Privacy Policy

Arcadia Solutions, LLC

LAST UPDATED: January 10, 2019

Welcome to the Arcadia Privacy Policy (“Privacy Policy” or “Policy”). We take the privacy and security of your information seriously, and work hard to maintain secure websites and services for your use. Arcadia Solutions, LLC, together with its affiliates (collectively, “Arcadia”, “we,” or “us”), provides value-based performance management for health plans and provider groups nationwide. We also maintain the Services (as defined below) to provide you with information, and for education and communication purposes.

Purpose: This Privacy Policy is intended to better help you understand our practices regarding information collected, including through (i) our websites, including, but not limited to, arcadia.io, arcadiasolutions.com, datasings.com, our event sites (e.g., ArcadiaAggregate2018.com), and dunkarcadia.com), our mobile sites and our other affiliated websites (each a “Website” and collectively, “Websites”), (ii) any of our products and services offered through those Websites (including, but not limited to, the Career Portal, the “Find A Doctor” Portal, the Member Portal, and the Provider Portal), and (ii) any other digital properties that we own or control (collectively, the “Arcadia Services” or “Services”). This Privacy Policy describes how Arcadia collects, processes, shares and retains the personal information (or, in the EU/Switzerland, “personal data”) you provide to us through the Arcadia Services. This Privacy Policy is comprised of two sections: (A) a set of terms and conditions applicable to the Services generally (“General Privacy Policy”) and (B) a set of terms and conditions applicable only to Protected Health Information (as defined below) submitted through the “Find A Doctor” Portal, the Member Portal, or the Provider Portal (each a “Portal” and collectively, “Portals”) (“Portal-Specific Privacy Policy”). References to “Policy” or “Privacy Policy” are to both aforementioned sections (A) and (B).

Scope: This Policy applies whether you are a customer that uses the Arcadia Services, a prospective customer, an end user of our customers’ services that utilize our solutions, a user of a Portal, a prospective employee or whether you are simply visiting our Websites (each a “User” and collectively, “Users”). However, this Policy does not apply to any user that is accessing the Arcadia Analytics™ platform and related modules and applications (which is governed by a subscription agreement entered into with Arcadia), to other Arcadia product offerings, to information that we obtain outside of the Websites, or websites of third-parties to which we provide links.

Consent: When you interact with the Arcadia Services, you consent to such collection, processing, sharing and retaining of information (including personal information/personal data) as described in this Privacy Policy, the Terms of Use located at https://www.arcadia.io/terms/ (incorporated herein by reference) and all additional terms and conditions governing your use of the Arcadia Services. You are also responsible for ensuring that the entity or people on behalf of which you are acting (such as your employer or a family member or patient) are aware of the content of this Privacy Policy and that you have confirmed that they agree to the terms of this Privacy Policy.

If you do not consent to the terms of this Privacy Policy, the Terms of Use and all additional terms and conditions, do not continue to interact with or use the Arcadia Services. 

European Privacy Policy: Please also see our European Privacy Policy for further information on your rights under applicable European privacy law.

No PHI or sensitive personal information: We do not knowingly or intentionally collect any Protected Health Information ((or “PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and summarized by the U.S. Department of Health & Human Services here:  https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html (“PHI”)) or ‘sensitive personal information’ through the Arcadia Services, with the exception of the PHI submitted by you through the Portals. Unless provided solely through the Portal(s) and only as necessary to use the same, please do not submit any PHI or sensitive personal information to us through the Arcadia Services. For more information, please see the main section below entitled Sensitive Personal Information and the Portal-Specific Privacy Policy.

QUICK LINKS:

A. GENERAL PRIVACY POLICY

  1. Information We May Collect
  2. Use of Information
  3. Sharing of Information
  4. Cookies and Similar Technologies
  5. Data Retention
  6. Choices and Opt-Out
  7. Cross-Device Tracking
  8. Employment Opportunities
  9. Third-Party Sites
  10. Security
  11. Children
  12. Sensitive Personal Information
  13. International Data Transfers
  14. California Privacy Rights
  15. Questions, Complaints and Disputes
  16. Privacy Policy Updates
  17. European Privacy Policy

B. PORTAL-SPECIFIC PRIVACY POLICY

A. GENERAL PRIVACY POLICY

1. INFORMATION WE MAY COLLECT

We only collect personal information for the purposes of conducting our business, including in relation to providing the Arcadia Services. We collect, process, share, and retain information from you and any devices you may use when you access our Websites, register for an account with us, provide us information on a web form, update or add information to your account, participate in community discussions, chats, or otherwise correspond with us.

