Effective January 1, 2020
Latest revision date: December 23, 2022
Categories and Sources of Information We Collect
Information You Provide to Us
When you access and use the Services, we may collect the following types of information:
- “Personal Information” is anything that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, to you. Examples of Personal Information include your:
- Name, address, email address, phone number, and other contact information;
- Other personally identifiable information you choose to provide such as physical characteristics or description, gender, social security number, driver’s license or state identification number, insurance policy number and bank account number
- “Protected Health Information” is a subset of Personal Information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). As stated above, we may receive Protected Health Information about you from Health Plan Customers and, if you are a member under a Health Plan Customer plan, then information that you provide to us in connection with services that we provide or arrange for our Health Plan Customers (such as the specific home care services that you receive from one of our network providers) may be Protected Health Information, and, as such, will be protected in accordance with the Customer Agreement that we have entered into with the Health Plan Customer.
- “Non-Personal Information” means information that does not permit us to identify, contact or locate you. For example, your device model number and manufacturer, and state of residence are Non-Personal Information unless linked to your Personal Information. If we combine or link your Non-Personal Information with Personal Information (such as combining your name with your device model), we will treat the combined information as Personal Information so long as it is combined.
Information We Collect From Other Sources
We may supplement the information that you provide to us through the Services with information about you from other sources such as:
- Information that we receive from Health Plan Customers
- Information from our vendors and network providers
- Information from public and non-public databases and records
- Information about you received from feeds on social media sites that you use
- Information we receive relating to employment, including references
Information We Collect From You Automatically and That We May Share
When you access or use the Services, the types of information we may automatically collect about you and share with third parties for a business purpose include the following
|Category||Examples||Collected in the last 12 months?||Shared in the last 12 months?|
|A. Identifiers||Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||Yes||Yes|
|B. Personal information as defined under applicable law.||A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some Personal Information included in this category may overlap with other categories.
|C. Protected classification characteristics as defined under applicable law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||No||No|
|D. Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes||Yes|
|E. Biometric information||Genetic, physiological, biological, or behavioral characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health or exercise data.||No||No|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes||Yes|
|G. Geolocation data||Physical location or movements.||Yes||Yes|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No||No|
|I. Professional or employment- related information||Current or past job history or performance evaluations.||No||No|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g. 34 C.F.R. Part 99)||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records .||No||No|
|K. Inferences drawn from other Personal Information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes||Yes|
Cookies and IP Addresses
The Services may use “cookie” technology and similar technology to gather information from our visitors such as which pages are used and how often they are used, and to enable certain features on the Services. In some jurisdictions, this is considered Personal Information.
- Your “IP Address” (a number that is automatically assigned to the computer or other device that you are using by your internet service provider) may be identified and logged automatically in our server log files whenever you access the Services, along with the time of the visit and the page(s) that were visited. IP Addresses are automatically collected by many websites, applications, and other services. We may use IP Addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.
- “Location Information” is a subset of Personal Information that can be used to locate the device you use to access the Services. Location Information may include: (i) with your consent, the location of the device you used to access the Services; (ii) the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user. If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or delete the Apps. Please note that disabling the location setting may affect certain features of the Services.
- “Usage Data” is information that we automatically collect about your use of the Services and your device. This type of information does not usually, by itself, uniquely identify an individual, and may include your web browser and operating system, device model and manufacturer, and your activity on the Services. If Usage Data is combined with or linked to Personal Information, then we treat it as Personal Information. If the Usage Data cannot be used to identify, contact or locate you, then it is Non-personal Information and will not be treated as Personal Information.
Do Not Track
Some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. At present, the Services do not respond to “Do Not Track” signals and, consequently, the Services will continue to collect information about you even if your browser’s “Do Not Track” feature is activated. To completely “opt out” of the collection of any information through cookies or other tracking technology you can actively manage the settings on your browser or mobile device to delete and disable cookies and other tracking/recording tools.
Purposes for Collecting Information
We may use information you provide for various purposes, which include:
- Providing you the Services and Fulfilling Your Requests: Registering you, administering your account, and providing you the information, products and services that you request. For example, we respond to your questions when you contact us and assist with any problems you report about our Services;
- Communicating with You. For example, sending you information and promotional materials that we think might be of interest to you. You may unsubscribe from receiving marketing emails from us by using the unsubscribe link in the marketing email or by sending an email to firstname.lastname@example.org;
- Providing, Maintaining, and Improving Our Business: Improving the functionality of our Services, such as data analysis, audits, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities;
- Enhancing Your Experience: Personalizing and enhancing your experience when you use the Services, such as tailoring content and advertising and remembering your preferences.
- Employment Purposes: Informing you of job opportunities and evaluating your suitability for a job;
- Combine with Other Information: Linking or combining with information we get from other sources to help understand your needs and provide you with a better experience; and
- At Your Direction: Carrying out any other purposes specifically disclosed at the time we request your information
We may also de-identify your information or aggregate your information with other users of the Services (“Aggregate Information”). This Aggregate Information is not Personal Information, because it cannot be used to identify you and may be used by us for any lawful purpose. If Aggregate Information is re-identified, it will be treated as Personal Information.
Who We May Share Information With
We may share your information with other parties for various business purposes:
- Among our Affiliates:CareCentrix may share your Personal Information internally among our business units, affiliates, parents, and subsidiaries.
- With Vendors: We may share your information with our vendors (including third party hosting providers) that provide services on our behalf, such as for online account access, email marketing, advertising, promotions, newsletters, and hosting for the Services.
