Privacy Policy
1.0 Scope and Purpose
This Privacy Policy describes how HIPAATIZER and Cappers Applications Inc. (collectively, “HIPAATIZER,” “we,” “us,” and/or “our”), and its subsidiaries and affiliated companies, may collect, use, and share information about Users that we obtain through www.HIPAAtizer.com (the “Website”).
A “User” includes any person who uses the HIPAAtizer Services or HIPAAtizer Applications, as described in our Terms of Use (the “Services” or “HIPAAtizer Applications”), whether as a registered user of the Services for business purposes or a reseller of HIPAAtizer services (collectively, a “Commercial User”) or an existing or potential customer, client, patient, or other end user who uses the Services to submit personal, health, contact, or other information to a Commercial User (collectively, an “End User”).
This Policy does not apply to other websites that we operate, to information that we obtain outside of the Website, or websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties, and we urge you to evaluate the soundness of these practices for yourself.
2.0 About HIPAAtizer
HIPAAtizer is a WordPress plugin tool and HIPAA-Compliant online form building service. For more information about HIPAAtizer please see the “About” section of the Website at www.HIPAAtizer.com.
3.0 What Information Do We Collect?
- 3.1 Data Controllers
Our Privacy Policy applies to any User who accesses the Website or otherwise uses the Services and HIPAAtizer Applications. The personal information provided to or gathered by HIPAAtizer is controlled by HIPAAtizer. If you have any concern about providing information to us or otherwise used in any manner permitted in the Privacy Policy and the Terms of Use, you should not become a User of HIPAAtizer, visit our Website, or otherwise use our Services. We collect the personal information of Users in the following ways:
- 3.1.1 Pre-Registration.
If you are interested in learning more about HIPAAtizer, our plugin and the Services and products we offer, we may ask for personal information, such as your name, practice name and size, email address, telephone number, and city/state. - 3.1.2 Registration:
When a Commercial User creates an account with us, you provide us with information (including names, email addresses, and other personally-identifiable information of your employees, company information, and passwords) that we use to offer you a personalized, relevant experience on the HIPAAtizer Applications, including the creation of intake forms for your End Users. You understand that, by creating an account as a Commercial User, HIPAAtizer will be able to identify you by your account information, and you allow HIPAAtizer to use this information in accordance with this Privacy Policy. We may also ask you for credit card details or other payment information if you purchase any services that we offer for a fee.
When a Developer creates an account with us, you provide us with information (including names, email addresses, and other personally-identifiable information of your employees, company information, and passwords) that we use to offer you a personalized, relevant experience on the HIPAAtizer Applications, including access to a sandbox environment, RESTful APIs with limited functionality, and the ability to create intake forms for your partners, our Commercials Users, for their End Users. You understand that, by creating an account as a Developer, HIPAAtizer will be able to identify you by your account information, and you allow HIPAAtizer to use this information in accordance with this Privacy Policy. We may also ask you for credit card details or other payment information if you purchase any services that we offer for a fee. We do not provide BAA agreement for Sandbox accounts.
- 3.1.1 Pre-Registration.
- 3.2 Account Information
As a Developer or Commercial User, you can add additional details about your company and employees to your account. We use this information to improve both your experience and the experience of your End Users. With your approval, we may also connect third-party services to your account. Providing such additional information enables you and your End Users to derive more benefit from HIPAAtizer. - 3.3 Customer Service
When you contact our customer support services, we collect information that helps us categorize your question, respond to it, and, if applicable, investigate any breach of our Terms of Use Agreement or this Privacy Policy. We also use this information to track potential problems and trends and customize our support responses to better serve you. - 3.4 Using the HIPAAtizer Website and Services
We collect information when you use the HIPAAtizer Applications or other Services. If you are logged in on www.HIPAAtizer.com or another Service or a HIPAAtizer cookie on your device identifies you, your usage information and the log data described in Section 3.6 of this Privacy Policy, such as your IP address, will be associated with your account. Even if you are not logged into a Service, we log information about devices used to access our Services, including IP addresses. - 3.5 Cookies
We may use cookies and similar technologies, including mobile application identifiers, to help us recognize you across different Services, improve your HIPAAtizer experience, increase security, and measure use and effectiveness of our Services. You can control cookies through your browser settings and other tools. By visiting HIPAAtizer, you consent to the placement of cookies and beacons in your browser and HTML-based emails in accordance with this Privacy Policy. - 3.6 Log Files, IP Addresses, and Information About Your Computer and Mobile Device
When you visit or leave HIPAAtizer sites or apps by clicking a hyperlink or when you view a plugin on a third-party site, we automatically receive the URL of the site from which you came or the one to which you are directed. We also receive the internet protocol (“IP”) address of your computer or the proxy server that you use to access the web, your computer operating system details, your type of web browser, your mobile device (including your mobile device identifier provided by your mobile device operating system), your mobile operating system (if you are accessing HIPAAtizer using a mobile device), and the name of your ISP or your mobile carrier. We may also receive location data passed to us from third-party services or GPS-enabled devices that you have set up. Most mobile devices allow you to prevent real time location data being sent to HIPAAtizer, and of course HIPAAtizer will honor your settings.
