WEBSITE & MOBILE DATA PRIVACY POLICY

Updated as of May 30, 2019

INTRODUCTION

Your privacy is important to us. We are committed to protecting the privacy of all visitors to our websites and portals. This Website Data Privacy Policy (“Policy”) was created to explain how Provision collects, uses, and discloses information from or about you when you use our websites and portals.

For individuals who are citizens of the European Economic Area (“EEA”), Provision Solutions, LLC, jointly with other affiliated Provision entities is considered the “data controller” of your personal data.

SCOPE & APPLICATION

This Policy applies to information collected through any Provision websites, mobile applications (if applicable), and/or online or mobile-enabled technology, and/or digital tools or link to this Policy (collectively, our “Site” or “Sites”). This Policy also applies to information actually shared with us by our approved partners and other third-party sources.

This Policy does not apply to (i) information collected from you either offline or through websites and other online services that do not display or link to this Policy, including third-party websites to which our online services may link, or (ii) information that would be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Provision’s use and disclosure of Protected Health Information is set forth in the Provision Notice of Privacy Practices, which can be accessed here.

COLLECTION & USE OF INFORMATION

When you view and/or interact with our Sites, we may collect and combine information about you, how you engage with our Sites, and the devices you use to view and/or interact with out Sites for the legitimate purposes outlined below. This includes information that you directly provide to us in connection with your use of the Sites and information collected automatically when you view and/or interact with our Sites.

Some of the information we collect may be personally identifiable information, which includes, but is not limited to, information like your name, email address, postal address, or phone number. We do not collect information that would personally identify you unless you choose to provide it or as otherwise provided in this Policy. You can access and browse our Sites at any time without providing any personally identifying information.

Information You Provide to Us.

We collect a variety of information that you provide directly to us. For example, we may collect information about you when you:

  • Sign up for a newsletter or similar Provision communication;
  • Make a donation to Provision/our Foundation;
  • Make a requests or submit a question to us via online forms, email, or otherwise;
  • Participate in surveys;
  • Provide a review about the services provided by Provision;
  • Create or modify an account, such as a patient portal account (as applicable);
  • Upload or post any information to our Sites;
  • Make a requests for patient portal support or technical assistance; and
  • Provide any other information to us.

This information may include your name, email address, phone number, postal address, insurance information, personal health information (however, this does not rise to the level of “Protected Health Information protected by HIPAA), survey responses, user content stored or entered into the forms found on our Sites, and other information you may choose to provide to us through use of our Sites.

The information you provide to us will be used to (i) set up your account (if applicable); (ii) if you elect to receive information from Provision, provide you with such information; (iii) improve the Sites; (iv) respond to your inquiries; (v) facilitate your job application or process your charitable donation; or (vi) fulfill any other purpose for which you provided the information.

We will not use the information you provide for any purposes other than as described in this Policy or explained to you at the point in which the information was collected.

Information Collected Through Automated Means.

We may also automatically collect additional information about your visit to our Sites, including pages you visit, your general geographic location based solely on your Internet Protocol (“IP”) address, promotions/ads with which you interacted, and other behaviors. This information is collected for the purpose of improving your overall visit to our Sites by providing interest-based content. For example, we may collect information about your general geographic location and a specific interest, based on the topics you browsed on our Sites, so that we can highlight a program or resource close to your location. The data may also be used to provide interest-based content for communications for which you have opted in.

We, or our partners, may also gather certain information automatically, including but not limited to, IP addresses, browser type, Internet Service Provider (ISP), operating system, date/time stamp, mobile location and device type, and/or clickstream data. The information may be collected via cookies, web beacons, and/or similar technologies that help us serve you better, for example, by making your interactions with our Sites faster or more personalized. The information we collect automatically through these technologies may be linked to and/or combined with other information we collect about you.

When interacting with Provision via social media platforms, we may obtain information stored within social media or authorized by you to be collected by us within such social media. This information may include your contact information, email address, friend information, friends and pages with whom you have association, and other information stored within social media.

Cookies & Information Collected by Third-Party Tools.

To collect the information in the “Information Collected Through Automated Means” section above, we and our third-party service providers may use Internet server logs, cookies, tracking pixels, and other similar tracking technologies, as explained above. Cookies are small text files that do not damage a visitor’s system or files. We may use cookies to: (i) store visitors’ preferences and recognize visitors’ computers; (ii) customize Web page content based on visitor interests; (iii) record past activity in order to provide better services; and (iv) assist with security and administrative functions.

