This Section sets forth the definitions, categories, sources, purposes, rights, and security practices applicable to the collection, use, and disclosure of Personal Data by Tabendi Healthcare Network. Terms used but not otherwise defined herein shall have the meanings assigned to them under applicable law, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), California Civil Code §1798.140, and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations at 45 C.F.R. Parts 160 and 164.
1. “Business Purpose” – Has the meaning provided in Cal. Civ. Code §1798.140(e) and refers to the use of Personal Data for operational purposes, or other purposes described in this Privacy Policy, that are reasonably necessary and proportionate to achieve the purposes for which the information was collected or processed.
2. “Consumer” or “You” – Means a natural person who is a California resident, as defined in Cal. Civ. Code §1798.140(g), or any other individual whose Personal Data is collected, processed, or stored by us.
3. “Personal Data” – Means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person. Personal Data includes, but is not limited to, the categories described in Section X.2 of this Privacy Policy, and includes “personal information” as defined in Cal. Civ. Code §1798.140(v).
4. “Protected Health Information” or “PHI” – Has the meaning assigned in 45 C.F.R. §160.103, and refers to individually identifiable health information transmitted or maintained in any form or medium that is created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse, and relates to an individual’s past, present, or future physical or mental health condition, the provision of healthcare to that individual, or payment for the provision of healthcare.
5. “Sensitive Personal Information” – Has the meaning assigned in Cal. Civ. Code §1798.140(ae), and includes Personal Data that reveals a consumer’s Social Security number, government ID numbers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, communications content (unless the business is the intended recipient), genetic data, biometric identifiers, health data, or information concerning sex life or sexual orientation.
6. “Sell” or “Sale” – Has the meaning assigned in Cal. Civ. Code §1798.140(ad), referring to selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s Personal Data to another business or third party for monetary or other valuable consideration.
7. “Services” – Refers to all websites, mobile applications, platforms, portals, communication systems, appointment booking tools, telehealth interfaces, and related products or services operated, provided, or made available by us.
8. “Share” or “Sharing” – Has the meaning assigned in Cal. Civ. Code §1798.140(ah), referring to disclosing a consumer’s Personal Data to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
9. “Third Party” – Means any person or entity that is not (a) the business collecting Personal Data, (b) a service provider to the business, or (c) a contractor engaged to process information on behalf of the business.
1. Personal Information: This includes identifiable data like names, addresses (personal or business), email addresses, or phone numbers. Users have the choice not to provide this information, but it may limit their access to certain services.
2. Non-Personal Information: This refers to data that doesn't directly identify an individual, such as how users interact with the services, general information logged by websites or internet services, and details about the web browser or device used to access the services.
Here are some examples of non-Personal Information that Tabendi Healthcare Network may collect:
1. Internet Protocol (IP) Address: This is a numerical label assigned to devices connected to a network, such as the internet.
2. Information about Your Operating System and Browser: This includes details about the software and version of the operating system and web browser you're using.
3. Pages Visited: Data on the specific pages of the website you viewed during a visit.
4. Interactions: Information about what you interacted with on the website, including content, advertisements, and links clicked.
5. Referring Web Page: The webpage that led you to Tabendi Healthcare Network's website.
6. Geographic Location: General location information, such as city and state, without pinpointing your exact geographic coordinates.
7. Unique Identifiers: Codes or series of characters created to identify unique users without using Personal Information.
The policy also assures users that non-Personal Information won't be used to identify individuals. If any non-Personal Information is associated with Personal Information, it will be treated as Personal Information. Additionally, the use of cookies and other automatic information gathering technologies for collecting non-Personal Information is mentioned.
Tabendi Healthcare Network outlines several purposes for which they use the information collected:
1. Assist in Providing Services: The information is used to support the delivery of services.
2. Set Up Accounts: Personal information may be used to create and manage user accounts.
3. Improve Online Operations: Data is utilized to enhance the functioning of online platforms.
4. Provide Customer Service: Information helps in offering effective customer support.
5. Deliver Communications: This includes newsletters, communications, or services that users have subscribed to or agreed to receive.
