PERSONAL DATA THAT WE COLLECT AND HOW WE COLLECT IT:
SocialClimb obtains Personal Data in two ways: (1) through our website; and (2) from our Software Customers (i.e., your healthcare providers),
Information From Website. We collect Personal Data that you provide us when you access our website and submit information through our Request a Demo page. This information includes Name, Email, Phone, and Company. If you elect to contact us via email, the information we collect is what you provide, in addition to the information contained by default in an email header.
Our collection of other data and information may happen without your express knowledge, but you hereby consent to it. This means that you will not necessarily know when and how it is happening. However, we can only gather the information through your voluntary interactions with us. If you object to, or limit our processing of certain information of this nature, you may not be able to use all of the features of our website, interact or transact with Company at all. This type of information includes, but is not necessarily limited to:
- Browsing Information, Logs, Device Information: When you visit our Website, we may process information about your activities on our Website through the use of technology such as cookies, web beacons, and other tracking technologies, as further explained below. This information may contain personal information and statistical information. We may collect device-specific information (such as hardware model, operating system version, unique device identifiers, and mobile network information, including your mobile phone number). We may record or log information from your Devices, their software, and your activity in accessing or using our Website.
- Additional Information: Such as, IP address, device ID numbers, system activity, location preferences, date and time stamps of transactions. Providing this information is not mandatory and cookies can be disabled. However, please note that our website may not offer the same functionalities when certain cookies or other tracking data are disabled.
A cookie is a tiny element of data that our Websites can send to your browser, which may then be stored on your hard drive so we can recognize your computer when you return. Cookies also assist with the performance of various aspects of the Website. You may set your Web browser to notify you when you receive a cookie. However, should you decide not to accept cookies from our Website, you may limit the functionality we can provide when you visit our Website. Additional general information about cookies and how they work is available at www.allaboutcookies.org.
A web beacon (also known as a “tracking pixel” or “clear GIF”) is a clear graphic image (typically a one-pixel tag) that is delivered through a web browser or HTML e-mail, typically in conjunction with a cookie. Web beacons allows us, for example, to monitor how users move from one page within our websites to another, to track access to our communications, to understand whether users have come to our websites from an online advertisement displayed on a third-party website, to measure how ads have been viewed, and to improve site performance.
Information From Software Customers. Our customers who license our software have employees who are granted administrative rights to create user accounts for other employees and designated persons. These customers act as data controllers (“Controllers”) in the use of the software and the collection and processing of Personal Data to be able to effectively operate the software. In such cases, our role in processing the Personal Data provided by our customers is as a “Processor,” since we are processing data on behalf of the Controller (who is the customer). As a Processor, we are obligated to process this Personal Data as part of our license agreement entered with the customer. The Personal Data collected in this scenario generally includes the name, physical address and phone number of each assigned user, but may also include information related to your health and wellness and PHI. Processing of this Personal Data is performed on behalf of the customer and for the purpose of providing the services requested by the customer. We do not control the collection of your information by third parties who may provide it to us, and such may be subject to their privacy policies.
For information regarding the data we receive, please reference SocialClimb’s HIPAA Business Agreement, available at https://socialclimb.com/hipaa-business-agreement/ and its End User License Agreement, available at https://socialclimb.com/end-user-license-agreements/, which are incorporated by reference as if fully set forth herein.
In connection with our business and services we provide, we may collect and process the following categories of Personal Data of individuals:
- Contact information: Which may include name, physical address, telephone, and email address.
- Other individual identifiers: Which may include age or date of birth, gender, insurance information, health, and wellness information, treating provider’s names, appointment dates, and other contact information that you voluntarily transmit to your health care providers
HOW WE USE YOUR DATA:
For information regarding SocialClimb’s business purposes and use of data, please reference SocialClimb’s HIPAA Business Agreement available at https://socialclimb.com/hipaa-business-agreement/ and its End User License Agreement, available at https://socialclimb.com/end-user-license-agreements/, which are incorporated by reference as if fully set forth herein.
Legal basis. We base our processing of Personal Data on the need to perform our contractual obligations under our End User License Agreement and our legitimate activities as a provider of software and related services. We also process Personal Data to comply with applicable law and to exercise our legal rights. We may also use your Personal Data for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.
HOW WE SHARE OR DISCLOSE YOUR DATA:
No sale of Personal Data. We never sell or rent Personal Data to third parties.
Disclosures of Personal Data. We may disclose or share your Personal Data with other parties in the following circumstances:
- Third-party service providers. We use third-party service providers (or subprocessors) to process Personal Data to facilitate our provision of services and in the operation of our business. This includes providing Personal Data to third parties for their processing in performing functions on our behalf, such as telecommunications. These functions also include hosting software, performing security services, analyzing data, performing surveys, administering our website, and/or providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Data from additional processing (including for marketing purposes) and transfer in accordance with applicable laws.
- Compliance with law and protecting our legal rights. We may disclose your Personal Data to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Data required by tax or other governmental authorities or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Data in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property, or safety of SocialClimb or any individual or third party; to maintain and protect the security and integrity of our information system; to protect SocialClimb against fraudulent, abusive, or unlawful acts; or to investigate and defend SocialClimb against third-party claims or allegations.
- Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in, SocialClimb whether by merger, acquisition, reorganization or otherwise, SocialClimb may transfer its database, including all Personal Data contained therein, to the acquiring entity.
- Aggregated and de-identified data. We reserve the right to disclose aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), in order to describe our services to prospective partners, licensees, advertisers, and other third parties.
