Scope: This Policy applies whether you are a customer that uses the Arcadia Services, a prospective customer, an end user of our customers’ services that utilize our solutions, a user of a Portal, a prospective employee or whether you are simply visiting our Websites (each a “User” and collectively, “Users”). However, this Policy does not apply to any user that is accessing the Arcadia Analytics™ platform and related modules and applications (which is governed by a subscription agreement entered into with Arcadia), to other Arcadia product offerings, to information that we obtain outside of the Websites, or websites of third-parties to which we provide links.
We only collect personal information for the purposes of conducting our business, including in relation to providing the Arcadia Services. We collect, process, share, and retain information from you and any devices you may use when you access our Websites, register for an account with us, provide us information on a web form, update or add information to your account, participate in community discussions, chats, or otherwise correspond with us.
The type of personal information we collect depends on your use of the Arcadia Services and/or your relationship with us (e.g. whether you are a customer, prospective employee, etc.). Examples of the types of information we collect are:
We may collect your personal information in several ways, including, in person, by telephone, by email or electronically when you contact us, visit our Websites or use our Service, including as follows:
You can choose not to provide us with certain information, but then you might not be able to take advantage of many features of the Arcadia Services and Arcadia may not be able to provide you with certain Services.
We may use the information, including personal information, collected in connection with the Arcadia Websites for providing the Arcadia Services to you, as well as for supporting our business functions, such as fraud prevention, marketing, analytics and legal functions, and other legitimate purposes.
To the extent permitted by applicable law and, for customer data, as permitted by our customer agreements, we may use information collected in connection with our Services:
Personal information under the control of Users of the Arcadia Services. In some circumstances, we may access and use personal information that has been collected by a User in the course of their use of the Arcadia Services. This personal information remains under the control of the User at all times. We will only use this information on a limited basis to:
Aggregate Information. To the extent permitted by applicable law, we may use, process, transfer, and store any data about Users in an anonymous (or pseudonymous) and aggregated manner. We may combine personal information with other information, collected online and offline, including information from third-party sources. We may also use information in other ways with consent or as permitted by applicable law. By using the Arcadia Websites, our Users agree that we are licensed to collect, use, share and store anonymized (or pseudonymized) aggregated data collected through the Arcadia Services for benchmarking, analytics, A/B testing, metrics, research, reporting, machine learning and other business purposes.
Automated Decisions. To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about individual Users of the Arcadia Services to provide or optimize the Arcadia Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose.
To the extent permitted by applicable law, we may share and disclose information, including personal information, as set forth below:
We may also disclose personal information for other purposes or to other third-parties when a User has consented to, or requested, such disclosure, or where a User has obtained permission from another individual, or where such disclosure is otherwise legally permitted for legitimate business purposes and, for customer data, with such customer’s authorization or otherwise in accordance with our agreement with such customer.
We may use the following types of cookies and similar technologies:
Opting out: Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may encounter issues using the Arcadia Websites and accessing certain pages, specifically password-protected pages.
To the extent permitted by applicable law, we may retain information for as long as the account of the User for whom we collected the information is active, for at least six (6) months thereafter, or as long as is reasonably necessary to provide the Arcadia Services or as needed for other lawful purposes. If, however, we become aware that you inadvertently or intentionally submitted or transmitted Protected Health Information or sensitive personal information to us, you will be considered to have explicitly consented to us processing that Protected Health Information or sensitive personal information for the purposes of deleting the same and we will not retain such information. We may retain cached or archived copies of information. We may retain anonymized or pseudonymized, aggregated data indefinitely, to the extent permitted under applicable law. We may be required to retain some data for a longer period of time because of various laws and regulations or because of contractual obligations. We also will retain information as long as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. Once information is no longer needed for the purposes for which it was collected, we will take reasonable steps to de-identify and destroy it.
To the extent required by applicable law, or in our discretion otherwise, we will allow Users to limit use of personal information. If at any time after providing us with your personal information such information changes or you change your mind about receiving information from us, you may request access to your data or that your data be changed.
You may elect not to identify yourself or you may use a pseudonym in your dealings with us, except where it is impracticable for us to deal with you on this basis (for example, we will need to identify you in order to provide most of our Services).
Where you provide us with your personal information (e.g. when you contact us to obtain information about an Arcadia product or service), we may use your personal information for direct marketing. This includes the use of personal information to:
If you prefer not to receive these communications from us, you may ask us at any time to stop sending you direct marketing information or to stop being contacted by us. You can do this by emailing us at email@example.com .
When you use your mobile device to interact with us or use the Arcadia Services, we may receive information about your mobile device, including a unique identifier for your device. We and our service providers and third-parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
We provide you with a means for submitting your resume or other personal information through our Services for consideration for employment opportunities at Arcadia. Personal information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personal information within Arcadia, or keep it on file for future use, as we make our hiring decisions.
To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of personal information, we employ technical and organizational measures that are reasonably designed to help safeguard the information we collect. Only authorized Arcadia personnel have access to the personal information, including server logs and cookie utilization data, that we collect. These individuals are required to follow strict security policies and procedures. Arcadia may use encryption, secure socket layer, firewall, password protection and other physical and logical security measures to help prevent unauthorized access to such personal information. Arcadia may also place internal restrictions on who in the company may access data to help prevent unauthorized access to such information.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that personal information about you will be protected against, loss, misuse, or alteration by third-parties.