The type of personal information we collect depends on your use of the Arcadia Services and/or your relationship with us (e.g. whether you are a customer, prospective employee, etc.). Examples of the types of information we collect are:

  • Your first and last names and contact details, including residential address, phone number, email
  • Date of birth
  • Payment or financial information for billing purposes (credit card details)
  • Your passwords and/or personal identification codes (PINs)
  • Your testimonials, feedback and complaints
  • Fax number
  • Professional information, such as employer or organizational affiliation for a User of the Arcadia Services
  • Screen name
  • Screen sharing views, at the request of Users, for support and quality assurance (“QA”) purposes
  • Any data in any files uploaded, emailed or otherwise provided by Users for support and QA
  • Operating system type and version, web server type and version, database type and version
  • Unique IDs such as a cookie placed on a computer or mobile device, or device IDs
  • IP address or MAC address, and information derived from an IP or MAC address, such as geographic location
  • Browsing activities, cookies and similar data, and platform or mobile application use data
  • Referring domain, destination domain and destination path
  • Geolocational data, including latitudinal and longitudinal data
  • User IDs and passwords for Users with accounts on the Arcadia Services
  • Information about the performance, security, software configuration and availability of our software on your servers and network
  • Website User statistics and viewing activity records
  • Communication preferences
  • If you are an employee or prospective employee
    • Your tax file number or other government related identifiers
    • Your employment history and qualifications, and background checks relevant to your job application
    • Employee number
  • Other similar information

We may collect your personal information in several ways, including, in person, by telephone, by email or electronically when you contact us, visit our Websites or use our Service, including as follows:

  • Registration, purchase and use of the Arcadia Services: Information such as name, email address, telephone number, company/organization, and other information, may be collected in connection with registration for, purchase of or use of, the Arcadia Services (for example, to sign-up for and log into the Arcadia Services). Users may update their information by logging into their account.
  •  Communications: Personal information such as name, email address, and other information, may be collected, when provided in any communications, whether via email, social media, telephone or otherwise.
  • Support: Personal information may be collected in connection with User support, whether via screensharing, email, social media, telephone or otherwise.
  • Surveys and Research: We may collect personal information from Users participating in research and surveys.
  • Information We Automatically Collect: We receive and store certain types of information whenever you interact with us or our Websites. Our Websites use “cookies,” tagging and other tracking technologies. This information includes computer and connection information such as statistics on your page views, traffic to and from our Websites, referral URL, ad data, your IP address, and device identifiers; this information may also include your browsing history, transaction history, and your web log information.
  • Sign-in Features: Our Websites include links to other websites and online services whose privacy practices may differ from those of Arcadia. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form. Services like Facebook Connect give you the option to post information about your activities on the Website(s) to your profile page to share with others within your network. If you submit personal information to or through any of those web sites or services, your information is governed by the privacy policies of such third-party sites or services. We encourage you to carefully read the privacy statement of any website you visit or online services you use.
  • User Comments and Content: If you post any comments or content on our Websites, you should be aware that any personally identifiable information you choose to provide there may be read, collected, or used by third-parties. We are not responsible for the information you choose to submit, and we cannot guarantee that third-parties have not made copies of or will not use such information in any way. As noted elsewhere in this Policy, no Protected Health Information or sensitive personal information should be provided to us through the Arcadia Services.
  • Information from Other Sources: We may supplement the personal information we collect with information from third-parties, including to add it to your account information. Information from third-parties may include, but is not limited to, demographic information that is publicly available, additional contact information, group affiliations, occupational information, and educational background. We may also collect your personal information from third-parties, including data available on the internet, and data purchased from third-party sources. Where personal information is obtained from third-party sources, the collection, use and disclosure of that personal information will be governed by the third-party’s privacy policy, as well as by applicable privacy laws. If you are a prospective employee, we may also collect personal information from credit agencies (after seeking your consent to do so).

