We are committed to protecting the personal information you have entrusted to us. We collect and use personal information in order to perform our business functions and provide quality health care products and services to our customers.
Categories of Personal Information We Collect and Use
We recognize personal information as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. Depending on the context of your interactions with us, we may collect and use different types of personal information for the categories listed below. Examples are representative and may not actually be collected.
Categories of Personal Information Collected
A. Personal Identifiers.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
C. Protected classification characteristics under California or federal law.
Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
D. Commercial information.
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
E. Biometric information.
Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
F. Internet or other similar network activity.
Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
G. Geolocation data.
Physical location or movements.
H. Sensory data.
Audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment related information.
Current or past job history or performance evaluations.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
K. Inferences drawn from other personal information.
Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Categories of Sources of Personal Information
We receive and use various types of personal information in order to conduct our day-to-day business activities. We aim to only collect information that is necessary and by fair means and providing notice and requiring consent when necessary.
We may collect personal information from the sources highlighted below:
- Third-party vendors
- Recruitment or talent agencies
- Our website, services, or social media pages
- Our business partners (non-vendors)
- Joint marketing partnerships
- Publicly available non-government and government data
- Contractors (e.g., consultants, agents, and representatives)
- Consumer reporting agencies
- Covered individuals’ email accounts, chat logs, social media accounts
- Covered individuals’ devices
- Directly from covered individuals
- From other individuals, such as friends or family
- Third parties (e.g., data brokers)
Some of this data may be collected when:
- You apply for a position, or to do business, with us
- We establish a contractual employment or commercial relationship
- You provide us with any type of service as a vendor
- When we provide you with any type of service, product or support
- When you browse, or use our website, services, or social media pages
Types of Tracking Technologies We May Use: We may collect personal information using a variety of tracking technologies, such as cookies, web beacons, embedded scripts, browser fingerprinting, GPS, recognition technologies and location-identifying technologies (collectively “Tracking Technologies”), which may set or modify settings or configurations on your device. A “cookie” is a data file placed on your device when you visit a website that keeps a record of your use of the website. This technology can make the website more convenient for you in many ways, including by keeping you logged in even when you close the website and remembering your preferences across separate visits. We may use Tracking Technologies for a variety of purposes, including when strictly necessary to allow you to use and access the website, to assess the performance of the website, to improve the website’s functionality and to deliver relevant content to you, including advertisements.
Do Not Track: Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. Do Not Track is a technology that enables users to opt out of tracking by websites they do not visit. Currently, we do not monitor or take any action with respect to Do Not Track technology. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Disabling Tracking Features: Regular cookies may generally be disabled or removed by tools that are available as part of most commercial browsers, and in some but not all instances can be blocked by selecting certain settings. Each browser you use will need to be set separately and different browsers offer different functionality to perform such functions. Please be aware that if you disable or remove these technologies, some parts of our website may not work and that when you revisit this website your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
Business Uses and Purposes for which Personal Information is Collected
The purposes for which we collect and use your personal information may vary depending on the type of relationship you have with us, such as if you are one of our employees, customers, or a website user.
Generally, we collect, use, and disclose your personal information to provide you products and services and as otherwise related to the operation of our business. For more specific detail on our disclosures of personal information, see the next section “Sharing and Disclosures to Third Parties.” Subject to restrictions and obligations of applicable laws, we may use your personal information for some or all of the following business purposes:
- Processing interactions and transactions between you and us
- Managing such interactions and transactions
- Performing Services (as defined in any agreement between us and you, or as identified or included on our websites), including customer support services
- Research and development
- Fulfilling regulatory requirements and performing quality assurance
In addition, we may collect, use, and disclose your personal information for the following additional operational business purposes for which we are providing you notice as permitted by applicable law:
- Employees and candidates: If you apply for a job with us, we use your personal information to consider you for employment. If you have an employment or commercial relationship with us, we use your personal information to develop our contractual relationship, to conduct performance evaluations, and to comply with legal obligations, including tax and labor regulations.
- Customers: if you are our customer, we use your information to maintain our commercial relationship, to ensure the proper operation of the day-to-day business, to comply with tax and other regulations, and to administer sales, support, and marketing activities.
- Patients of our customers: We provide support services to patients that use our health care products and services or who interact with customers that use our products and services, when required.
- Prospective customers: Information from prospective customers is used to respond to requests for information and for sales and marketing activities.
- Vendors and suppliers: If you have a business or professional relationship with us, we will use your information to develop and conduct our business relationship with you, and to comply with tax and other regulations.
- Visitors to Solutionreach facilities: Our facilities employ physical access controls and video surveillance systems for security purposes.
- Website and social media users: We collect personal information from visitors and users of our website and social media pages. We may use the information to manage your account registration, to store your preferences and settings, for marketing to you, and to analyze how you use our website and online services.
We will use personal information for the purposes disclosed above. To the extent required by law, we will inform you in advance if your personal information will be used for an additional purpose, and if required you will be given a mechanism to provide your consent.
As permitted by applicable law, we do not treat de-identified data or aggregate customer information as personal information and we reserve the right to convert, or permit others to convert, your personal information into de-identified data or aggregate consumer information. We have no obligation to re-identify such information to respond to your requests.
In addition, we may collect, use, and disclose your personal information as required or permitted by applicable law.
Sharing and Disclosures
At times, we engage third-party contractors, service providers, and other vendors to help us accomplish our business objectives. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. There are other circumstances where we are required by law to disclose personal information to third parties such as public authorities.