6. Customize Content: Offers and content may be personalized based on user interests or preferences.
7. Research and Analysis: Data is analyzed to improve products and services through research and analysis.
8. System Management: Information is used to manage and maintain systems effectively.
The privacy policy emphasizes that Personal Information will only be used as specified during collection, as well as according to the guidelines outlined in the privacy policy itself.
We collect the following categories of Personal Data from you and about you:
A. Personal Identifiers (CCPA/CPRA §1798.140(v)(1)(A))
B. Commercial Information (CCPA/CPRA §1798.140(v)(1)(B))
C. Online Identifiers (CCPA/CPRA §1798.140(v)(1)(A), §1798.140(v)(1)(F))
D. Internet or Other Electronic Network Activity Information (CCPA/CPRA §1798.140(v)(1)(F))
E. Geolocation Data (CCPA/CPRA §1798.140(v)(1)(G))
F. Demographic Information (CCPA/CPRA §1798.140(v)(1)(C))
G. Booking and Appointment Information
H. Sensitive Personal Information (CCPA/CPRA §1798.140(ae))
I. Other Identifying Information You Voluntarily Provide
We collect Personal Data from the following categories of sources (Cal. Civ. Code §1798.140(ag)):
A. From You
B. From Third Parties
We collect, use, and process Personal Data for the following purposes, as permitted under Cal. Civ. Code §1798.140(e) and 45 C.F.R. §164.506:
In certain circumstances, we may disclose your Personal Data with the following categories of service providers and other third parties for the indicated business purposes:
Payment Processors
· Our payment processing partner(s) collects your voluntarily provided payment card/bank information necessary to process your payment.
· Please see payment processing partner(s) terms of service and privacy policy for information on its use and storage of Personal Data.
Security and Fraud Prevention Consultants
· Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Hosting, Technology and Communications Providers; Communications Providers; Fulfillment Providers; Data Storage Providers; Analytics Providers; Insurance Verification Providers; Staff Augmentation Personnel; Virtual Care Providers
· To perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics) and/or make certain services, features, or functionality available to our Users.
· Debugging to identify and repair errors that impair intended functionality.
· Short-term, transient use of Personal Data that is not used by another party to build a user profile or otherwise alter your user experience outside the current interaction.
· Maintaining or servicing accounts, providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, or providing similar services on behalf of the business or service provider.
· Undertaking internal research for technological development and demonstration.
· Undertaking activities to verify or maintain the quality or safety of our Services.
Analytics Partners
· To track how users found or were referred to the Services and otherwise interact with the Services.
Ad Networks
· Ad customizing and serving.
· Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
Healthcare Providers
· Healthcare Providers with whom Users choose to schedule through the Services.
· If you choose to use the applicable Services, Healthcare Providers in order to enable them to refer you to, and make appointments with, other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments.
· In the event of an emergency.
Insurance Providers
· To determine eligibility and cost-sharing obligations and to otherwise obtain benefit plan information on your behalf.
Health Information Exchanges
· Health Information Exchanges and related organizations that collect and organize User information (such as Regional Health Information Organizations) to make your information more securely and easily accessible to your Healthcare Providers. The goal of such organizations is to facilitate access to health information to improve the safety, quality, and efficiency of patient-centered care. More information on Health Information Exchanges can be found here.
Other Uses that You Authorize
· Any information that you may reveal in a review posting or online discussion, or forum is intentionally open to the public and is not in any way private. We recommend that you carefully consider whether to disclose any Personal Data in any public posting or forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict. You can learn more about our reviews process here.
Third-Party Business Partners You Access Through the Services
· We will disclose certain Personal Data if you choose to use any service to log in to the Services. This includes logging in via social media platforms such as a Google or Facebook account.
· To meet or fulfill the reason you provided the information to us.