4.0 How Do We Use Your Information?
We currently use information collected through tracking technologies, such as cookies and web beacons, to improve the functionality of the Website.
For example:
- We track the number of visitors using certain portions or features of the Website to make changes that may be necessary to improve the Website’s functionality;
- We track the popularity of features on the Website to guide the development of new ones;
- We identify the types of devices our visitors use so that we can improve and optimize our systems; and
- We assess the ways in which Users become aware of or access the Website in order to gauge the quality and methods of our advertising.
- We do not use personal information to make automated decisions.
- By continuing to use our Website, including by remaining on the landing page, you consent to the use of cookies.
If you choose to provide HIPAAtizer with Personally identifiable information (“PII”), we will use that information for purposes explained at the time of collection; as described in this Privacy Policy and our Terms of Service; and for our business purposes. For example:
- If you provide us with your email address, we may use it for our own marketing, promotional, and informational purposes, including solicitations, invitations, newsletters, awareness campaigns, and announcements. We also may share it with partners and affiliates for their marketing purposes. We will not share your email address with unaffiliated third parties.
- We will not retain your information, whether obtained through tracking technologies or provided by you longer than necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Wherever your PII may be held by HIPAAtizer or on its behalf, HIPAAtizer takes reasonable and appropriate steps to protect the PII that you share with us from unauthorized access or disclosure. HIPAAtizer trains its employees on data handling practices. In addition, HIPAAtizer and its service providers enter into agreements which require that care and precautions be taken to prevent loss, misuse, or disclosure of your PII.
- We may employ third party companies and individuals to facilitate our Services (e.g. maintenance, analysis, audit, marketing, and development). These third parties have limited access to your PII only to perform these tasks on our behalf and are obligated to HIPAAtizer not to disclose or use it for other purposes. A list of our service providers can be viewed in our Terms of Use.
As stated in Section 9.0, we reserve the right to revise or update our privacy policy in our sole discretion. By continuing to use the Services after we make an revision or update, you agree to that amendment or update.
5.0 Sharing Your Information
We engage certain service providers, identified below, to track and associate internet search and browsing behavior with our advertisements and to provide functionality on the Website.
These third-party service providers are limited to using information only as instructed to provide contracted services to us. We have configured the third-party technologies we use: Google Ads and Facebook Pixels to use tracking technologies, such as cookies and web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services, analytics and target ads. More specifically, these companies may use non-personally identifiable information about your visits to other websites, together with non-personally identifiable information about your purchases and interests from other online and offline sources, to provide ads about goods and services of interest to you.
In addition, we may share Website usage information with these service providers to manage our content, administer target ads and for market research purposes. Finally, information obtained through these processes may be combined with Personally Identifiable Information in order to analyze our marketing efforts.
We will only share PII with third party vendors, consultants, agents, partners, and other service providers with whom we contract to help us provide or improve our services.
Please note that HIPAAtizer will only share your information in accordance with this Policy, except in the following situations:
- You have given us your consent to share or use information about you;
- We believe that we need to share information about you to provide a service that you have requested from us or from others;
- We are required by law to disclose information; or
- We believe that it is necessary to protect our rights or to avoid liability or violations of the law;
- To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your Personal Information only for the purposes disclosed in this Policy; or
- To any other person with your consent to the disclosure.
6.0 Your Choices and Obligations
- 6.1 Rights to Access, Correct, or Delete Your Information, and Closing Your Account
You have a right to (1) access, modify, correct, or delete your personal information controlled by HIPAAtizer, (2) change or remove your content, (3) export your data, and (4) close your account. You can also contact our support team for any account information which is not on your profile or readily accessible to you.
