Privacy Policy

Last Revised: November 30, 2020

INTRODUCTION

Privacy and security of your personal information are very important to us. This Privacy Policy describes how we, 3Sixty, LLC, a limited liability company governed by the laws of the State of Georgia, USA, collect, store, use, and disclose personal information (as defined below) of users of the website located at 3sixtydental.com.

We aim to limit our collection of personal information to only such personal information as required for legitimate purposes. We do not sell, rent, trade or otherwise disclose your personal information to third parties, other than as described in this Privacy Policy. We take appropriate security measures to protect your personal information and we respect your right to access your personal information or have it corrected or deleted, at your request. If you have any questions or want to know exactly what personal information we keep about you, please contact us. All capitalized terms not defined herein are defined in our Terms & Conditions.

We may amend this Privacy Policy from time to time. We will post any changes to this Privacy Policy here so that you always know what information we gather, how we might use that information, and whether we will disclose that information to anyone. Please refer back to this Privacy Policy on a regular basis. By using the website, you acknowledge that you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, store, use, and disclose your personal information as outlined in this Privacy Policy. If you do not agree with any practices in this Privacy Policy, please stop using the Website and our Services.

PERSONAL INFORMATION COLLECTED THROUGH WEBSITE

“Personal information,” also known as personal data or personally identifiable information, is any information related to an identifiable person. When you sign up for a service or a package or order a product of ours, we may collect the following personal information from you: first name, last name, practice name, entity address, email address, phone number, billing address, IP address, your patient’s protected health information such as name, age and gender, and any personally identifiable information that you provide to us voluntarily.

NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT

We may collect data which is non-personal, anonymous, or pseudonymous, including, but not limited to, the time zone you are in, information on how you first heard about us, browser type, app usage history, number of logins, demographic and geographic data, history of our interaction with you, page views, and time/date of login.

PURPOSES FOR WHICH WE USE INFORMATION ABOUT YOU

We only use information about you to support your experience throughout the website or to communicate with you about services, software, packages, or products. In particular, we collect information about you:

• to manage our business relationship with you, for example: to process your orders, recognize you as our client, respond to your inquiries or requests, and provide customer support;
• for marketing and advertising purposes, for example: to market our products to you, provide you with information you have requested about our products and services, tailor your experience on our website by providing content that is relevant to your interest;
• to conduct market research;
• to allow our vendors (including payment processing and email marketing companies) to help us run our business smoothly;
• to comply with all applicable laws or if we are required by law or by a court order to do so;
• to analyze non-personal or aggregate information for the sake of website improvement;
• to transfer information in connection with the sale or merger or change of control of 3Sixty; or
• update, administer, and maintain our website.

We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.

BUSINESS TRANSFERS

We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets.

YOUR FINANCIAL INFORMATION & PAYMENT PROCESSING

Stripe is our trusted vendor, which processes payments on our behalf. When you purchase a subscription, service, product or package, we will not store or collect your payment card details (except the last four digits of your payment card and expiration date). The full payment information is provided directly to Stripe, whose use of your personal information is governed by its own privacy policy. Stripe adheres to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

HIPAA PRIVACY RULE

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections. To learn more about HIPAA Privacy Rule, click here.

3Sixty works with health care providers and thus is considered a “business associate” of any such health care provider. More specifically, a “business associate” is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information. “Protected health information” is considered to be individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations.

When you, a covered entity, share any protected health information (of your patients) with us, we strive to appropriately safeguard the protected health information we receive from you. Please refer to the Security Section in order to learn what measures we take in order to secure personal information (including protected health information).

FEEDBACK & REVIEWS

If you submit any feedback, review, or suggestion (collectively, “Feedback”) to us, you hereby assign to 3Sixty all rights in the Feedback and agree that 3Sixty shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.

MINORS (CHILDREN) POLICY

We are committed to protecting children’s personal information and comply with the strictest privacy laws. We do not knowingly collect or solicit personal information from anyone under the age of majority. If you are a minor, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from a minor, we will delete that information as quickly as possible. Please contact us if you believe we may have collected information from a minor.

HOW LONG WE KEEP YOUR INFORMATION

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements) or up until such time when you withdraw your consent for processing it. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

DATA STORAGE

We use Siteground servers to safely store your information. The data centers where we store your information are located in the United States. Please keep in mind that the data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. By providing your personal information, you consent to any transfer of your data and processing in accordance with this Privacy Policy.

SECURITY

The security of your information is very important to us. We apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). Notably, access to the website’s database with your personal information is held behind administrative logins and managed, controlled and limited to authorized website administrators and support technicians only. Data transmitted between browser and application servers is encrypted using an HTTPS/SSL certificate. We do not collect or store your passwords. We use XSRF against cross-domain attacks. Data is backed up daily. The Website’s server software is updated regularly to ensure we are running the latest and safest software (where applicable and depending on compatibility). The server’s firewall is configured to prevent unauthorized access, and activity is automatically monitored to detect and ban the malicious activity.

Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.

YOUR RIGHTS UNDER GDPR

The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all natural persons accessing the Internet from the European Union and the European Economic Area, whatever their nationality or place of residence is. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the website from a European country, is compliant with GDPR.

If you are accessing and using the website from the European Union and the European Economic Area, you have the following rights with regard to your personal information:

1. the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy Policy for you);
2. the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request);
3. the right to rectify (amend/correct) any personal information about you that is inaccurate;
4. the right to erasure (some conditions apply, see Data Retention section below);
5. the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the website and services, you may be asked to terminate your account and stop using the website;
6. the right to data portability (the right to data portability allows users of the website to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so if it is technically feasible);
7. the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing – read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
8. the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.

 We represent and warrant that your personal information is:

1. processed lawfully, fairly and transparently;
2. collected only for specific legitimate purposes;
3. collection of personal data is adequate, relevant and limited to what is necessary;
4. accurate and kept up to date (with your help);
5. stored only as long as is necessary; and
6. is secure and kept in confidence.

Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfill a statutory obligation under the EU Law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.

Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.

MARKETING EMAILS, OTHER COMMUNICATIONS & OPT-OUT OPTION

With your consent, you will receive updates, newsletters, surveys, offers, ads and other promotional materials from us via your email. You may indicate a preference to stop receiving further communications or notifications from us by following the unsubscribe link provided in the email you receive. Despite your indicated preferences, we may send you service-related communication, including notices of any updates to the Website’s Terms & Conditions, Privacy Policy, disclaimers, or other statements.

CONTACT US

If you would like to exercise any of the above rights or learn more about this Privacy Policy, please contact us.

Email: [email protected]

Mailing Address: 6445 Powers Ferry Rd. Suite 360, Atlanta, GA 30339

Phone:  (404) 236-7700

Last Revised: November 30, 2020