Most Internet browsers will allow a user to accept or deny cookies. Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” or “Settings” section of your browser for more information. If a visitor rejects our cookies, they may still use our Sites, but may not have access to certain features or offerings of the Site.

Please be aware that Provision, or those acting on our behalf, may also use web beacons to access Provision cookies inside and outside our network of Sites. Web pages may contain an electronic file called a web beacon that allows a web site to count users who have visited specific content or Sites or to access certain cookies.

We may also use certain third-party products or services (“Third-Party Tools”), such as Google Analytics, a web analysis service provided by Google, in order to better understand the use of our Sites. These Third-Party Tools may collect information such as how often users visit our Sites, what pages they visit, and the websites which referred you to our Sites. Further, the Third-Party Tools may use the data collected to track and examine the use of the Sites, to prepare reports on its activities, and to share them with other related services. The Third-Party Tools, to the extent they service advertising purposes, may also use the data collected on the Sites to contextualize and personalize ads on their own advertising networks. Each Third-Party Tool’s ability to use and share information it collects about your visits to the Sites is restricted by its own privacy policies and terms of use, which Provision is not responsible for. Additional information about the Third-Party Tools we use can be provided by contacting us, as explained further below. To prevent Google Analytics from using information for analytical purposes, you may install the Google Analytics Opt-Out Browser Add-on available on their website.

LEGAL BASIS FOR USE OF YOUR INFORMATION

The laws of some jurisdictions require companies to explain the legal grounds relied upon to use or disclose your personal information. To the extent those laws apply, our legal grounds are as follows:

  • To Honor our Contractual Commitments to You: Much of our processing of personal information is to meet the contractual obligations to our users, or to take steps at users’ requests in anticipation of entering into a contract with them. For example, we handle personal information on the basis of your donations or payment for services.
  • Consent: Where required by law, and in some other cases, we handle personal information on the basis of your implied or express consent.
  • Legitimate Interests: In many cases, we handle personal information on the ground that it furthers our legitimate interests in our activities in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals. This includes: operating Provision and the Sites; providing security for the Sites; products, software, or applications; marketing; making and receiving payments; and preventing fraud.
  • Legal and Regulatory Compliance: We need to use and disclose personal information in certain ways to comply with our legal and/or regulatory obligations (such as our obligation to share data with tax authorities).

SHARING OF INFORMATION

We may share the information described above as set forth in this Policy or as otherwise described at the time such information is collected from you. We will not sell, rent, or swap this information, nor will we authorize any of our service providers or business partners to use this information for their own commercial purposes without your permission.

Information Shared by Us:

  • We may share information with a parent, subsidiary, or affiliate entity within the Provision family. Any organization to which we provide such information is required to keep it confidential and to use such information only in accordance with this Policy.
  • Service Providers. In the course of doing business, we work with other companies and individuals to perform a variety of functions on our behalf. For example, we may provide information as necessary to companies that host our Sites or send communications on our behalf. These service providers may have access to information about you if it is necessary to perform their services to us, but they are not authorized by us to use or disclose such information except as necessary to perform these services or to comply with legal requirements, and they are required to maintain the information in confidence.
  • Legally Required. We reserve the right to disclose information if required to do so by law or by a regulatory authority. We may also disclose information as part of an investigation or enforcement action relating to improper or illegal conduct in connection with out Sites or other products, including, without limitation, any situations that may potentially involve threats to the safety or privacy of any person or misuse of our Sites.
  • Aggregated and Non-Identified Data. We may maintain and use aggregate data or other non-identified information (e.g., information that does not identify a specific individual), such as usage statistics, device data, online traffic patterns, and user feedback. In addition to using this information for the purposes discussed above, we may disclose such aggregated or non-identified data to third parties without restriction.
  • Business Partners. Provision may securely share your information with our business partners, such as vendors who coordinate the collection of donations to Provision’s Foundation. These business partners may use the information received by them to contact you to offer you certain opportunities, products, services, or promotions. Once your information has been shared with a business partner, it is no longer subject to the control of Provision or subject to this Policy, however, Provision requires its business partners to maintain appropriate data security.

SECURITY

The security of your information is important to us. We take precautions to protect your information by implementing safeguards to protect the information we collect. But you should keep in mind that no website or Internet transmission is ever completely secure or error-free. PLEASE NOTE: The safety and security of your information also depends on you. We urge you to take steps to keep your private information secure, such as choosing strong passwords and never sharing your password with anyone else. If you create or receive a password in connection with access to our Sites, please notify us promptly if you believe your password security has been breached, and remember to log off of the Site before you leave your computer or mobile device.