- With Business Partners and Parties to Whom We Provide Services or to Provide Services: We may share your information with our business partners and other third parties for whom we provide services or to provide you our Services, to provide services to Health Plan Customers, and generally to improve our service offerings.
- In the Event of a Corporate Transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose your information to the party or parties of such transaction.
- For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others or when otherwise required by law, regulation, subpoena, or court order, or if necessary to protect our rights.
- At Your Direction: We will share your information with third parties if and when you direct us to. For example, if you request that we share your information with one of our business partners to take advantage of a product or service that partner offers, we will share your information with that business partner.
CareCentrix does not sell any Personal Information we collect about you. We may, however, share Aggregate Information about our users in all legally permissible ways.
Our Data Protection and Security Policy
- We take reasonable precautions to safeguard the Personal Information transmitted between visitors and the Services and the Personal Information stored on our servers.
- Unfortunately, no method of transmitting or storing data can be guaranteed to be 100% secure. As a result, although we strive to protect your Personal Information, we cannot guarantee the security of any information (including emails) you transmit to us through, or in connection with, the Services. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section on our website.
- Similarly, you should be aware that, when submitting e-mail to us (and others), it is possible that other Internet users may, without permission and/or notice, be able to view your e-mail correspondence. If you wish to ensure that your communication is kept private and confidential, please call or write directly to us as directed in the “Contact Us” section of our website. We do encourage your feedback, comments and suggestions about ways we can better communicate with you. Your comments are welcome and important.
Advertising and Analytics Services Provided by Others
Cross Borders Transfers
CareCentrix believes it is particularly important to protect the privacy of minors online. CareCentrix defines a “minor” as any person less than 13 years of age. CareCentrix does not knowingly collect Personal Information about minor users without a parent’s or legal guardian’s permission or knowingly share Personal Information about minor users with third parties without a parent’s or legal guardian’s permission. If we learn we have received Personal Information directly from a child under age 13 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and will make commercially reasonable efforts to delete such information.
Your California Privacy Rights
The California Consumer Privacy Act (CCPA), effective January 1, 2020 and amended by the California Privacy Rights Act of 2020 (CPRA) effective January 1, 2023 (collectively “California Consumer Privacy Law”), grants California residents certain privacy rights with respect to their Personal Information. If you are a California resident subject to the protections of California Consumer Privacy Law, you have the following rights to the extent required by law:
- The right to know. With respect to your Personal Information, you have the right to know (i) the Personal Information that we collect, use, disclose or sell; (ii) the categories of Personal Information that we collected about you in the preceding 12 months, the categories of sources from which that Personal Information was collected, the business or commercial purpose for which that Personal Information was collected, shared, or sold, the categories of such Personal Information that were shared or sold, and the categories of third parties with whom that Personal Information was shared or sold.
- The right to access. You have the right to access a copy of the specific Personal Information that we have collected about you to the extent required under California Consumer Privacy Law. You may request this copy to be delivered either by mail or electronically.
- The right to deletion. You have the right to request that we delete the Personal Information that we or a third party with whom we shared your Personal Information maintain about you to the extent required under California Consumer Privacy Law. There may be circumstances under which we or the third party are unable to delete your Personal Information, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected or we cannot verify your identity. If we are unable to comply with your request for deletion, we will let you know the reason why.
- The right to correct. You have the right to request that we correct errors in the Personal Information we maintain about you to the extent required under the California Consumer Privacy Law. If we are unable to comply with your request for correction, we will let you know the reason why.
- The right to opt out of the sale or sharing of your Personal Information. Please note that CareCentrix does not and will not sell any Personal Information we collect about you. If you choose to exercise the right to opt out, we will wait at least 12 months before asking you to reauthorize the sharing of your Personal Information.
- The right to equal service. If you choose to exercise any of your rights under California Consumer Privacy Law, we will not discriminate against you in any way. If you exercise certain rights, such as deleting your account, you may be unable to use or access certain features of the Services.
If you are a California resident and would like to exercise these rights or otherwise have questions about CareCentrix privacy policies and practices, contact us at 877-848-8229 or send an email to ConsumerRequests@CareCentrix.com. To exercise the right to opt-out of sharing your Personal Information, submit your request via the link at the bottom of our home page or contact us at the number above. An authorized representative may exercise these rights on your behalf so long as they present a power of attorney or other document or authority evidencing the representative’s authority to act on your behalf. Please note that we will require you or your authorized representative to provide us with certain personal identifiers in order to verify your/your representative’s identity when your rights are exercised. Please note further that: (a) if we maintain your Personal Information on behalf of a third party, we may refer you to that third party in order to exercise your rights; and (b) certain health care providers and information, such as Protected Health Information and “Medical Information” (as defined under California’s Confidentiality of Medical Information Act), may be exempted from California Consumer Privacy Law. This means that we and certain health care providers may not be required to honor the above rights and instead we comply with our obligations under other laws, such as HIPAA and the Confidentiality of Medical Information Act. We will respond to a request to exercise rights under California Consumer Privacy Law in accordance with the timeframe and process required under the California Consumer Privacy Law. If we deny a request, we will explain the basis for the denial.
CareCentrix does not offer financial incentives or price differences in exchange for retention or sale of Personal Information.
Links to Other Websites
- The Services contain links to websites operated by third parties (such as, for example, a link to our vendor’s patient payment portal). If you provide personal information to any third party’s website, your transaction will occur on that website (not CareCentrix’s Services) and that website operator will collect the Personal Information you provide and will be subject to its privacy policies. We encourage you to read the legal notice posted on those sites, including their privacy policies.
- Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app providers, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with our mobile applications or other Services.