Patient Engagement Engine PRIVACY POLICY

(Last Updated December 19, 2019)

Patient Engagement Engine, Inc., a California Corporation, (“Patient Engagement Engine,” “we” or “us”) respects the privacy of every individual who visits the Patient Engagement Engine web site, www.patientengagementengine.com (the “Site”), and family of websites powered by Patient Engagement Engine or utilizes its online Service including mobile applications (“App” or “Apps”) and programs hosted by or on behalf of Patient Engagement Engine and its related services (together with the Site and the “Apps”, shall collectively be referred to as the “Service”). The terms “you” and “user” means all individuals and entities that access the Service.

This privacy policy outlines the information the Site may collect and how that information may be used. This privacy policy also describes the choices available to you regarding our use of your personal information and how you can access and update this information, and what information you provide that we will retain even if you decide to stop using the Patient Engagement Engine Service.

Patient Engagement Engine does not give, lease, sell or otherwise disclose your personal information. Any information you give to Patient Engagement Engine will be held with the utmost care and will not be used in ways to which you have not consented.

Your use of the Service indicates that you consent to our collection, storage, use and disclosure of your personal information and other information as described in this privacy policy and the Patient Engagement Engine Terms of Service. If you do not consent to the use of your personal information as described in this privacy policy or do not agree to the Terms of Service, do not use the Service.

If you have any questions at all about our privacy policy, please contact us at info@patientengagementengine.com

Types of Information We Collect

A. Personal Information. In order to access and utilize the Patient Engagement Engine services, one is required to become a registered user. As part of the registration process and depending on the type of Service enrollment (provider based registration or patient based via our App(s)), one may be required to provide the following: (1) name; (2) email address; (3) age or date of birth (DOB); (4) username; (5) password; (6) phone number; (7) patient appointment dates and status; and (8) access information to hardware requirements in order to access and use the Service. All registration information provided to us must comply with the Patient Engagement Engine Terms of Use Agreement.

As part of the user experience, you may also exchange information with us that would be part of the personal information we collect. Examples include but are not limited to the following: (1) information provided when you download or use applications from us; (2) information you enter into our system as part of using our services (e.g. patient name, email, phone number, address, date of birth, and appointment dates); (3) information you provide to us when contacting us for help; (4) profile information you provide for your personal user profile or information that is gathered as part of accessing your computer hardware and related devices (e.g. age, first and last name, picture, image or likeness, phone number, etc.); and (5) access to the data you provide to us in order to use our services.

  1. Specific Use of Personal Information. The information we collect allows us to provide you with a relevant user experience as well as a mechanism to keep you informed on Patient Engagement Engine’s latest product announcements, software updates, and promotional information. If you so desire, you can remove yourself from our mailing list by opting out by updating your profile preferences.
    Other uses of personal information may be for validating a user account, fraud prevention, or other data safety precautions Patient Engagement Engine may elect to implement. Additionally, we may use personal information for our internal purposes such as data analysis, auditing, and research to improve our Services to you.

B. Non-Personal Information. Patient Engagement Engine collects information that in and of itself does not permit direct association with any specific person. In the case of non-personal information Patient Engagement Engine has the right to collect, transfer, use, and disclose this information for any purpose. Examples of non-personal information and its intended use:

  1. Device related information. We may collect information such as the user device identifier (IDFA), type of mobile device, IP address of your mobile device, mobile operating system, and type of mobile Internet browsers. The device identifier itself may deliver the information to us directly or we may obtain this information via a third-party partner and/or affiliate. We use the information for the express purpose of better understanding customer behavior and improving our products and services.
  2. User activity with our Services. We may collect and store details on how you interact with our Services. This may help us improve our service offerings and to provide a better user experience.
  3. Metadata. Metadata is unique technical data that is generally associated with User Content. Metadata allows one to make their User Content more searchable when interacting with our Service. An example of metadata would be a hashtag or some form of geotag that would allow others to more readily find your submitted content and/or its given location.