The Sites may offer opportunities to communicate through email. Because normal email is not encrypted, the possibility exists that unauthorized individuals may intercept email messages. Provision, its parents, and affiliates are not responsible for the privacy and security of email messages except those stored in our system. Please do not send any sensitive or personal information or Protected Health Information to us in email unless it is encrypted.

RETENTION OF YOUR INFORMATION

Provision will keep your information for no longer than necessary for the purposes for which it is processed and/or as required to comply with applicable laws.

THIRD-PARTY LINKS

Our Site may contain links to other sites that are owned or operated by others. We are not responsible for the privacy and security practices of sites not owned by Provision. We encourage our visitors to be aware when they leave our site and to read the privacy policy of any site that collects personally identifiable data.

COPPA (Children’s Online Privacy Protection Act)

This Site is not intended for use by children under the age of 16 and we do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal information under applicable law from a child under such age without legally valid parental consent, we will take reasonable steps to remove that information.

CALIFORNIA & DELEWARE “DO NOT TRACK” DISCLOSURES

California and Delaware law require us to indicate whether we honor “Do Not Track” settings in your Web browser concerning targeted advertising. At this time, there is no worldwide uniform or consistent industry standard or definition for responding to, processing, or communicating “Do Not Track” signals. Therefore, like many other websites and online services, we do not currently respond to any “Do Not Track” browser requests.

CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS

Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (a) a list of the categories of personally identifiable information (such as name, email, and mailing address, and the type of services provided to the customer) that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the name and address of all such third parties. To request the above information, please email us at: compliance@provisionhealthcare.com with a reference to California Disclosure Information. Please note that we are only required to respond to each customer once per calendar year.

INTERNATIONAL USERS AND CONSENT TO TRANSFER

Provision is located in the United States. The services described within our Sites are directed only at customers in the United States. If you are visiting the Sites, or any part thereof, from outside of the United States, please be aware that your information may be transferred to, stored, or processed in the United States and maintained on computers or services located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located in the European Economic Area, you may have additional rights, including the right to access, correct, erase, restrict processing of, and object to processing and profiling of your information, and to complain to a supervisory authority within your jurisdiction. By using any portion of our Sites, you understand and consent to the transfer of your information to the United States and those third parties with whom we share it as described in this Policy.

Your Choices and Rights. Residents of the European Union can exercise certain data subject rights available to them under applicable data protection laws. Where such rights apply, we will comply with requests to exercise these rights in accordance with applicable law. Please note: certain information may be exempt from such requests in some circumstances, which may include if we need to keep using/processing your information for our legitimate interests or to comply with a legal obligation. If these rights apply to you, they may permit you to request that we:

  • Provide access to or a copy of certain personal information we hold about you;
  • Prevent the processing of your personal information for direct marketing purposes;
  • Update personal information which is out of date or incorrect;
  • Delete certain personal information which we are holding about you;
  • Restrict the way that we process and disclose specific personal information about you;
  • Transfer your personal information to a third-party provider of services; and
  • Allow you to revoke consent that you previously provided for the processing of your personal information.

For more information on how to exercise these rights, please contact us using the information provided in the “Contact Us” section below. If applicable, you may make a complaint to the data protection supervisory authority in your country where you are a resident. Alternatively, you may seek a remedy through local courts if you believe your rights have been violated.

ACCEPTANCE OF THESE TERMS

This Policy is incorporated into and subject to the Provision Terms of Use, which can be accessed here. Each time that you view and/or interact with out Sites, you signify that you have read, understood, and agree to be bound by the Terms of Use, which incorporate this Policy. If you do not agree to the terms of this Policy or to the use of your information as set forth in this Policy, please do not use our Sites. Your continued use of our Sites subsequent to changes in this Policy will signify your acceptance of the changes.

Changes to this Policy. We reserve the right to modify this Policy at any time. Any changes to this Policy will be posted on this site. Any changes will become effective when posted unless indicated otherwise. Your continued voluntary use of this Site following any changes signifies your acceptance of this Policy as amended.

Reservation of Rights. By viewing and/or interacting with our Sites, you consent, and we reserve the right, to have the data we collect from you be used as described in this Policy. Additionally, you consent, and we reserve the right, to have the data we collect from you be used in ways that are consistent with the then-current disclosed Policy regardless of when your data was collected (e.g., we can use your data in ways that are consistent with the current disclosed practices, but which may not be entirely consistent with the previously disclosed practices when your information was originally disclosed).

CONTACT US

If you have any questions or concerns about this Policy, your data, or our privacy protections, please contact us at: compliance@provisionhealthcare.com