STORAGE OF PERSONAL DATA:
We may store Personal Data that we have collected (through the means described above) on our premises and in our information system at our facilities, in third party data centers, in the systems of third-party service providers, and in cloud storage solutions. SocialClimb stores all information in state of the art physical storage facilities and cloud storage. In doing so, SocialClimb uses appropriate physical, organizational and technological measures to protect the Personal Data you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes limiting access on a “need-to-know” basis.
No electronic data transmission can be guaranteed to be secure from access by unintended recipients and SocialClimb will not be responsible for any breach of security unless this breach is due to its negligence. Although we are committed to employing reasonable technology in order to protect the security of our Website, even with the best technology, no website is 100% secure. In transacting business with us through our website, or with your health care providers to whom we offer our services, you assume the risk inherent in transacting business online.
To offer our website and services, SocialClimb may also rely on plugins and services from third parties such as internet service providers, email service providers and plugins, calendar plugins, Customer Relationship Management (CRM) systems, and third-party data storage. To the extent these providers have access to your Personal Data, we will require that they are legally or contractually committed to comply with applicable privacy laws, However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online.
PERSONAL DATA SECURITY:
SocialClimb uses technical and organizational measures to protect the Personal Data that we store, transmit, or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration, or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We regularly consider appropriate new security technology and methods. Security measures implemented include:
- Web and database servers are protected using firewalls;
- Passwords used for account registration require minimum password strength attributes;
- User access is tracked;
- Role-based security is applied to system access;
- Use of data encryption;
- Use of RC4 256-bit Transport Layer Security (TLS) technology where customer data traverses public networks;
- Vendor-supplied patches are reviewed and tested for compatibility before installation;
- Regular system backups are made;
- Regular maintenance is performed on systems;
- Systems are monitored for security;
- Data requiring a higher level of protection, such as payment card account numbers, are processed via a third-party vendor that specializes in the payment processing and is PCI DSS-compliant;
- Security assessments are performed on third-party vendors with access to Personal Data;
- All SocialClimb employees are contractually obligated to maintain the confidentiality of Personal Data accessible through their employment; and
- All SocialClimb employees are required to attend regular security and awareness training.
RETENTION OF PERSONAL DATA:
SocialClimb processes Personal Data for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Data is then archived for time periods as required or necessitated by law, contract, or other legal considerations. SocialClimb reserves the right to delete Personal Data from its system after 30 days from the date of termination of its agreement with the applicable customer. SocialClimb also deletes Personal Data in response to an individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR DATA” section below.
SocialClimb reserves the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Data collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Data is only stored and archived in alignment with our retention policy.
YOUR RIGHTS RELATING TO YOUR DATA:
SocialClimb does not discriminate against those who opt-out. However, opting out may prevent us from conveniently and efficiently providing services for your benefit.
Unsubscribing to communications. In particular, if we are sending you text or email communications, an ‘unsubscribe’ option is provided. You may also contact us directly to unsubscribe to emails or other communications, at the contact information set forth in the “SOCIALCLIMB’S CONTACT INFORMATION” section below. If you have agreed to receive communications, you may always opt out at a later date.
CALIFORNIA PRIVACY RIGHTS. THIS SECTION APPLIES TO CALIFORNIA RESIDENTS ONLY.
Shine the Light law. Pursuant to Section 1798.83 of the California Civil Code, SocialClimb does not presently share any information with third parties for direct marketing purposes.
California Consumer Privacy Act (CCPA). Pursuant to the CCPA (Section 1798.100 et seq. of the California Civil Code), residents of California have the following rights:
- Right of access to your personal information, up to twice a year at no charge, including the categories of personal information SocialClimb collects about the consumer; the categories of sources of the consumer’s personal information; the business or commercial purpose for collecting or selling the consumer’s personal information; the categories of any third parties with whom the business shares the consumer’s personal information, and; the specific pieces of personal information collected about the consumer.
- Right to request deletion of data, subject to certain exceptions, such as where the information is needed to provide services to the consumer, our customers, or for security or legal reasons.
- Right to not be discriminated against for exercising your rights under the CCPA, such as a denial of services or higher pricing.
- Right to opt-out of having your personal information sold.
SocialClimb does not sell any personal data.
CANADIAN PRIVACY RIGHTS. THIS SECTION APPLIES TO CANADA RESIDENTS ONLY.
Your Personal Data may be transferred outside of Canada for processing and storage. SocialClimb and its service providers may store Personal Data on servers located in other jurisdictions, including the United States. Please note that privacy laws in such jurisdictions differ from Canadian privacy laws (e.g., PIPEDA) and that in some jurisdictions your Personal Data may be accessed by law enforcement authorities or the courts in such jurisdictions.
SocialClimb may require you to provide sufficient information to permit us to provide an account of the existence, use, and disclosure of Personal Data. The information provided shall only be used for this purpose.
The website is not intended or designed to be used by anyone under the age of 13. It is not meant to be attractive to anyone under the age of 13 or to have any value or use by anyone under the age of 13. The company does not collect Personal Information from any person it knows to be under the age of 13. If you are under 13, DO NOT TRANSACT WITH US THROUGH THIS WEBSITE OR OTHERWISE, AND DO NOT SEND ANY PERSONAL INFORMATION. IF YOU ARE BETWEEN THE AGES OF 13 AND 17, DO NOT USE THIS WEBSITE UNLESS YOU ARE SUPERVISED BY A PARENT/GUARDIAN OR HAVE RECEIVED PERMISSION FROM YOUR PARENT/GUARDIAN.
SOCIALCLIMB’S CONTACT INFORMATION:
901 Mopac Expressway South
Building 1, Suite 300
Austin, TX 78746
16 Fuggles Road
E-mail: [email protected]
Last updated: February 19, 2020