Categories of personal information that may be disclosed for business purposes or sold:
In the preceding twelve (12) months, we may have disclosed for a business purpose or sold (as the term “sold” is defined by the California Consumer Privacy Act) the following categories of personal information:
- Personal Identifiers
- Personal Information Records
- Protected Classifications
- Commercial Information
- Biometric Information
- Internet Usage Information
- Geolocation Data
- Sensory Data
- Professional or Employment Information
- Non-public Education Information
- Inferences from Personal Information Collected
For clarification, while we do not sell personal information as it relates to patient data, we may share personal information related to our customers for business purposes.
Who we share personal information with:
We may disclose your personal information for a business purpose to the following:
- Third parties to whom you authorize us to disclose your personal information in connection with the products or services we provide to you
- Business partners
- External auditors
- Internal employees, including executives / board of directors
- Public authorities / government bodies
- Service providers and vendors, such as for advertising or marketing purposes, internet service providers, data analytic providers, operating systems and platforms, and social networks
- Our subsidiaries and affiliates
We engage with third-party contractors, service providers, and other vendors for certain services. If the engagement involves the transmission of personal information, a contract to protect the personal information is executed before any data is disclosed, and we direct the service provider to treat that data consistent with legal requirements.
In certain circumstances, we may be required to disclose personal information when required by law, when required to protect our legal rights, or in an emergency situation where the health or security of an individual is endangered.
We may also disclose certain personal information in the context of any sale or transaction involving all or a portion of the business.
Personal information of children:
Our services are not directed to children. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, please contact us.
We are committed to the security, confidentiality, and integrity of personal information in accordance with legal requirements. We take commercially reasonable precautions to keep personal information secure against unauthorized access and use, and we periodically review our security measures. We are committed to processing your data in a secure manner and have put in place specific safeguards to prevent the personal information we hold from being compromised.
We secure the connection between our websites and your browser with website security certificates. Please be aware that these protection tools do not protect information that is not collected through our website, such as information provided to us by email.
We also conduct risk assessments, train our staff to understand the importance of protecting personal information, and responsibly manage access rights within our company. We include both physical security and IT security in our overall data security approach. In addition, we are diligent in selecting vendors that also ensure appropriate technical and organizational measures are undertaken to protect data.
You must promptly notify us about any security incidents of which you become aware, such as if your username or password is lost, stolen or used without permission or if you become aware of operational or security failures, incidents, system problems, concerns, or other security-related incidents impacting our website or services.
Your Data Protection Rights and Choices
If you are a California resident, you may have the privacy rights described in this section. Any request you submit to us is subject to an identification and verification process. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected personal information.
If we cannot comply with a request, we will explain the reasons in our response. We will use personal information provided in a verifiable request only to verify your identity or authority to make the request and to track and document request responses.
We will make commercially reasonable efforts to identify personal information that we collect, process, store, disclose, and otherwise use and to respond to your applicable privacy rights requests. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.
If you are a resident of California, your privacy rights may include the following:
You may have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is 12 months prior to the request date:
- The categories of personal information we have collected about you
- The categories of sources from which we collected your personal information
- The business or commercial purposes for our collecting or selling your personal information
- The categories of third parties to whom we have shared your personal information
- The specific pieces of personal information we have collected about you
- A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or that no disclosure occurred
- A list of the categories of personal information sold about you in the prior 12 months, or that no sale occurred. If we sold your personal information, we will explain the categories of third parties to which we sold personal information, by category of personal information sold for each third party
To make a request, please go to the following page on our website: http://www.solutionreach.com/policies/ccpa-request.
Obtaining Copies of Personal Information:
If you are a California resident, you may have the right to obtain a copy, no more than twice in a twelve-month period, of your personal information that we have collected and are maintaining. To make a request, please go to the following page on our website: http://www.solutionreach.com/policies/ccpa-request.
Do Not Sell:
If you are a California resident and you are 16 years of age or older, you may have the right to direct us to not sell your personal information.
We do not sell the personal information of an individual we know is under 16 unless we receive an opt-in from the individual who is between 13 and 16, or the parent or guardian of an individual younger than 13. Individuals who opt-in to personal information sales may opt-out at any time, subject to lawful exceptions.
For clarification, while we do not sell personal information (as the term “sold” is defined by the California Consumer Privacy Act) as it relates to patient data, we may share personal information related to our customers for business purposes.
In compliance with the California Consumer Privacy Act, California residents may request their personal information not be sold by going to the following page: http://www.solutionreach.com/policies/ccpa-request.
If you are a California resident then except to the extent we have a basis for retention under applicable law, you may request that we delete the personal information we have collected and maintain about you. We will maintain personal information, without limitation, in order to complete transactions and service you have requested or that are reasonably anticipated, for security purposes, for legitimate internal business purposes, including maintaining business records, to comply with law, to exercise or defend legal claims, and to cooperate with law enforcement. To make a request, please go to the following page on our website: http://www.solutionreach.com/policies/ccpa-request.
We will not discriminate against you in a manner prohibited by applicable law because you exercise your privacy rights. You may have the right to exercise these rights via an authorized agent who meets the agency requirements of the applicable law.
We will cooperate with inquiries made by any legitimate government regulatory authority.
If you have any privacy concerns or questions about how your personal information is used, please feel free to contact us at:
2600 N Ashton Blvd.
Lehi, UT 84043
Attn: Legal and Compliance
Last Updated: January 31, 2020