In this Policy, we use the word “Client” to refer to anyone who is using our Services and/or have signed up to use our clinic management platform. We use the word “you” to refer to any individual user of our Services or an individual browsing or using our websites and web-based resources.
HIPAA, PHI, and Personal Data
There is certain demographic and health and/or health-related information that Enablr collects about Clients to share with Providers for Services to begin that may be “protected health information” or “PHI” and governed by the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”). Specifically, in order to provide therapy Services, Enablr receives identifiable information about a Client on behalf of the Provider through Client Intake paperwork, and this identifiable information is regulated as PHI. Information discussed between you and your Provider via Enablr Platform’s private message board is also maintained as confidential information and will not be disclosed to any other individual without prior written consent.
HIPAA provides specific regulations and protections for the privacy and security of PHI and restricts how PHI is used and disclosed. HIPAA does not apply to Personal Data that is not PHI. Personal data that a Client provides to Enablr Therapy when going through Client Intake is not considered PHI. The following are a few examples for clarification: when you (i) create an account, (ii) search for a Provider or available appointments with Providers, (iii) post reviews; or (iv) provide device/IP Information or Web Analytics information by browsing our websites. “Personal Data” means any information that identifies or relates to a particular individual, but also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations.
Why Does Enablr Collect Data?
What Information Does Enablr Collect?
- Contact Information: Name, address, phone number, and email address are among the items we collect when gathering your Client Intake forms to activate your account, authorize access to the Services, and send important information.
- Billing Information: We also collect credit card information to process payments. Credit card information is provided directly to our payment processor, CardPointe Payments, and is processed in a PCI-compliant manner. We do not keep your credit card information. Note that we “store” credit card information as a “token”. The token replaces sensitive information and functions as a non-sensitive placeholder that can be accessed by the payment processor to reference your credit card information when payments are processed.
- Device/IP Information: We gather your IP address, device ID, domain server, type of device, operating system, and browser used to access the Services. We use this information to identify in what way our Services are being accessed and utilized in order to optimize them for the types of connections, browsers, and devices being used most frequently.
- Web Analytics: Webpage interactions, referring webpage/source you accessed our Services from, non-identifiable request IDs, and statistics related to the device and browser used for the Services is another way to ensure optimization for those being utilized more frequently.
- Geolocation Data: IP address-based information for location
- Flash Cookies: Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons: Pages of the Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Where Does Enablr Collect Data From?
This policy applies to information we collect:
- Directly from you as you provide it
- On the Website as you navigate through (such as your IP address)
- In email, text, or other electronic messages between you and the Website
- Through any mobile application you may download from the Website which provides dedicated, non-browser-based interaction between you and the Website
- Applications or advertising that includes links to this policy when you interact with our advertising and applications on third-party websites and services
It does not apply to information collected by:
- Enablr Therapy offline or through any other means, including on any other website operated by Company or any third party; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
How Does Enablr Use the Information Gathered?
Enablr Therapy uses information that we collect about you or that you provide to us, including any personal information:
- To present our Services and its contents to you
- To provide you with information, products or services that you request from us
- To fulfill any other purpose for which you provide it
- To provide you with notices about your account, including termination, deactivation, and renewal notices, if applicable
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection
- To notify you about changes to our Services or any products or services we offer or provide
- To allow you to participate in interactive features on our Website
- In any other ways we may describe when you provide the information
- For any other purpose with your consent
We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you. If you do not want us to use your information in this way, please see Choices About How We Use and Disclose Your Information.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
Providers and Enablr Administrators use our clinic management platform to collect personal information from their Clients and create Client records. These records may include a Client’s name, address, phone number, medical charts, appointment history, and other Client data (“Client Data”). This information is sometimes referred to as “personal health information”, “protected health information”, or “sensitive data” depending on the location of the Providers and the privacy laws applicable to them. If you are a Client, Client Data is collected from you when you begin Services with a Provider or when you set up an account through our Website.