You can choose not to provide us with certain information, but then you might not be able to take advantage of many features of the Arcadia Services and Arcadia may not be able to provide you with certain Services.

2. USE OF INFORMATION

We may use the information, including personal information, collected in connection with the Arcadia Websites for providing the Arcadia Services to you, as well as for supporting our business functions, such as fraud prevention, marketing, analytics and legal functions, and other legitimate purposes.

To the extent permitted by applicable law and, for customer data, as permitted by our customer agreements, we may use information collected in connection with our Services:

  • to deliver certain of our Services from our Websites;
  • to provide, maintain, and improve the Websites for internal or other business purposes;
  • to fulfill User requests, such as to create an Arcadia services account or to provide requested services;
  • to communicate with our Users; to inform Users, as applicable, of products, programs, services profiles or transactions with us, and changes to our policies or terms, as applicable;
  • to send offers, promotions, or other communications about our Services, including special or promotional events, including services, products, or events for which we collaborate or co-offer with a third-party;
  • to send Users information regarding the Arcadia services, including information about features and enhancements on or to our Websites and issues specifically affecting Arcadia Services;
  • to respond to reviews, comments, or other feedback provided to us;
  • to support, optimize, improve and personalize our Services, Websites, mobile services, and advertising, including tracking and evaluating the use of the Websites;
  • in the case of server logs, to help us statistically monitor how many people are using our site and for what purpose;
  • to send newsletters or other materials;
  • to protect the security and integrity of our Services, content, and our business;
  • to explore prospective sales leads;
  • for benchmarking, data analysis, audits, developing new products, enhancing the Arcadia Services, facilitating product, software and applications development, improving our Services, conducting research, analysis, studies or surveys, identifying usage trends, as well as for other analytics purposes;
  • to perform statistical, demographic, and marketing analyses of Users of the Websites and their viewing patterns;
  • to meet our contractual requirements, to comply with applicable legal or regulatory requirements and our policies, and to protect against criminal activity, claims and other liabilities; and/or
  • for any other lawful purpose for which the information is provided, including fulfilling requests for information.

 Personal information under the control of Users of the Arcadia Services. In some circumstances, we may access and use personal information that has been collected by a User in the course of their use of the Arcadia Services. This personal information remains under the control of the User at all times. We will only use this information on a limited basis to:

  • diagnose and address software issues;
  • provide hosting services;
  • fulfill IT-related duties for technical maintenance and the backup of the hosting environment;
  • provide services in relation to the installation and configuration of our software;
  • assist with the preparation and migration of data to our software;
  • develop product enhancements; and/or
  • provide data capturing services.

Aggregate Information. To the extent permitted by applicable law, we may use, process, transfer, and store any data about Users in an anonymous (or pseudonymous) and aggregated manner. We may combine personal information with other information, collected online and offline, including information from third-party sources. We may also use information in other ways with consent or as permitted by applicable law. By using the Arcadia Websites, our Users agree that we are licensed to collect, use, share and store anonymized (or pseudonymized) aggregated data collected through the Arcadia Services for benchmarking, analytics, A/B testing, metrics, research, reporting, machine learning and other business purposes.

Automated Decisions. To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about individual Users of the Arcadia Services to provide or optimize the Arcadia Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose.

