Introduction

This policy protects the personal information and data subject rights of customers or external users of cc4Med products and services by clearly explaining the following:

• What personal information we need (and why we need it)
• How we protect your personal information and data subject rights
• How to request and access your personal information
• How to give, deny or withdraw consent to use your personal information
• How to give, deny or withdraw consent to collect and use their personal information or make complaints.
• Be notified, without unnecessary delay, in the event your personal information leaks to an unauthorized third party.
• Our commitments to legal and regulatory compliance 
• Third party services we use and their privacy policies

This policy applies to all personal information stored on systems and media that are owned, leased, or otherwise provided by cc4Med, regardless of location.

Personal information we may need (and why we need it):

We may collect and process these examples of personal information (at times we may also need to collect other personal information that isn’t listed here):

• Device information (IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.
• Registration information (name, email address, phone number)
• Billing information (credit card information, billing address)

We may use/process this information to:

• We use the Device Information that we collect to help us screen for potential risk and fraud and more generally to improve and optimize our site (for example, by generating analytics about how customers browse and interact with the site, and to assess the success of our marketing and advertising campaigns).
• We use Registration and Billing information to manage our users and process payments.
• We do not sell, rent, or otherwise provide your information to other companies for any marketing purposes.

Protecting your information

cc4Med has an appointed privacy officer responsible for your rights as a data subject. We have appropriate technical and organizational measures to protect your information. We will handle and protect your information in line with these data protection principles:

• Personal information must be processed fairly and lawfully.
• Personal information must be obtained only for one or more specified and lawful purpose(s) and will not be processed in a manner that is not compatible with that purpose(s).
• Personal information must be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
• Personal information must be accurate and kept up to date when necessary. personal information must not be kept for longer than is required.
• Personal information must be processed in accordance with your rights as a data subject as set out in the privacy regulation(s) (“HIPAA”).
• Appropriate technical and organizational measures must be in place to protect personal information from unauthorized or unlawful processing and accidental loss, damage or destruction.
• Personal information will not be transferred to a country or territory outside of your country unless we can be assured there is an adequate level of protection of your personal information.
• Any changes, updates to any controls in place to protect your personal information will be communicated to you in writing.

Inventory Personal Information

In order to protect personal information, cc4Med keeps an accurate inventory of all personal information that is collected, processed or stored and transferred by cc4Med.

Cookie Banner

Cookies are little pieces of data that a website will store on your computer that allow the website to remember a user by the device they use. This may allow a website to remember the state the user left when they closed the browser or to track information about the user’s experience with the website. Some cookies are used to track other analytics about the user’s experience on the website, such as which pages they viewed, what links they clicked or how long they spent on a certain page.

cc4Med uses cookies to track various information about your use and personal experience with the cc4Med website and do so only with acquiring your consent with help from a cookie banner.

We may track, with your consent, the following details about your experience with our website:

• Tracking Preferences
• Advertising
• Various Analytics

Special Considerations for California residents

As a California resident you have the following rights:

1. To opt out of your data being sold, disclosed or traded for services in kind.
2. To having a clear and conspicuous option to give or deny consent to your information being disclosed or sold.
3. Should you choose to opt out of the collection or use of your personal information, you have the right to acquire the same service or product offering as one who has opted in.
4. You have a private right of action which allows you to seek statutory or actual damages in the event that a data breach occurs and is a result of a lack of reasonable security measures. This means that whether or not there was actual loss to you as a person, when your information is leaked as a result of poor security, you have the right to sue or join a class action to pursue damages.

Accessing your information (Subject Access Requests)

You are entitled to ask for a copy of the personal information that we hold about you and to have any inaccuracies in your personal information corrected. When you submit a request for your personal information, you are entitled to:

• Know what personal information cc4Med is processing or has processed.
• Know the reason(s) and purpose(s) for the processing of their personal information.
• Know if their personal information has been shared and if so with whom and for what purpose(s).