If you are a Commercial User and close your account(s) by canceling your subscription, your information will be retained for a limited time so you may resume your subscription at a later date. If you close your account(s) by opting to delete your account or otherwise request removal of your PII, your information will be made available for you to export and download for a period of seven (7) days following your request and then permanently will be removed from the Services within thirty (30) days of your request. HIPAAtizer only uses your personal data for the reason given at the time of collection and is securely deleted after it is no longer needed. - 6.2 Data Retention
We retain the personal information you provide while your account is in existence or as needed to provide you the Services. HIPAAtizer may retain your personal information even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between Users, prevent fraud and abuse, or enforce this Privacy Policy and our Terms of Use. We may retain personal information, for a limited period of time, if requested by law enforcement. HIPAAtizer may retain user usage information of our Services for up to 6 years after it was created to provide support-related reporting and trend analysis in order to understand and improve our Services. However, we delete closed account data consistent with Section 6.1. We may store data of Users from third party sources under the condition that it is permitted by the Users and the holder of such information. HIPAAtizer Services will ask for the User’s consent before storing such data.
7.0 General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. HIPAAtizer is committed to always operating in the best interests of our customers and this includes compliance with GDPR.
- 7.1 GDPR Key Principles
Several major principles underpin many of the requirements found in the GDPR in regards to controlling and processing personal data:
- Fairness and Transparency.
Organizations must always process personal data lawfully, fairly, and in a transparent manner. - Purpose Limitation.
Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that’s incompatible with those purposes. - Data Minimization.
Organizations can collect only personal data that is adequate, relevant, and limited to what is necessary for the intended purpose. - Accuracy.
Personal data must be accurate and, where necessary, kept up to date. - Data Deletion.
Personal data must be kept only for as long as it is needed to fulfill the original purpose of collection. - Security.
Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration. - Accountability.
A data controller is responsible for implementing measures to ensure that the personal data it controls is handled in compliance with the principles of the GDPR.
- Fairness and Transparency.
- 7.2 Data Controller vs. Data Processor
GDPR sets out responsibilities for entities that manage data, these include data processor and the data controller.
- Data Processor.
Data processors process personal data on behalf of a data controller. - Data Controller.
Data controllers decide the “purposes” and “means” of any processing of personal data. - HIPAAtizer as a Data Processor.
If you are a Commercial User, then the information that you store in HIPAAtizer and/or information about your own customers, clients, patients, etc. (collectively, the “End User” or “Customers”, whether stored in the Services direct by you or by your End User at your request) are your data subjects, and you are considered the data controller for this personal data. Using the HIPAAtizer Services to manage your Customers means that you have engaged HIPAAtizer as a data processor to carry out certain processing activities on your behalf. According to Article 28 of the GDPR, the relationship between the controller and the processor needs to be made in writing (electronic form is acceptable under subsection (9) of the same Article).Our Terms of Use and Privacy Policy documents also serve as your data processing contract, setting out the instructions that you are giving to HIPAAtizer with regard to processing the personal data you control and establishing the rights and responsibilities of both parties. HIPAAtizer will only process your client data based on your instructions as the data controller. - HIPAAtizer as a Data Controller.
Additionally, HIPAAtizer acts as the data controller for the personal data we collect about you, the User of HIPAAtizer Services, including the Website and our mobile applications. We process your personal data necessary for us to perform our contract with you (GDPR Article 6(1)(b)). We process your personal data to meet our obligations under the law (GDPR Article 6(1)(c)). This primarily involves financial data and information that we need to meet our accountability obligations under the GDPR. We process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
- Data Processor.
- 7.3 Individual Rights
Users have a number of rights regarding how HIPAAtizer handles your personal data:
- Data Access.
You have the right to confirm with HIPAAtizer whether HIPAAtizer is processing your personal data. - Right to Object.
You can, in certain cases, object at any time to the processing of your personal data, in particular if the processing is for direct marketing purposes. - Data Recertification.
You can send us a request to correct or complete personal data if the data is inaccurate or incomplete. - Restriction of Processing.
You can request HIPAAtizer to stop access to and modification of your personal data. - Data Portability.
HIPAAtizer provides functionality in the web app to export your data for your users, accounts, and activity in PDF format so that you can transmit your own personal data to another company. In certain cases, you have the right to ask HIPAAtizer to provide additional personal data, also in a structured, commonly used, and machine-readable format such as a CSV file. - Right to Erasure.
