This policy was posted on October 16th, 2020, and last updated on October 16th, 2020.
2.Changes to our Policy
3. Personally Identifiable Information We Collect
You may generally use this Website without disclosing personally identifiable information. However, use of certain features and functions of the Website may require you to submit personally identifiable information to us.
In your use of the Website, we may collect any information that you voluntarily share with us, including by filling in forms on our Website. This information may also be collected by third party service providers or partners on our behalf. This information may be collected when you voluntarily submit information to us via the Website. We may use third party service providers to assist us in collecting and maintaining this information. However, we require such service providers to maintain the confidentiality of such information.
4. How we use Personally Identifiable Information we Collect
We will use personally identifiable information: (i) the purpose for which you provide it; (ii) as otherwise may be disclosed at the point of collection, and/or (ii) as described below In addition, we may use your personal information in the aggregate in a non-identifiable way in order to better understand how to improve the Website and for any other lawful purpose.
5. Other Information Collected On the Website
When you visit the Website, we may passively collect the following non-personal information about you and your usage of the Website.
Your IP address may be collected. Your “IP address” is usually associated with the network location and physical location from which you enter the Internet. We log IP addresses for systems administration purposes. This information helps us determine how often different areas of our site are visited and we may also use this information to personalize the content that is displayed to you on the Website based on your previous visits. We do not link IP address to any information that is personally identifiable.
Web Beacons and Pixel Tags
The term “web beacons” and “pixel tags” refer to Internet tools, such as transparent images on the Website or in emails that we may send to you that help us to determine whether a page has been viewed or an email opened. A pixel tag is a type of web beacon embedded in an image on the website. In general, any electronic image viewed as part of a web page can contain a pixel tag or other web beacon. We may also use these Internet technology tools to allow us to track the internet browser most commonly used to access the Website and the pages that are most popular, which statistics assist us in making the Website more user-friendly and accessible.
Statistical Identifiers and Device Recognition
We (or our service providers on our behalf) may employ statistical identifiers, also known as device recognition tools. These tools may be used to assist in managing the content on the Website by informing us (without using cookies) of the content that you use and view on the Website. These tools collect various information about your device, such as your screen resolution, browser type, and operating system. Many devices have unique, or near unique, device profiles such that collecting this information allows us and our service providers to determine with a reasonable level of statistical accuracy information on your engagement with the Website and advertisements on the Website, as well as your device when you interact with the Website. We do not tie this statistical information to your personal information.
We may also ask that you participate in anonymous surveys, which allow us to collect additional data to help us improve the Website. Participation in such surveys is voluntary and is not connected to any of your personal information.
We use non-personally identifiable information in the aggregate to determine how much traffic the Website receives, to statistically analyze Website usage, to improve our content, and to customize the Website’s content, layout and services. In addition, we may use your IP address to help diagnose problems with our server, to manage the Website and to enhance the Website based on the usage pattern data we receive.
"Contact Us" Feature
Like most sites on the Internet, our Web site contains a feature that allows you to contact us with your comments or questions. This feature is called "Contact Us." To use this feature, there is an icon at the top of each page on our Web site which you can click onto. When you do click this icon, a screen will prompt you to provide us with certain information, such as your first and last name, email address, phone number, your address, including your city and state, and other pertinent information. The information collected through the "Contact Us" feature is used to respond to your inquiries.
6. How we Disclose the Information We Collect
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. In addition, you agree that we have the right to disclose personal information that we collect or you provide:
to any member of our group, which means our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries and affiliated, professional corporations as needed to provide our services;
to analytics providers that assist us in the improvement and optimization of the Website;
to fulfill the purpose for which you provide it;
for any other purpose disclosed by us when you provide the information or with your consent;
to third-party service providers specifically involved in the processing of your information received via the Website and as otherwise necessary to manage the Website and provide the services you request;
to investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with the Website; or (c) protect our rights, reputation, property, or that of our users, affiliates, or the public;
if we, or any of our businesses, are sold or disposed of as a going concern, whether by merger, reorganization, sale of assets or otherwise, or in the event of an insolvency, bankruptcy or receivership; and
in connection with a commercial transaction where we are seeking financing, investment, support or funding.
7. Access to your Personally Identifiable Information
Upon written request and verification of your identity, we will provide you with your personal information in our possession as well as the personal information, if any, that we have disclosed to third parties. Requests for such information should be sent to the contact information below.
You may also update, correct, or delete your personal information in our possession by contacting us.
8. Handling of Electronic Records and Backup
In general, we will retain all information collected through the Website for, at a minimum, the length of time permitted by law. We maintain backup files as a protection against natural disasters, equipment failures, or other disruptions. Backup files protect you and us because they lower the risk of losing valuable data. Backup files may contain records with your personal information. Removing a record from our active files and databases does not remove that record from any backup systems. Such backup data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.
Communications between your browser and portions of the Website containing personally identifiable information may be protected with various forms of encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information we strive to maintain the physical and electronic security of your personal information using commercially reasonable efforts.HOWEVER, NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.We have implemented measures designed to secure your personal information form accidental loss and from unauthorized access, use, alteration, and disclosure.
10. Security Breach
If we determine that your personal information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you to the extent required by applicable state and federal law, using your information that we have on file.
11. Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
12. Children Under the Age of 18
The Website is not intended for children under the age of 18. No one under the age of 18 may provide any personal information on this Website. We do not knowingly collect personal information from children under the age of 18. If we learn that we have collected or received personal information through this Website from a child under the age of 18, we will delete that information. If you believe we might have any information from or about a child under the age of 18 submitted through this Website, please contact us at the address below.
13. California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of the CIC Health Website and CIC Health Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. CIC Health does not disclose any personal information to third parties for their direct marketing purposes.
14. Third Party Privacy
15. Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)
CIC Health contracts for Services exclusively in the United States, and this website is for use exclusively by residents of the United States of America.
CIC Health may process your Personal Data because:
We need to perform a contract with you
You have given us permission to do so
The processing is in our legitimate interests and it's not overridden by your rights
For payment processing purposes
To comply with the law
Your Data Protection Rights Under General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. CIC Health aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where CIC Health relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
16. "Do Not Sell My Personal Information" Notice for California consumers under California Consumer Privacy Act (CCPA)
Under the CCPA, California consumers have the right to:
Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
Request that a business delete any personal data about the consumer that a business has collected.
Request that a business that sells a consumer's personal data, not sell the consumer's personal data.
If you make a request, we have 30 days to respond to you. If you would like to exercise any of these rights, please contact us.
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
18. Contact Information
Cambridge, MA 02142
Attn: General Counsel