3. SHARING OF INFORMATION

To the extent permitted by applicable law, we may share and disclose information, including personal information, as set forth below:

  • Customers. We may share information with our customers and their service providers and other platforms that may assist those customers.
  • Affiliates and Agents. We may share information with our affiliates, any business partners or agents acting on our behalf. Please refer to the websites of such third-party suppliers for their Privacy Policies and other information on such supplier.
  • Online e-commerce: When you purchase tickets or donate through the Websites, you may interact with our third-providers that host online e-commerce platforms that allow us to sell those Services to you. Your data may be stored on such third-parties’ data storage, databases and general application(s) platform(s).
  • Service Providers. We may share information with our service providers (e.g., data storage and payroll service providers), agents, vendors and other third-parties we use to support and advertise the Arcadia services and our business. We share personal information with such third-parties to the extent necessary to provide services to us, and pursuant to binding contractual obligations.
  • Advertising and Marketing. To the extent permitted by applicable law, we may share information with third-parties for marketing, advertising, promotions, contests, or other similar purposes. If required by applicable law, we will share such data for advertising and marketing purposes only in an aggregate, anonymous, and de-identified manner.
  • Mergers, Acquisitions, Divestitures. We may share, disclose or transfer information to a buyer, investor, new affiliate, or other successor in the event Arcadia, or any affiliate, portion, group or business unit thereof, undergoes a business transition, such as a merger, acquisition, joint venture, consolidation, reorganization, divestiture, liquidation or dissolution (including bankruptcy), or a sale or other transfer of all or a portion of any assets of Arcadia or any affiliates or during steps in contemplation of such activities (e.g., negotiations and due diligence).
  • Law Enforcement and National Security. We may share information with legal, governmental, or judicial authorities, as instructed or required by those authorities or applicable laws, or to comply with any law or directive, judicial or administrative order, legal process or investigation, warrant, subpoena, government request, regulatory request, law enforcement or national security investigation, or as otherwise required or authorized by law.
  • Protection of Rights, Property or Safety. We may also share information if, in our sole discretion, we believe disclosure is necessary or appropriate to protect the rights, property or safety of any person, or if we suspect fraud or other illegal activity,

We may also disclose personal information for other purposes or to other third-parties when a User has consented to, or requested, such disclosure, or where a User has obtained permission from another individual, or where such disclosure is otherwise legally permitted for legitimate business purposes and, for customer data, with such customer’s authorization or otherwise in accordance with our agreement with such customer.

4. COOKIES AND SIMILAR TECHNOLOGIES

We may use cookies and similar technologies to operate and improve the Arcadia Services, as well as to simplify our interaction with you. A “cookie” is a unique numeric code that we transfer to your computer so that we can keep track of your interests and/or preferences and recognize you as a return visitor to the Arcadia Services. We may use cookies, log files, pixel tags, web bugs, web beacons, clear GIFs, Local Storage Objects (LSOs) such as HTML5 and Flash or other similar technologies to collect information about the ways you interact with and use the Arcadia Services, to support and enhance features and functionality, to monitor performance, to personalize content and experiences, for marketing and analytics, and for other lawful purposes.

We may use the following types of cookies and similar technologies:

  • Essential/strictly necessary cookies required for the operation of the Arcadia Services. They include, for example, cookies that enable you to log into secure areas.
  • Analytical/performance cookies that collect information about how you use the Arcadia Services. They allow us to recognize and count the number of visitors and to see how visitors move around our Websites. This helps us to improve the way our Websites work. These cookies are sometimes placed by third-party providers of web traffic analysis services.
  • Functionality cookies that remember choices you make and recognize you when you return. This enables us to personalize our content, greet you by name and remember your preferences (for example, your choice of language or region) or allow the pre-population of certain resource request forms, making it easier for you to access Arcadia content.
  • Targeting cookies that collect information about your browsing habits such as the pages you have visited and the links you have followed. We use this information to make our Websites more relevant to your interests, and, if we enable advertising, to make advertising more relevant to you, as well as to limit the number of times you see an ad. These cookies are usually placed by third-party advertising networks. They remember the other websites that you visit, and this information is shared with third-party organizations, for example, advertisers.

Opting out: Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may encounter issues using the Arcadia Websites and accessing certain pages, specifically password-protected pages.

