuals.
6. Notice to California Residents
We do not provide your Personal Information to any third parties for direct marketing purposes as defined in California Civil Code Section § 1798.83. Please contact us at email@example.com for any questions regarding your Personal Information.
California Consumer Privacy Act (“CCPA”)
As set forth above, we collect the following categories of information: identifiers (such as your name and email address), Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (such as your name and contact information), internet or other similar network activity, geolocation data, and inferences drawn from the collected Personal Information. This information is collected directly from you when you provide it to us (for example when you submit a form requesting more information) or automatically as you navigate through the Website. We use this information for one or more legitimate business purposes, including to improve our Services and offer information about our Services to you.
We have not sold your Personal Information in the past 12 months.
If you are a resident of California, you have other rights under the CCPA:
Right of Access: You can access your collected personal information by contacting us at firstname.lastname@example.org.
Right to correct, update, or delete: You can correct, update or request deletion of your personal information by contacting us at email@example.com. We can’t make changes to or delete your information in some situations where it is necessary for us to maintain your information, for example if we need the information to comply with applicable law.
Right to Request Disclosure of Information Collected: Please contact us at firstname.lastname@example.org to request further information about the categories of personal information we have collected about you, where we collected your personal information, and for what purpose we use your personal information.
Right to Disclosure of Information Sold and Right to Opt-Out: You have the right to know what information of yours we have sold, and you have the right to opt-out of any sale of your information. We do not sell any of your information. If you have any questions about these rights, please contact us at email@example.com.
Right to Non-Discrimination: We do not and will not discriminate against you if you exercise your rights under the CCPA.
When you contact us regarding any of your rights under the CCPA, we will verify your identity before we provide any information. If you have any questions or comments about your rights under the CCPA, please contact us at firstname.lastname@example.org.
7. Notice to Residents of Countries Outside the United States of America
If you are based in the EEA or Switzerland, you have other rights:
Right of Access: You can access your collected personal information by contacting us at email@example.com.
Right to correct, update, or delete: You can correct, update or request deletion of your personal information by contacting us at firstname.lastname@example.org.
Right to restriction of processing: You can ask us to restrict processing your personal information.
Right to take your data: You can ask to take your personal information that you provided to us, in a structured format, from us.
Right to object: You may object on to the processing of your personal information by us at any time. This right does not exist if we have already processed your personal information.
Data Protection Authority: You have a right to raise questions or complaints with your local data protection authority at any time.
If you have any questions or comments about this Privacy Statement, please contact us at email@example.com