Disclosure of Your Information
We do not disclose your Personal Data to third parties except as described in this Privacy Policy. We will not sell your Personal Data, nor disclose it to third parties for their own marketing purposes, unless you have provided us with your explicit, affirmative consent in accordance with applicable law.
1. Disclosures Necessary to Provide the Services
We may disclose Personal Data as necessary to operate, maintain, and provide the Services, including:
All such parties are contractually obligated to protect your Personal Data and to use it solely for the purpose of performing their contractual obligations.
2. Legal, Regulatory, and Safety-Related Disclosures
We may disclose Personal Data to third parties if, in our sole discretion and in good faith, such disclosure is reasonably necessary to:
a. Enforce or apply our Terms of Service, including the investigation of potential violations;
b. Comply with legal or regulatory obligations, subpoenas, court orders, or enforceable governmental requests;
c. Protect our rights, property, or safety, or those of our users or other third parties;
d. Prevent, detect, or investigate criminal activity, fraud, security incidents, or technical issues;
e. Protect national security or assist law enforcement, consistent with applicable law.
3. Business Transfers
We reserve the right to transfer Personal Data, including your Personal Data, in the event of:
In such events, we will provide you with at least thirty (30) days’ notice via email or a prominent notice on our website of any change in ownership or control affecting your Personal Data.
4. Aggregate and De-Identified Information
We may disclose non-Personal Data that has been aggregated or de-identified in such a manner that it can no longer reasonably identify you. Such information may be shared with clients, business partners, advertisers, investors, potential buyers, and other third parties when we determine, in our sole discretion, that there is a legitimate business purpose for such disclosure.
A. Services Not Intended for Children Under 13
The Services are not directed to, and we do not knowingly collect or solicit Personal Data from, children under the age of thirteen (13). If you are under 13, you must not attempt to register for or use the Services, and you must not provide any Personal Data to us.
If we become aware that we have collected Personal Data from a child under 13 without verified parental consent as required by the Children’s Online Privacy Protection Act (“COPPA”), we will use such information solely for the purpose of contacting the child’s parent or legal guardian to inform them that the child is not eligible to use the Services, and we will promptly delete the information from our systems.
B. Users Between Age 13 and the Age of Majority
If you are between the ages of thirteen (13) and the age of majority in your state or country of residence, you may only use the Services with the consent and under the supervision of your parent or legal guardian.
Parents or legal guardians may use the Services on behalf of their minor children. In such cases, any Personal Data provided in connection with the minor’s use of the Services will be treated as Personal Data under this Privacy Policy.
C. Parental Involvement
We strongly encourage parents and legal guardians to take an active role in monitoring their children’s online activities and to help enforce this Privacy Policy by instructing their children never to provide Personal Data on the Services without permission.
A. Rights Under the CCPA/CPRA (Cal. Civ. Code §§1798.100–1798.199.100)
California residents have the right to:
B. Rights Under HIPAA (45 C.F.R. §§164.524–528)
If your information constitutes PHI, you have the right to:
C. How to Exercise Your Rights
Submit a request by:
We will verify your identity before processing. Authorized representatives must provide proof of authorization.
Response Timeframes:
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
· The categories of personal information we collected about you.
· The categories of sources for the personal information we collected about you.
· Our business or commercial purpose for collecting or selling that personal information.
· The categories of third parties with whom we share that personal information.
· If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
o sales, identifying the personal information categories that each category of recipient purchased; and
o disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
· The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
· Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
· Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
· Debug products to identify and repair errors that impair existing intended functionality.
· Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
· Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
· Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
· Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
· Comply with a legal obligation.
· Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request to us.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
· Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include personally identifiable information, such as name, date of birth, and address.
· Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Non-Discrimination
In accordance with the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”) and Cal. Civ. Code §1798.125, we will not discriminate against you for exercising any of your rights under the CCPA/CPRA.