  • For more information, visit the help page for your web browser or see http://www.allaboutcookies.org or visit youronlinechoices.com which has further information about behavioral advertising and online privacy.
  • As part of our constant drive to improve the Arcadia Services, we may deploy third-party technology on our Websites to collect and transfer information using web beacons, and in certain configurations, using tracking tag pixels and cookies (“Tag Data”). This third-party technology may automatically collect Tag Data from your browser. Some of the Tag Data collected may be considered personal data in your jurisdiction, such as IP address and online identifiers (cookies) and some may be considered non-personal information, such as browser version, operating system, pages viewed, and timestamps.
  • Some third-party technology may be used to provide you with interest-based advertising. When serving interest-based advertising to you, our third-party providers generally include the Digital Advertising Alliance’s (“DAA”) AdChoices icon within such ads. You can click on the icon to learn more about the ad and to opt-out of receiving ads from our third-party providers in the future. To learn more about the DAA and the AdChoices Icon, and to opt-out of interest-based advertising, please visit aboutads.info/choices.
  • We may use third-party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects your information regarding Google Analytics and how you can opt-out, please see https://tools.google.com/dlpage/gaoptout.
  • We may use third party cookies from third party software providers such as HubSpot. To learn more about HubSpot’s role as a data processor, please see here https://legal.hubspot.com/privacy-policy.

5. DATA RETENTION

To the extent permitted by applicable law, we may retain information for as long as the account of the User for whom we collected the information is active, for at least six (6) months thereafter, or as long as is reasonably necessary to provide the Arcadia Services or as needed for other lawful purposes. If, however, we become aware that you inadvertently or intentionally submitted or transmitted Protected Health Information or sensitive personal information to us, you will be considered to have explicitly consented to us processing that Protected Health Information or sensitive personal information for the purposes of deleting the same and we will not retain such information. We may retain cached or archived copies of information. We may retain anonymized or pseudonymized, aggregated data indefinitely, to the extent permitted under applicable law. We may be required to retain some data for a longer period of time because of various laws and regulations or because of contractual obligations. We also will retain information as long as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements. Once information is no longer needed for the purposes for which it was collected, we will take reasonable steps to de-identify and destroy it.

6. CHOICES AND OPT-OUT

To the extent required by applicable law, or in our discretion otherwise, we will allow Users to limit use of personal information. If at any time after providing us with your personal information such information changes or you change your mind about receiving information from us, you may request access to your data or that your data be changed.

You may elect not to identify yourself or you may use a pseudonym in your dealings with us, except where it is impracticable for us to deal with you on this basis (for example, we will need to identify you in order to provide most of our Services).

Where you provide us with your personal information (e.g. when you contact us to obtain information about an Arcadia product or service), we may use your personal information for direct marketing. This includes the use of personal information to:

  • invite you to a User conference; and/or
  • notify you about an existing or new product or service.

If you prefer not to receive these communications from us, you may ask us at any time to stop sending you direct marketing information or to stop being contacted by us. You can do this by emailing us at  marketing@arcadia.io .

7. CROSS-DEVICE TRACKING

When you use your mobile device to interact with us or use the Arcadia Services, we may receive information about your mobile device, including a unique identifier for your device. We and our service providers and third-parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.

8. EMPLOYMENT OPPORTUNITIES

We provide you with a means for submitting your resume or other personal information through our Services for consideration for employment opportunities at Arcadia. Personal information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personal information within Arcadia, or keep it on file for future use, as we make our hiring decisions.

9. THIRD PARTY SITES

The Arcadia Services may provide links to other websites or resources over which Arcadia does not have control (“External Web Sites”). Such links do not constitute an endorsement by Arcadia of those External Web Sites. You acknowledge that Arcadia is providing these links to you only as a convenience, and further agree that Arcadia is not responsible for the content of such External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the applicable External Web Site. We encourage you to be aware when leaving our Services and to read the privacy statements of External Web Sites that collect your personal information.

10. SECURITY

To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of personal information, we employ technical and organizational measures that are reasonably designed to help safeguard the information we collect. Only authorized Arcadia personnel have access to the personal information, including server logs and cookie utilization data, that we collect. These individuals are required to follow strict security policies and procedures. Arcadia may use encryption, secure socket layer, firewall, password protection and other physical and logical security measures to help prevent unauthorized access to such personal information. Arcadia may also place internal restrictions on who in the company may access data to help prevent unauthorized access to such information.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that personal information about you will be protected against, loss, misuse, or alteration by third-parties.

