Privacy Policy


 
 

Version 2.0 effective on 4/17/2024

Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our website?

When registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience, for us to respond to your service request or submit an application for employment. By providing your contact information you are granting permission for a representative of Care Sherpa to contact you via phone, email or SMS as needed to fulfill your request.

Additionally, information regarding records or data you access within our platform is monitored and logged to properly adhere to information security requirements and HIPAA regulations.

When do we collect information?

We collect information from you when you submit a web form, register on our site or update your profile. Our web application contains sensitive protected health information, so per compliance and regulations, no anonymous access to the site is permitted, and all entry requires authentication with a user account.

Access and auditing records are collected with each request you make to our web application, including general site navigation and accessing any content or records.

How do we use your information?

We may use the information we collect from you when you register, modify your profile, or search the website, or use certain other site features in the following ways:

  • To send notifications or communications of events that you have subscribed to receive

  • To send communications directly you in order to respond to your inquriy, request for information or support services

How do we protect your information?

  • We perform regular vulnerability and malware scanning.

  • We never ask for credit card numbers or social security numbers.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and maintain your logged in user session.

We use cookies to:

  • Maintain logged-in user sessions

  • Track devices that you have previously logged in from, as a security measure, prompting for multi-factor authentication in some scenarios where this cookie is not present

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you turn cookies off you may be prompted upon every login for multi-factor authentication verification, or your logged-in session may periodically require you to re-login even during normal activity.

Privacy Policy: Third-party disclosure

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.

HIPAA (Health Insurance Portability and Accountability Act)

Sensitive and Protected Health Information that is provided is held in the strictest confidence.

We do not give out, exchange, barter, rent, sell, lend, or disseminate any information to any unauthorized parties that is considered patient confidential, is restricted by law, or has been specifically restricted by a patient/client in a signed HIPAA consent form.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach

  • We will notify you via email within 7 days of becoming aware of any breach

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Use it as a multi-factor authentication location, requiring users in certain cases to verify they have received a unique code to their email when logging in from an unrecognized device

  • Use it as a location for allowing self-service password resets

  • Use it as a location for notifications subscribed to by your request

To be in accordance with CANSPAM, we agree to the following:

  • If at any time you would like to unsubscribe from receiving future emails/notifications, you can opt-out via the notification settings for your account within the application.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

Care Sherpa

20 Burton Hills Blvd | Suite 150 Nashville, TN 37215
United States
info@caresherpa.com

Current Terms of use can be found here: Terms & Conditions