Unless otherwise permitted by the CCPA/CPRA, we will not:
Any differential treatment that we do provide will only occur where such treatment is reasonably related to the value of the consumer’s data to the business, as expressly permitted under Cal. Civ. Code §1798.125(b).
Cookies and Automatic Information Gathering
Tabendi Healthcare Network utilizes various technologies, including cookies, pixel tags, and local storage, to collect and store Non-Personal Information every time users access their services or web pages. Cookies, in particular, are small text files placed on a computer or mobile device by a web server during webpage visits. These technologies enhance user experience by remembering preferences and settings, such as language preferences.
Users have the option to erase stored information in cookies, flash cookies, and local browser storage, although doing so may require logging in again and may result in the loss of some preferences or settings. Users can also configure their browsers to reject website storage or prompt for permission, but this may affect the functionality of certain features within Tabendi Healthcare Network's services.
Importantly, Tabendi Healthcare Network assures users that cookies and similar technologies are not used to store Personal Information, thereby maintaining user privacy and security.
Transparency and Choice
When you use our Services, we make good faith efforts to provide you with access to your Personal Information and either to correct this data if it is inaccurate or to delete such data at your request, in either case if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backups), or for which access is not otherwise required. In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Please be aware that if you delete your Personal Information, you may not be able to continue to use Tabendi Healthcare Network or the Services. Also, even if you request that we delete your Personal Information, we may need to retain certain information for a limited period of time to satisfy our legal, audit and/or dispute resolution requirements.
Tabendi Healthcare Network has features that permit users to set specific privacy preferences to control how certain information is shared or used. If you choose to limit how we can share or use your information through these features, then we will honor your settings. Naturally, we still may need to use your information to provide the Services or communicate with you.
You can opt out of receiving marketing e-mails from us by clicking on the “unsubscribe” link in the e-mails. Also, even if you opt of marketing e-mails, we may continue to send you certain account-related e-mails, such as notices about your account and confirmations of Services you have requested.
Changes to Our Privacy Policy
We reserve the right to amend this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Third Party Websites
Please note that the Services may link or integrated with third party sites, services or apps. We are not responsible for the privacy or security policies or practices or the content of such third parties. Accordingly, we encourage you to review the privacy and security policies and terms of service of those third parties so that you understand how those websites collect, use, share and protect your information.
Changes to this Policy
We may modify or update this Privacy Policy periodically with or without prior notice by posting the updated policy on this page. You can always check the “Last Updated” date of this document to see when the Privacy Policy was last changed. If we make any material changes to this Privacy Policy, we will post a notice of the changes on our website prior to the changes becoming effective. We encourage you to check this Privacy Policy from time to time. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING TABENDI HEALTHCARE NETWORK AND SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES.
Certain demographic, health, and/or health-related information that Tabendi Healthcare Network (“THN”) collects about users on behalf of our healthcare providers in connection with the Services may constitute “Protected Health Information” (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations at 45 C.F.R. Parts 160 and 164.
Specifically, PHI applies when all of the following conditions are met:
When these conditions are met, the PHI collected and processed by THN is governed exclusively by HIPAA and our Business Associate Agreement with the Covered Entity, rather than by this Privacy Policy. HIPAA provides specific protections for the privacy and security of PHI, including restrictions on how PHI may be used and disclosed.
Any personal data that a user provides to THN when THN is not acting as a Business Associate—such as when users interact directly with THN for non-covered services—is not PHI and will instead be governed by this Privacy Policy and applicable state privacy laws.
We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of Personal Data, including Protected Health Information (“PHI”), as required by applicable law, including the HIPAA Security Rule (45 C.F.R. §§164.302–318) and California Civil Code §1798.81.5.
Our safeguards include, but are not limited to:
A. Administrative Safeguards
B. Technical Safeguards
C. Physical Safeguards
While we take reasonable and legally required measures to protect your information, no system or transmission of data over the Internet can be guaranteed to be 100% secure. As such, we cannot warrant the absolute security of any information you transmit to us, and you do so at your own risk.