If you use the Arcadia Services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your password. We cannot secure any personal information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.

Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse or alteration of personal information so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such personal information is information of a Arcadia customer, we will notify such customer and coordinate with them regarding any required notices to particular individuals.

11. CHILDREN

We recognize the importance of protecting the privacy and safety of children. The Arcadia Services are not intended for children under 13 years of age – and for European residents, for children under 16 years of age – see our European Privacy Policy. We do not knowingly collect personal information from children under 13. Anyone under 13 should not use the Arcadia Services. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us as set forth below.

12. SENSITIVE PERSONAL INFORMATION

‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information or Protected Health Information from individuals through the Arcadia Services, with the exception of PHI submitted by you via the Portal(s).  Unless provided by you solely through the Portal(s), and only as necessary to use the same,  you must not submit to us sensitive personal information or Protected Health Information of any kind through the Arcadia Services. For more information, please see the specific terms and conditions related to the collection, use, and disclosure of PHI through the Portals.

If, however, you inadvertently or intentionally submit or transmit sensitive personal information to us, other than Protected Health Information submitted through the Portal(s), you will be considered to have explicitly consented to us processing that sensitive personal information. In such case, we will use and process Protected Health Information and sensitive personal information solely for the purposes of deleting it, if and when we become aware of the same.

13. INTERNATIONAL DATA TRANSFERS

The Arcadia Websites may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, personal information about Users may be transferred, processed and stored outside the country where the Arcadia Services are used, including to countries outside the European Union (“EU”), European Economic Area (“EEA”) or Switzerland, where the level of data protection may not be deemed adequate by the European Commission. With respect to Europe, we may use standard data protection clauses adopted by supervisory authorities and approved by the European Commission to safeguard transfers.

14. CALIFORNIA PRIVACY RIGHTS

Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use may be entitled to request and obtain from us, once per calendar year, information about User information we have shared, if any, with other businesses for such other businesses’ own direct marketing uses. If applicable, this information would include the categories of resident information and the names and addresses of those businesses with which we shared such resident information for the immediately prior calendar year. To obtain this information, please contact us as indicated below. Please include sufficient personal identification information so that we can process the request, including that you are a California resident.

15. QUESTIONS, COMPLAINTS AND DISPUTES

If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer by email at privacy@Arcadia.io or by telephone at (781)202-3600. We will respond to your inquiries as soon as is practicable.

CLASS ACTION WAIVER. YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

  1. DISPUTE RESOLUTION. Except as otherwise expressly provided above, or in our European Privacy Policy or otherwise required by applicable law, you agree that the exclusive jurisdiction of any actions arising out of, relating to, or in any way connected with, this Privacy Policy, shall be in the state or federal courts, as applicable, located in the City of Boston or Suffolk County, Massachusetts. Any dispute, controversy, or claim arising out of or relating to this Privacy Policy or the collection, use, storage or transfer of any of your information or data, including, but not limited to, the arbitrability of the matter or the formation, interpretation, scope, applicability, termination, or breach of this Privacy Policy, shall be referred to and finally determined by arbitration in accordance with the JAMS Streamlined Arbitration Rules and Procedures, or JAMS International Arbitration Rules, if the matter is deemed “international” within the meaning of that term as defined in the JAMS International Arbitration Rules. The arbitration shall be administered by JAMS, shall take place before a sole arbitrator, and shall be conducted in Boston, Massachusetts. If the JAMS International Arbitration Rules apply, the language to be used in the arbitral proceedings will be English. Judgment upon the arbitral award may be entered by any court having jurisdiction. This section shall apply to and require arbitration of all disputes, controversies, and claims, regardless of whether such disputes, controversies, or claims concern a single individual, entity, or other person, multiple individuals, entities, or other people, or classes of individuals, entities, or other people. You hereby consent to receive service of process by electronic means or social media to the extent allowed by the applicable court. This constitutes express agreement of the parties regarding your consent pursuant to United States Federal Rule of Civil Procedure 5(b)(2)(E) and any applicable state (or other jurisdiction) equivalent.