If you use the Arcadia Services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your password. We cannot secure any personal information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.
Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse or alteration of personal information so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such personal information is information of a Arcadia customer, we will notify such customer and coordinate with them regarding any required notices to particular individuals.
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
We do not knowingly or intentionally collect sensitive personal information or Protected Health Information from individuals through the Arcadia Services, with the exception of PHI submitted by you via the Portal(s). Unless provided by you solely through the Portal(s), and only as necessary to use the same, you must not submit to us sensitive personal information or Protected Health Information of any kind through the Arcadia Services. For more information, please see the specific terms and conditions related to the collection, use, and disclosure of PHI through the Portals.
If, however, you inadvertently or intentionally submit or transmit sensitive personal information to us, other than Protected Health Information submitted through the Portal(s), you will be considered to have explicitly consented to us processing that sensitive personal information. In such case, we will use and process Protected Health Information and sensitive personal information solely for the purposes of deleting it, if and when we become aware of the same.
The Arcadia Websites may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, personal information about Users may be transferred, processed and stored outside the country where the Arcadia Services are used, including to countries outside the European Union (“EU”), European Economic Area (“EEA”) or Switzerland, where the level of data protection may not be deemed adequate by the European Commission. With respect to Europe, we may use standard data protection clauses adopted by supervisory authorities and approved by the European Commission to safeguard transfers.
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use may be entitled to request and obtain from us, once per calendar year, information about User information we have shared, if any, with other businesses for such other businesses’ own direct marketing uses. If applicable, this information would include the categories of resident information and the names and addresses of those businesses with which we shared such resident information for the immediately prior calendar year. To obtain this information, please contact us as indicated below. Please include sufficient personal identification information so that we can process the request, including that you are a California resident.
If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer by email at privacy@Arcadia.io or by telephone at (781)202-3600. We will respond to your inquiries as soon as is practicable.
CLASS ACTION WAIVER. YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person; and
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data may be transferred outside of Europe, provided that certain conditions as set out in the applicable legislation are complied with. Your Personal Data will also be processed by personnel operating outside Europe who work for us. This includes personnel engaged in, among other things, the fulfilment of your order and the provision of support services. We are party to data transfer agreements with each of our service providers and the members of our group and we will (i) keep each document up to date with current law, and (ii) only engage in personally identifiable information transfers from Europe to outside Europe in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses or Binding Corporate Rules.
Our legal basis for the processing of Personal Data are: (i) consent or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of the Arcadia Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices.
Where personal data is transferred from the EU or Switzerland to the US in the context of an employment relationship, we will cooperate in investigations by and comply with the advice of EU data protection agencies and the Swiss Federal Data Protection and Information Commissioner (FDPIC).
We will not transfer personal information originating in the EU or Switzerland to third-parties unless such third-parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your personal information as required by the Principles of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. We will only transfer data to our agents, resellers or third-party service providers (such as travel service providers, accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of Arcadia, including in connection with the delivery of services or products, Arcadia’s management, administration, or legal responsibilities. We acknowledge our liability for such data transfers to third-parties.
Additional Rights: Under European law, you may have one or more of the following additional rights:
Access. To request a copy of the Personal Data we have collected about you by contacting us.
Rectification & Erasure. To request that we rectify or delete any of the Personal Data about you that is incomplete, incorrect, unnecessary or outdated.
Objection. To object, at any time, to Personal Data about you being Processed for direct marketing purposes.
Restriction of Processing. To request restriction of Processing of Personal Data about you for certain reasons, such as, for example, if you consider Personal Data about you collected by us to be inaccurate or you have objected to the Processing and the existence of legitimate grounds for Processing is still under consideration.
Data Portability. To request and receive the Personal Data we have collected about you in a commonly used and machine-readable form.
Right to Withdraw Consent. If Personal Data about you is processed solely based on your consent and not for any other legitimate interest, to withdraw your consent at any time, without affecting the lawfulness of our Processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.
Right to Lodge a Complaint with a DPA. If you believe our Processing of Personal Data about you is inconsistent with the applicable data protection laws, to lodge a complaint with your local supervisory data protection authority (“DPA”).
To exercise any of the above listed rights, please contact us as set forth below and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. If the request relates to data our customers collect and process through the Arcadia Services, we will refer the request to that customer and will support them in responding to the request. For Arcadia customers, certain information may be reviewed, corrected and updated by logging into the Arcadia Services account and editing the profile information.
Questions and Complaints. If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer by email at firstname.lastname@example.org.
Compelled Disclosures. We may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Each of the Portals is operated by Arcadia. This section describes how we may use the PHI submitted by you through the Portal(s). The section also describes your rights with respect to your PHI.
Types of Information Arcadia Collects Through the Portals
The type of PHI we collect depends on your use of the Portal(s) and/or your relationship with us (e.g. whether you are a User designated to use the Member Portal and/or Provider Portal, etc.). Examples of the types of information we collect from you or your healthcare providers are:
Permitted Uses and Disclosure of Your PHI
Generally, we may use and disclose PHI provided by you or your healthcare provider through the Portal(s), as described below.
More specifically, to the extent permitted by applicable law, we may use information collected in connection with the Portal(s) for: