Last Revised: November 30, 2020
PERSONAL INFORMATION COLLECTED THROUGH WEBSITE
“Personal information,” also known as personal data or personally identifiable information, is any information related to an identifiable person. When you sign up for a service or a package or order a product of ours, we may collect the following personal information from you: first name, last name, practice name, entity address, email address, phone number, billing address, IP address, your patient’s protected health information such as name, age and gender, and any personally identifiable information that you provide to us voluntarily.
NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT
We may collect data which is non-personal, anonymous, or pseudonymous, including, but not limited to, the time zone you are in, information on how you first heard about us, browser type, app usage history, number of logins, demographic and geographic data, history of our interaction with you, page views, and time/date of login.
PURPOSES FOR WHICH WE USE INFORMATION ABOUT YOU
We only use information about you to support your experience throughout the website or to communicate with you about services, software, packages, or products. In particular, we collect information about you:
- to manage our business relationship with you, for example: to process your orders, recognize you as our client, respond to your inquiries or requests, and provide customer support;
- for marketing and advertising purposes, for example: to market our products to you, provide you with information you have requested about our products and services, tailor your experience on our website by providing content that is relevant to your interest;
- to conduct market research;
- to allow our vendors (including payment processing and email marketing companies) to help us run our business smoothly;
- to comply with all applicable laws or if we are required by law or by a court order to do so;
- to analyze non-personal or aggregate information for the sake of website improvement;
- to transfer information in connection with the sale or merger or change of control of 3Sixty; or
- update, administer, and maintain our website.
We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.
We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets.
YOUR FINANCIAL INFORMATION & PAYMENT PROCESSING
HIPAA PRIVACY RULE
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections. To learn more about HIPAA Privacy Rule, click here.
3Sixty works with health care providers and thus is considered a “business associate” of any such health care provider. More specifically, a “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information. “Protected health information” is considered to be individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations.
When you, a covered entity, share any protected health information (of your patients) with us, we strive to appropriately safeguard the protected health information we receive from you. Please refer to the Security Section in order to learn what measures we take in order to secure personal information (including protected health information).
FEEDBACK & REVIEWS
If you submit any feedback, review, or suggestion (collectively, “Feedback”) to us, you hereby assign to 3Sixty all rights in the Feedback and agree that 3Sixty shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.
MINORS (CHILDREN) POLICY
We are committed to protecting children’s personal information and comply with the strictest privacy laws. We do not knowingly collect or solicit personal information from anyone under the age of majority. If you are a minor, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from a minor, we will delete that information as quickly as possible. Please contact us if you believe we may have collected information from a minor.
HOW LONG WE KEEP YOUR INFORMATION
The security of your information is very important to us. We apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). Notably, access to the website’s database with your personal information is held behind administrative logins and managed, controlled and limited to authorized website administrators and support technicians only. Data transmitted between browser and application servers is encrypted using an HTTPS/SSL certificate. We do not collect or store your passwords. We use XSRF against cross-domain attacks. Data is backed up daily. The Website’s server software is updated regularly to ensure we are running the latest and safest software (where applicable and depending on compatibility). The server’s firewall is configured to prevent unauthorized access, and activity is automatically monitored to detect and ban the malicious activity.
Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.
YOUR RIGHTS UNDER GDPR
The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all natural persons accessing the Internet from the European Union and the European Economic Area, whatever their nationality or place of residence is. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the website from a European country, is compliant with GDPR.
If you are accessing and using the website from the European Union and the European Economic Area, you have the following rights with regard to your personal information:
- the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request);
- the right to rectify (amend/correct) any personal information about you that is inaccurate;
- the right to erasure (some conditions apply, see Data Retention section below);
- the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the website and services, you may be asked to terminate your account and stop using the website;
- the right to data portability (the right to data portability allows users of the website to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so if it is technically feasible);
- the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing – read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.
We represent and warrant that your personal information is:
- processed lawfully, fairly and transparently;
- collected only for specific legitimate purposes;
- collection of personal data is adequate, relevant and limited to what is necessary;
- accurate and kept up to date (with your help);
- stored only as long as is necessary; and
- is secure and kept in confidence.
Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfill a statutory obligation under the EU Law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.
Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.
MARKETING EMAILS, OTHER COMMUNICATIONS & OPT-OUT OPTION
Email: [email protected]
Mailing Address: 6445 Powers Ferry Rd. Suite 360, Atlanta, GA 30339
Phone: (404) 236-7700
Last Revised: November 30, 2020