16. PRIVACY POLICY UPDATES

We may update this Privacy Policy from time to time in our sole discretion to reflect changes to our information and privacy practices. We will post any updated Privacy Policy on this page at https://www.arcadia.io/privacy-policy/ or in the Arcadia Services, or with any notice to individual Users if required by applicable law. Continued use of the Arcadia Services after any such modifications constitutes acceptance to any such modified Privacy Policy. Arcadia encourages you to review this Privacy Policy regularly for any changes. The date of last revision is shown at the “Last Updated” legend at the top of this page.

If you have any questions regarding our Privacy Policy, the practices of this site, or your dealings with us, please feel free to email us at privacy@Arcadia.io.

17. EUROPEAN PRIVACY POLICY

The following European Privacy Policy applies if your personal data is processed in the European Union, the European Economic Area and Switzerland.

Personal Data and Processing. For the purposes of this European Privacy Policy:

Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person; and

Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal Data may be transferred outside of Europe, provided that certain conditions as set out in the applicable legislation are complied with. Your Personal Data will also be processed by personnel operating outside Europe who work for us. This includes personnel engaged in, among other things, the fulfilment of your order and the provision of support services. We are party to data transfer agreements with each of our service providers and the members of our group and we will (i) keep each document up to date with current law, and (ii) only engage in personally identifiable information transfers from Europe to outside Europe in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses or Binding Corporate Rules.

Purposes and Legal Basis for Processing Personal Data. We process data for the purposes as set forth in our Privacy Policy, including to provide the Arcadia Services and as explained in the Use of Information and Sharing of Information sections. To fulfill these purposes, we may access data, including Personal Data, to provide the Arcadia Services, to correct and address technical, service or security problems, or in response to contractual requirements. Please see our Arcadia Privacy Policy Information We Collect and Data Retention sections for additional details on how we collect, use, disclose and share data, make automated decisions, and retain data, including Personal Data, about individual Users.

Our legal basis for the processing of Personal Data are: (i) consent or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of the Arcadia Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices.

Data Transfers:

Where personal data is transferred from the EU or Switzerland to the US in the context of an employment relationship, we will cooperate in investigations by and comply with the advice of EU data protection agencies and the Swiss Federal Data Protection and Information Commissioner (FDPIC).

We will not transfer personal information originating in the EU or Switzerland to third-parties unless such third-parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your personal information as required by the Principles of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework. We will only transfer data to our agents, resellers or third-party service providers (such as travel service providers, accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of Arcadia, including in connection with the delivery of services or products, Arcadia’s management, administration, or legal responsibilities. We acknowledge our liability for such data transfers to third-parties.

Additional Rights: Under European law, you may have one or more of the following additional rights:

Access. To request a copy of the Personal Data we have collected about you by contacting us.

Rectification & Erasure. To request that we rectify or delete any of the Personal Data about you that is incomplete, incorrect, unnecessary or outdated.

Objection. To object, at any time, to Personal Data about you being Processed for direct marketing purposes.

Restriction of Processing. To request restriction of Processing of Personal Data about you for certain reasons, such as, for example, if you consider Personal Data about you collected by us to be inaccurate or you have objected to the Processing and the existence of legitimate grounds for Processing is still under consideration.

Data Portability. To request and receive the Personal Data we have collected about you in a commonly used and machine-readable form.

Right to Withdraw Consent. If Personal Data about you is processed solely based on your consent and not for any other legitimate interest, to withdraw your consent at any time, without affecting the lawfulness of our Processing based on such consent before it was withdrawn, including processing related to existing contracts for our Services.

Right to Lodge a Complaint with a DPA. If you believe our Processing of Personal Data about you is inconsistent with the applicable data protection laws, to lodge a complaint with your local supervisory data protection authority (“DPA”).

To exercise any of the above listed rights, please contact us as set forth below and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. If the request relates to data our customers collect and process through the Arcadia Services, we will refer the request to that customer and will support them in responding to the request. For Arcadia customers, certain information may be reviewed, corrected and updated by logging into the Arcadia Services account and editing the profile information.