C. Location Based Information. Use of the Patient Engagement Engine services, permits us to collect precise information about the location of your particular device. Location may include but is not limited to background location information between Users. We may use your location information to provide requested location services and to allow tagging of files.

D. Information from Other Sources. This may include:

  1. User feedback;
  2. Requesting services for or on your behalf;
  3. Users or others providing information in relation to any claim or dispute;
  4. Patient Engagement Engine business partners including those with whom you may create or access your account, such as payment providers, social media users, or websites who use Patient Engagement Engine’s APIs or whose API Patient Engagement Engine uses;
  5. Publicly available sources; and
  6. Marketing service providers.

Patient Engagement Engine may combine the information gathered from these other sources with other information in its possession.

Cookies and Other Tracking Technologies

“Cookies” are small data files that are sent to your web browser when you access a website, and the files stored on your device’s hard drive. We use “session” cookies to keep you logged in while you use the Site, to track your preferences and to track trends and monitor usage and web traffic information on the Site. These are erased when you close your browser. We use “persistent” cookies to relate your use of our Service to other information about you and store information about your preferences to make your user experience consistent and customized. For example, we may create a persistent cookie that includes some basic information about you, like your favorite website locations and whether customer support responded to your inquiry. These cookies stay on your hard drive until you erase them or they expire and associate your information with your account even if you are logged out.

Most browsers automatically accept cookies, but you can change your settings on the browser settings to refuse cookies or prompt you before accepting cookies. You can also use your browser settings or other tools to delete cookies you already have. However, if you disable or refuse cookies, then certain features of the Site may be inaccessible or not function properly.

Our cookies do not, by themselves, contain personal information, and we do not combine the general information collected through cookies with other personal information to tell us who you are. As noted, however, we do use cookies to identify that your web browser has accessed aspects of the Service and may associate that information with your account if you have one.

Certain features of the Site may use local shared objects (or “flash cookies”). Flash cookies are small files similar to browser cookies that collect and store information about your preferences and where you browse and what you look at on the Site. Flash cookies are not managed by the same browser or device settings that are used for browser cookies. You may adjust your Adobe Flash Player settings to prevent flash cookies from being placed on your hard drive.

This privacy policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer.

We may use “clear GIFs” (aka “web beacons” or “pixel tags”) or similar technologies, on our Service or in our communications with you to enable us to know whether you have visited a part of our Service or received a message. A clear GIF is typically a one-pixel, transparent image (although it can be a visible image as well), located on a website or in an email or other type of message, which is retrieved from a remote website on the Internet enabling the verification of an individual’s viewing or receipt of a website or message.

We do not automatically collect personal information, but we may tie personal information with the automatically collected information using the above tools or information collected from other sources.

We may also log information using digital images called web beacons on our Service or in our emails. We may use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We may also use web beacons to tell if you open or act on our emails.

We also use third party analytics services to collect usage data from our Site in order to help us understand how users are interacting with our Site. Third party analytic services are used to track general location information, and events that occur without our Services, such as how often you use our Services. This information, including your IP address, is transmitted and stored by 3rd parties as determined by us.

E-Commerce

Certain areas within the Patient Engagement Engine site enable one to pay for products or services online. Patient Engagement Engine values its customers and is committed to protecting your privacy. Your right to privacy and data security is a primary concern. We do not sell or rent the information you provide to us online to third parties. We include this Internet Commerce Privacy Statement to explain the way we handle the information you give us. Patient Engagement Engine uses a secure server (SSL) to encrypt your account information that is transmitted to us. This logic encrypts the data being sent to the server from the browser using high-level encryption technology. Once the data is received it may be required that the data be maintained for a certain period of time inside our network. Encrypting the data means it cannot be viewed in plain text. We do not release credit card or other information for use by others. All information that you send us is stored on a secure server that is not lawfully accessible to anyone but Patient Engagement Engine and its associates.

Patient Engagement Engine uses Stripe as its third-party electronic payment processing provider for payment services (e.g. card acceptance, merchant settlement, and related services) (“Payment Services”) for payments related to the Service. By making use of some or all of these Payment Services on the Service, you agree to be bound by Stripe’s terms and conditions (available at https://stripe.com/us/legal) as well as its privacy policy (available at https://stripe.com/us/privacy/ and hereby consent and authorize us to delegate the authorizations and share the information you provide to us with our third party electronic payment processing provider(s) to the extent required to provide the Payment Services to you.