Process for submitting a Subject Access Request

The process for submitting a Subject Access Request is as follows:

• Requests for your personal information are submitted to your organization by email.
• info@cc4Med.com

How to give, deny or withdraw consent or make complaints

Implicit consent is given if the user uses the services offered by cc4Med once the cookie banner has been displayed.

Explicit consent is given after reading and agreeing to the privacy policy on cc4Med website which is publicly available.

Explicit consent is denied if the privacy policy is not read and agreed to, or a customer uses contact information or a form of the cc4Med website to request their consent be withdrawn. cc4Med will never assume or imply consent to persons under 18 years of age.

Privacy compliance complaints can be made to the following email address:

• info@cc4Med.com

Permitted and non-permitted disclosures

cc4Med will only disclose ePHI as permitted and agreed upon in relevant BAA (Business Associate Agreements) with a covered entity. In no case will cc4Med employees disclose ePHI in cases not covered in a relevant BAA with a covered entity. *The only exception to this is the case that the covered entity includes disclosures in the BAA that are in violation of the HIPAA Privacy Rule.

Right to make privacy requests under HIPAA

cc4Med acknowledges the right for ePHI subjects to make privacy requests under HIPAA. All requests can be made to the following email address.

• info@cc4Med.com

Denial of Access under HIPAA

cc4Med acknowledges the requirement to deny access to ePHI to subject under the following conditions:

• The ePHI is a form of psychotherapy notes
• The ePHI is to be used in legal proceedings
• Gratuitous requests from an inmate of a correctional institution
• Research ePHI in which a condition be met to receive treatment
• Denials permitted by HIPAA
• Denials specifically addressed in a BAA with a covered entity

Anti-intimidation and Anti-retaliation under HIPAA

cc4Med acknowledges that it is unacceptable to intimidate, make threats of retaliation or retaliate against ePHI subjects exercising their rights or well-intentioned individuals such as employees during the execution of their duties:

• Making a complaint as per their rights under HIPAA.
• Testifying, assisting or aiding in any, audit, legal hearings, legal proceedings, investigation relating to an ePHI incident, breach or violation.
• Any activity that is consistent with a “Whistleblower” including openly opposing or exposing any activity that the individual believes to be a violation of HIPAA or a ePHI subjects rights.

If an employee of cc4Med is discovered to violate this clause of the Privacy policy, that employee will be subject to investigation and disciplinary action(s) including temporary dismissal and termination.

Correct inaccuracies to your personal information

You have the right to correct any inaccuracies identified in your personal information we collect.

cc4Med provides the ability for you to correct inaccuracies in your personal information.

Right to be forgotten

You have the right to request that your information be deleted and that you be forgotten entirely from our records, unless there is a legal basis for keeping records, such as financial transactions and tax purposes.

Leak and Breach Notification

Anyone whose personal information has been leaked or is included in a breach has the right to be informed in a reasonable timeframe, once the leak or breach has been discovered and if the personal information leaked was leaked in an unencrypted form.

Notifying anyone of a leak or breach will be expedited if the personal information lost poses a real risk of significant harm to the individual. This type of personal information is referred to as sensitive information. The person whose personal information that has been leaked will be informed of possible consequences that could result from the leak.

Sensitive information that could pose a real risk of significant harm to an individual includes but is not limited to information that could result in the following:

• bodily harm
• humiliation
• damage to reputation or relationships
• loss of employment
• loss of business or professional opportunities
• financial loss
• identity theft
• negative effects on the credit record
• damage to or loss of property

Legal and Compliance

We may use your data as necessary to comply with legal or regulatory requirements and to respond to lawful requests, court orders, subpoenas, and other legal processes, as well as to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investing and preventing fraud.

Third Parties

We use the services provided by the following third parties to establish accounts, process payments, and process transcriptions. Each of these providers has their own privacy policies.

• Google https://policies.google.com/privacy
• Hubspot https://legal.hubspot.com/privacy-policy
• Chargify https://www.chargify.com/privacy-policy/
• Stripe https://stripe.com/en-ca/privacy

Contact Us

For more information about our privacy practices, data collection, and usage, or if you would like to review, update, or remove your data, please contact us at:
info@cc4Med.com