Questions and Complaints. If you have questions, concerns, or complaints about this Policy or our privacy practices, please contact our Privacy Officer by email at privacy@arcadia.io.

Compelled Disclosures. We may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

B. PORTAL-SPECIFIC PRIVACY POLICY

If YOU ARE A USER OF THE “FIND A DOCTOR” PORTAL, THE MEMBER PORTAL AND/OR PROVIDER PORTAL, THE GENERAL PRIVACY POLICY AND THIS PORTAL-SPECIFIC PRIVACY POLICY BOTH APPLY TO YOUR USE OF SUCH PORTAL. THIS SECTION DESCRIBES HOW PROTECTED HEALTH INFORMATION SUBMITTED BY YOU THROUGH THE PORTAL(S) MAY BE USED AND DISCLOSED. PLEASE REVIEW CAREFULLY.

Each of the Portals is operated by Arcadia. This section describes how we may use the PHI submitted by you through the Portal(s).  The section also describes your rights with respect to your PHI.

We know that keeping your PHI private is important to you. That is why Arcadia wants you to know how we use and disclose the PHI you share with us through the Portal(s). In accordance with the terms of the General Privacy Policy above,

  • we maintain administrative, technical and physical safeguards that meet all applicable state and federal regulations, including HIPAA;
  • we may disclose PHI when required by law in order to respond to a subpoena, prevent fraud or comply with an inquiry by a government agency; and
  • any disclosure of your PHI will be done in compliance with HIPAA.

Types of Information Arcadia Collects Through the Portals

The type of PHI we collect depends on your use of the Portal(s) and/or your relationship with us (e.g. whether you are a User designated to use the Member Portal and/or Provider Portal, etc.). Examples of the types of information we collect from you or your healthcare providers are:

  • information such as: gender, height, weight, family history, and medical diagnosis and symptoms,
  • treatment plans,
  • referral history,
  • medication history,
  • medical claims and payment histories,
  • communications and opinions by and between medical providers related to individual care,
  • Data from medical records, and/or
  • Other data given with written approval.

Permitted Uses and Disclosure of Your PHI

Generally, we may use and disclose PHI provided by you or your healthcare provider through the Portal(s), as described below.

  • We may use and disclose your PHI for the provision, coordination, or management of health care and related services by one or more providers, including the coordination or management of health care by a provider with a third party, consultation between providers relating to a patient, or the referral of a patient for care from one provider to another.
  • We may use and disclose your PHI for payment of medical claims.
  • Healthcare Operations: We may use your PHI to support the healthcare operations of our customers.

More specifically, to the extent permitted by applicable law, we may use information collected in connection with the Portal(s) for:

  • Conducting quality assessment and improvement activities,
  • Developing clinical guidelines,
  • Conducting patient safety activities as defined in applicable regulations,
  • Conducting population-based activities relating to improving health or reducing health care cost,
  • Developing protocols,
  • Conducting case management and care coordination (including care planning),
  • Contacting health care providers and patients with information about treatment alternatives,
  • Reviewing qualifications of health care professionals,
  • Evaluating performance of health care providers and/or health plans,
  • Conducting training programs or credentialing activities,
  • Supporting fraud and abuse detection and compliance programs, and/or
  • Collecting information for the payment of medical claims to providers of care.

Changes to the Portal-Specific Privacy Policy

Per Section 16 of the General Privacy Policy, Arcadia may update the Portal-Specific Privacy Policy from time to time in our sole discretion to reflect changes to our information and privacy practices regarding PHI submitted through the Portal(s). We will post any updated Portal-Specific Privacy Policy on this page at https://www.arcadia.io/privacy-policy/ or in the Portal(s) or with any notice to individual Users if required by applicable law. Continued use of the Portal(s) after any such modifications constitutes acceptance to any such modified Portal-Specific Privacy Policy. Arcadia encourages you to review this Portal-Specific Privacy Policy regularly for any changes. The date of last revision is shown at the “Last Updated” legend at the top of this page.

If you have any questions regarding our Portal-Specific Privacy Policy, our practices regarding PHI submitted through the Portal(s), or your dealings with us, please feel free to email us at privacy@arcadia.io.