Customer Credit Card Information: Patient Engagement Engine uses a Stripe to keep a protected copy of your credit card number. This billing data belongs to you, and by utilizing the Service, you grant Patient Engagement Engine a license to use this data to bill you for services rendered.

If our Internet Commerce Privacy Statement changes in the future, we will post the updates to this Web site.

IP Address Information and Other Information Collected Automatically

We automatically receive and record log file information from your web browser when you interact with the Site, including your IP address and cookie information. Generally, the Site automatically collects usage information, such as the number and frequency of visitors to the Site. We may use this data in aggregate form, that is, as a statistical measure, but not in a manner that would identify you personally. This type of aggregate data enables us and third parties authorized by us to figure out how often individuals use parts of the Service so that we can analyze and improve them.

In terms of test-taking applicant users, you consent and agree for us to collect this information as part of the test taking/monitoring aspect of our Services. You understand and acknowledge that this information may be used to identify you personally as a condition to the test-taking policies you have consented to abide by. You also agree and consent for this information to be shared with our Client Users as a condition to your use of our Services.

Third-Party Sites and Services

Patient Engagement Engine products, services, and application may contain links to third-party services (e.g. Facebook, Google etc.), products, and websites. Information collected by third parties is governed by their privacy policies and practices. We encourage you to read and learn about their specific privacy practices.

Information Sharing and Disclosures

From time-to-time, Patient Engagement Engine may make certain personal information available to product and service partners. Specific ways Patient Engagement Engine shares with third parties are described below:

A. Third-Party Service Providers. Patient Engagement Engine may elect to outsource some of its technical and customer support, tracking and reporting functions, quality assurance testing, and other services that it may deem necessary. In these specific instances, we may share information about or from you in order for them to provide their services. Additional examples may include:

  1. Payment processors and facilitators.
  2. Cloud storage providers.
  3. Data analytics providers including Full Story and Google Analytics.
  4. Research partners.
  5. Consultants, accountants, lawyers, and other professional service providers.

In these specific instances, we may share information about or from you in order for them to provide their services.

B. Business Affiliates and Transfers. Patient Engagement Engine may share information from or about you with its subsidiaries, joint ventures, or companies under common control, in which case we will require them to adhere to this Privacy Policy. In the event Patient Engagement Engine, Inc. is acquired in total or by a substantial amount of its assets, we will make best efforts to ensure that the purchaser will assume the rights and obligations of this Privacy Policy. However, Patient Engagement Engine cannot make any guarantees or promises with respect to a purchaser adopting the current rights and obligations of this Privacy Policy.

C. Investigations. As described in the Patient Engagement Engine Terms and Conditions of Use, Patient Engagement Engine reserves the right to provide and/or disclose necessary information for investigatory matters. Examples include but are not limited to: 1) compliance with law enforcement or the necessary legal process; 2) behavior and/or use violative of the Terms and Conditions of Use, and 3) instances whereby it is necessary to protect our rights and obligations.

D. User Request. This includes sharing your information with:

  1. Patient Engagement Engine business partners. For example, we may share your location when you engage the services, we may make available to you through our business partners and their affiliates.

E. With your consent. Patient Engagement Engine may share your information other than as we have described in this policy if we notify you and you consent to the sharing.

F. Aggregate/De-identified. We may disclose aggregate or de-identified information that we collect about you through our Service, for advertising, research and analytical services; however, we will strip out names, contact information and other personal identifiers before we do so.

We do not share information with third parties for their own direct marketing purposes. If we disclose any Protected Health Information (as that term is defined in 45 C.F.R. Part 160) to third parties, we will do so in accordance with the Health Insurance Portability and Accountability Act, as amended (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, as amended (“HITECH”), and any other applicable state and federal privacy and security laws, as they may be amended from time to time.