This is also known as “the right to be forgotten.” This right empowers you to request that HIPAAtizer delete or remove your personal data in situations such as when the data is no longer needed for the original purpose, when the data subject withdraws consent, or when the data subject objects to the processing and the controller has no overriding legitimate interest in the processing. HIPAAtizer provides you this functionality in the settings section of the HIPAAtizer Website. - Contact.
If you have any questions or feedback, or need to reach our Data Protection Officer, please reach out to our support team by email at support@HIPAAtizer.com.
- Data Access.
8.0 California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a U.S. law enacted in the State of California effective beginning January 1, 2020. In general, the CCPA expands the privacy rights of California citizens and requires certain companies to comply with a range of data protection requirements including:
- The consumer’s right to receive a copy of the specific personal information collected about them during the 12 months prior to their request;
- The consumer’s right to know a company’s data collection practices, including the categories of personal information it has collected, the source of the information, the business’s use of the information, and to whom the business disclosed the information it has collected about the consumer;
- The consumer’s right to have such personal information deleted (with exceptions);
- The consumer’s right to know the business’ data sale practices and to request that their personal information not be sold to third parties;
- A prohibition on businesses on discrimination for exercising a consumer right; and
- An obligation on businesses to notify a consumer of their rights.
HIPAAtizer customers that produce and store personal information (e.g., Commercial Users) are considered “Businesses” under the CCPA. Businesses have the predominant responsibility for ensuring that their personal data processing is compliant with relevant data protection law, including the CCPA.
HIPAAtizer is considered a “Service Provider” under the CCPA and shall collect, access, maintain, use, process, and transfer customer personal information and their end-users solely for the purpose of performing our obligations under HIPAAtizer’s existing agreement(s); and, for no commercial purpose other than the execution of such obligations and development of HIPAAtizer’s Services. HIPAAtizer is committed to always operating in the best interests of our Users and this also includes compliance with the CCPA. As such, HIPAAtizer addresses data protection requirements throughout this Privacy Policy, our Terms of Use, and the data portability and deletion features in the HIPAAtizer Services.
HIPAAtizer does not sell customer personal information, meaning that we also do not rent, disclose, release, transfer, make available or otherwise communicate that personal information to a third party for monetary or other valuable consideration.
9.0 Updates to This Privacy Policy
We reserve the right to make periodic updates and revisions to the Policy. Any changes will be posted on this page. Any changes that have been made to the Policy will be accessible on this page. By continuing to use the Services after we make an update or revision, you consent to those updates or revisions.
10.0 Additional Information
The Website is not intended for minors under the “Minimum Age,” as described in our Terms of Use, and HIPAAtizer does not wish to obtain any information from or about such minors through this Website. If you are under the Minimum Age, do not use this Website. Your interactions with any social media features are governed by the privacy policies of the companies providing these features, and we do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties.
11.0 Key Terms
- Tracking Technologies:
Tracking technologies include technologies such as “cookies” and “web beacons,” which are used to analyze trends, administer the Website, and help us provide you with a more personalized experience and improve our services.
Cookies are small amounts of text files that are sent from a website to your computer’s browser when you visit the site. These cookies are then stored in files within your computer’s browser. Websites can access only the cookies that they have stored on your computer. For every future time you access a website, your browser sends the cookie back to the server, which notifies the website of the user’s previous activities on the website. Thus, cookies serve several useful purposes, like letting you navigate between pages more efficiently, saving your preferences, and enhancing your user experience with the website.
Web beacons (also called transparent GIFs, web bugs, pixels, or action tags) are strings of code that deliver a tiny graphic image on a web page or in an email which is used to monitor the behavior of the user visiting the website or sending the email. Web beacons can recognize certain types of information on your computer such as cookies, the time and date a page is viewed, and a description of the page on which the web beacon is placed. In general, any file served as part of a web page can act as a web beacon. - Internet Protocol (IP) Address:
A numerical label separated by periods that identifies every device (e.g., computer, printer) that participates in a network. IP addresses allow these devices to communicate with one another and transmit relevant information. - Personally Identifiable Information (PII):
For purposes of this Policy, PII includes: first and last name; physical mailing address including street name and city/town; email; and telephone number.
12.0 How to Contact HIPAAtizer
If you have any questions or comments about this Privacy Policy, please contact us via email at: support@HIPAAtizer.com