MENTAL HEALTH SOLUTIONS, INC.
Last Modified: October 7, 2021
1. OVERVIEW AND SCOPE
• On or through our Service.
• In email, text, and other electronic messages between you and Company.
• Through mobile and desktop applications you download from the Website, which provide dedicated non-browser-based interaction between you and the Website.
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by:
• Us offline or through any other means, including on any other website operated by Company or any third party; or
• Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
2. INFORMATION WE COLLECT
We collect several types of information from and about users of our Website, including the following information:
• Personal Information/Personally Identifiable Information (“PII”): information by which an individual may be personally identified, such as an individual’s name, postal address, social security number, telephone number, or e-mail address. PII also includes information about an individual’s activities, such as information about his or her activity on the Site or credit history, and demographic information, such as date of birth, gender, address, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual.
Personal information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that the organization collects about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. The organization may use and disclose aggregate information, and other non-personally identifiable information, for various purposes;
• Information that is about an individual but individually doesn’t identify such individual; and/or
• Information about an individual’s internet connection, the equipment used to access our Service, and usage details.
3. PROTECTED HEALTH INFORMATION
"Protected Health Information" (“PHI”) as used in this policy, is individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations (PHI healthcare business uses). PHI is also not limited to digital text. Videos, images, x-rays, MRIs, doctors’ notes, and insurance cards are all examples of PHI.
PHI includes, but is not limited to the following data types:
• Dates, except year
• Telephone numbers
• Geographic data
• FAX numbers
• Social Security numbers
• Email addresses
• Medical record numbers
• Account numbers
• Health plan beneficiary numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers including license plates
• Web URLs
• Device identifiers and serial numbers
• Internet protocol addresses
• Full face photos and comparable images
• Biometric identifiers (i.e. retinal scan, fingerprints)
• Any unique identifying number or code
The Company collects only the minimum amount of information necessary to perform an approved function. Any new projects, processes, analysis or research using PHI data requires approval from the Chief Privacy Officer.
4. COLLECTION OF INFORMATION
4.1 Passive Information Collection
When an individual uses the Service, some information may be automatically collected, such as the user’s IP address, browser type, system type, the content and pages that the user accessed on the Site, "referring URL" (i.e., the page from which the user navigated to the Site), the pages the user navigate to on the Site, and from which the user leaves the Site, as well as the time the user spent on the Site.
This information is collected using technologies such as:
• Standard server logs. [INSERT DESCRIPTION]
• Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
This information is then used to administer, operate, and improve the external facing website, client experience, other services and systems, and to provide services and content that are tailored to the user. If any of this information is linked or associated with any PII, the new data set is subject to the same restrictions as PII per this policy. Otherwise, this information is collected as non-personally identifiable.
Third parties may set cookies on the user’s hard drive or use other means of passively collecting information about the user’s use of their services or content. The organization does not have access to, or control over, these third-party means of passive data collection.
4.2 Collection of Voluntarily Provided Information
The Company may collect personal information in a variety of ways through the organization’s client facing applications. For instance, when the user requests information about the organization’s services or otherwise communicates with us, certain information is collected. This information may include: name, e-mail address, city, state, country, other demographic information, and the user’s interests and preferences.
Other information you provide to us may include:
• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, creating an account, subscribing to the Service, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
• Records and copies of your correspondence (including email addresses), if you contact us.
• Your responses to questionnaires or surveys that we might ask you to complete for purposes of the Service or conducting research.
• Your search queries on the Website.
4.3 Information We Collect From Social Media and Third Party Sources
We may collect information from you when you follow or like us on social media sites and platforms, including but not limited to Instagram, Twitter, and Facebook. Such information collected may include your name, email address, other contact information, and/or comments and content you post. We also may collect information about you when you submit information through social media platforms or if you sign up for promotions.
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information (Section 6.2).
5. USE OF PII
The Company uses PII to provide services and information that the user requests; to enhance, improve, operate, and maintain the Site and Service, our programs, services, website, and other systems; to prevent fraudulent use of our Site and Service; to tailor the user’s experience; to maintain a record of our dealings with the user, and for other administrative purposes.
The organization may also use PII to contact the user regarding our products and services. The user must be provided the opportunity to “Opt Out” to these marketing services as described in the Choices About How We Use and Disclose Your Information section below (Section 6.2).
Please note though that information that has been de-identified in accordance with HIPAA does not constitute PHI. For more information about our HIPAA-compliant activities, please contact [INSERT EMAIL ADDRESS].
5.1 Disclosure of Personal Information
The Company will not disclose users’ personal information to third parties without the user’s consent, other than as described in this policy. Personal information may be shared with third-party service providers (e.g., data storage and processing facilities) that assist the organization in completion of approved workflows compliant with this policy. Any personal Information shared with third parties is limited to only the minimum necessary for the third parties to perform the required functions.
We may disclose aggregated, de-identified information about our users, and information that does not identify any individual, without restriction.
• To our subsidiaries and affiliates to deliver the Service to you.
• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• With healthcare providers to provide health care services to you as part of the Service, with whom you communicate with through or about the Service, or for other treatment, payment, or health care operations purposes at your request.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our Website users is among the assets transferred.
• To third parties to market their products or services to you if you have not opted out of these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them. For more information, see Choices About How We Use and Disclose Your Information (section 6.2).
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.
We may also disclose your personal information:
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
• In de-identified form, whether or not aggregated with other data, at our discretion.
5.2 Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
• Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties' products or services, you can opt out by sending us an email stating your request to email@example.com. If you receive a commercial email from the Company, you may unsubscribe at any time by following the instructions contained within the email. This opt out does not apply to information provided the Company as a result of a product purchase, warranty registration, product service experience, or other transactions.
• Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers' target-audience preferences, you can opt out by sending us an email stating your request firstname.lastname@example.org
If the user wishes to opt out of any services that utilize PHI, a written request (either electronic or physical) needs to be received, documented, and processed in a reasonable timeframe.
California residents may have additional personal information rights and choices. Please see Your California Privacy Rights (Section 9) for more information.
Our Service is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. Information is not knowingly collected for individuals under the age of 13. Any information collected for individuals under the age of 16 is required to have parental consent. If you are under 16, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16 please contact us at:
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your California Privacy Rights (Section 9) for more information.
The Company protects the Personal Information it collects with reasonable and appropriate physical, electronic, and procedural safeguards. The organization follows HIPAA requirements and uses reasonable security measures that are designed to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
8. INFORMATION RETENTION
10. CONTACT INFORMATION
11. POLICY ADMINISTRATION
11.1 Monitoring and Enforcement
The Company periodically monitors adherence to this Policy to help ensure compliance with applicable laws, requirements, and contractual agreements that apply to Client & Consumer Data. The Company may also establish enforcement mechanisms, including disciplinary actions, to help ensure compliance with this Policy.