Enablr Therapy determines:
- What Client Data to collect
- How the Provider will use the Client Data
- Who has access to Client Data
- How long the Provider will have access to the Client Data
- When to delete or deactivate the Client Data
Providers are responsible for complying with laws and regulations governing the use of Client Data, and for determining the legal basis for such use. Enablr Therapy stores Client Data in its secure data centers and makes it available to Providers through our clinic management platform. Enablr Therapy generally only accesses Client Data on the instructions of the Provider or Client and, in rare cases, where needed in order to prevent or address technical problems or if required by law or court order. Clients have certain rights with respect to their Client Data, which may include knowing what information Enablr Therapy and your Provider has about you, correcting any inaccurate Client Data, obtaining a record of your Client Data and, in certain circumstances, deleting or removing your Client Data.
If you have any questions about your Client Data or wish to exercise any or your Client rights, please contact your Provider or Enablr Therapy at email@example.com.
Disclosure of Your Information
We may disclose aggregated information about our users without restriction.
We may disclose personal information that we collect or you provide as described in this Policy:
- To our subsidiaries and affiliates
- To contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them
- To a buyer or other successor of the Company in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer
- To third parties to market their products or services to you if you have not opted out of these disclosures. For more information, see Choices About How We Use and Disclose Your Information.
- To fulfill the purpose for which you provide it
- For any other purpose disclosed by us when you provide the information
- With your consent
We may also disclose your personal information:
- To comply with any court order, law or legal process, including to respond to any government or regulatory request. We may also be required to disclose personal information to enforce the Company’s legal rights, to execute security requirements, or to respond to an emergency which we believe, in good faith, requires us to disclose personal information. In these cases, if permissible, we will make every appropriate effort to give you as much notice as possible regarding the disclosure of your personal information, what information was disclosed, and why. We will not disclose Client Data unless we are legally required to do so.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our clients or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Disclosure of Your Information for Third-Party Advertising: If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by sending us an email stating your request to firstname.lastname@example.org.
- Promotional Offers from the Company: If you do not wish to have your email address/contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by sending us an email stating your request to email@example.com. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions or use the unsubscribe option embedded in the email.
- Targeted Advertising: If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out by sending us an email stating your request to firstname.lastname@example.org.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
All individuals have certain rights with respect to their personal information. These rights are as follows:
- Withdrawing Consent: You have the right to withdraw consent for allowing Enablr Therapy to use your personal information at any time by contacting us at email@example.com. Note, withdrawing consent will directly affect your continued access to Enablr Services and the option to receive therapy Services as our Providers cannot effectively treat a Client without necessary information. In addition, all our marketing email messages contain the ability to automatically unsubscribe from our mailing lists and marketing messages.
Access and Portability: You have the right to request a record of the personal information that we have collected about you. At times, we may be unable to provide you with certain information if it would mean disclosing personal information of another individual or other confidential information, or if it would compromise our security systems. If you require access to your personal information, please email us at firstname.lastname@example.org. We may charge a fee where permitted by applicable law.
We protect your personal information, including Client Data stored in our platform, by:
- Using industry-standard security controls, such as encryption and an SSL (Secured Sockets Layers) certificate, to guarantee information is transmitted over a secured connection between your browser and our web server
- Using data centers with appropriate security and compliance certifications
- Having our Providers and Employees sign strict confidentiality agreements to ensure they understand the confidential nature of the Client data we process
- Requiring password protection of your user account with a password set by you. We cannot access or identify your password. The only way for Enablr to recover a password for you is to initiate a reset via the email address you use for the Services.
While we employ industry-standard security measures to protect your personal information, no electronic communication can ever be completely secure. You share responsibility for protection of your personal information by setting a strong password and by keeping your Credentials confidential.
Enablr Therapy retains personal information only for as long as necessary to fulfill our previously stated purposes, or as required by applicable law. For example, contact and billing information is kept for as long as a Client account is active and for a reasonable period after it has been deactivated in the event you or your Provider wish to reactivate the account. User account information may also be retained as necessary to comply with our legal obligations, resolve disputes or maintain our relationship with your Provider. Credit card information is never kept or stored by us, but rather, the “token” discussed in the “What Information Does Enablr Gather?” section.
Children Under the Age of 13
Our Services are not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on our Services. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on our Services or on or through any of its features/register on the Website, make any purchases through the Services, use any of the interactive or public comment features within the Services, or provide any information about yourself to us, including your name, address, telephone number, e-mail address, or any screen name or username you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at email@example.com.
Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to firstname.lastname@example.org.
To ask questions or comment about this Policy and our privacy practices, contact us at: email@example.com
Thank you for choosing Enablr Therapy!