Storage of Your Information

The information you provide Patient Engagement Engine may be collected through our services and processed in the United States or any other country in which Patient Engagement Engine, its subsidiaries, affiliates, and/or service providers maintain facilities.

As a result, Patient Engagement Engine its subsidiaries, affiliates, and/or service providers may transfer information we collect about you, including personal information, across borders and from your country or jurisdiction to other countries or jurisdictions around the world. For example, you may reside in another country or region with differing data protection and privacy laws than the United States. Consequently, when you register to use the Service you acknowledge and consent to Patient Engagement Engine transmitting your information to the United States or to any country in which Patient Engagement Engine and/or its subsidiaries, affiliates, and/or service providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.

In turn, Patient Engagement Engine uses commercially reasonable standards, measures and/or protocol to keep the information collected through the Service secure and as a result we take cautionary steps to verify your identify before granting you Service access. Moreover, Patient Engagement Engine cannot ensure the security of any information submitted or transmitted by you to Patient Engagement Engine nor can we guarantee that said information may not be disclosed, destroyed, and/or altered.

Protection of Personal Information

Patient Engagement Engine preserves the security of your personal information with the utmost caution. As such, we follow the generally accepted industry standards to protect all user information submitted to us. Although we implement accepted industry standards, we cannot guarantee absolute security with respect to your personal information. Given the fact that no one method of transmission over the Internet or via mobile device is 100% secure, we urge you to take the utmost care when transmitting personal information.

When you use some of the features of the Patient Engagement Engine services, the personal information and content you share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances. Please take care when using these features.

Data Retention

Patient Engagement Engine will retain your personal information for a minimum of 7 years in connection with regulatory, tax, insurance or other requirements in the places in which it operates. Patient Engagement Engine thereafter deletes or anonymizes such information with applicable laws.
Users may request deletion of their account at any time. Following such request, Patient Engagement Engine deletes the information that it is not required to retain and restricts to or use of an information it is required to retain. You may request deletion of your account by contacting us here at info@patientengagementengine.com

Patient Engagement Engine may also retain certain information if necessary, for its legitimate business interests, such as fraud prevention and enhancing users’ safety and security. For example, if Patient Engagement Engine shuts down a user’s account, Patient Engagement Engine may retain certain information about that account to prevent that user from opening a new Patient Engagement Engine account in the future.

Access to Personal Information

In order to ensure that your personal information is current and accurate, please log in to your account using the Patient Engagement Engine Site and go to user profile.

Children

Patient Engagement Engine is aware of the importance of protecting the privacy and safety of children who may use our services. In that regard, we do not knowingly solicit data from or market to children under the age of 13. In the event a child’s parent and/or legal guardian becomes aware that their child has provided us with information without their consent, please contact us immediately at info@patientengagementengine.com Once notified, we will delete the information as soon as reasonably possible.

Privacy of our email lists

We do not sell, rent, loan, trade, or lease the addresses on our list to anyone. Individuals must specifically request to join our mailing lists using the forms provided on our website or other means expressly sanctioned by Patient Engagement Engine.

Unsubscribe Policy

Your privacy is important, and we strive to send e-mail only to those who want to receive it. If you would not like to receive future e-mails from us, reply to any email with UNSUBSCRIBE as the subject.

There is no form with this name or may be the form is unpublished, please check the form and the URL and the form management.

Disclaimer for External Links

Patient Engagement Engine web sites may provide links to Internet websites that are maintained by third parties, over which Patient Engagement Engine has no control. Patient Engagement Engine does not represent that any particular link will be on-line and functional at any given time. When a user leaves the Patient Engagement Engine web site and visits another site, the user is subject to the privacy policy of that new site. It is the responsibility of the user to evaluate the content and usefulness of information obtained from other sites. Patient Engagement Engine does not endorse the content, operators, products, or services of such sites, and the Patient Engagement Engine shall not be responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with use of or reliance on any such external content, products, or services available on or through such external sites.

Contact Information

If you have any questions and/or concerns about our privacy policy, you may contact us in writing at:

Patient Engagement Engine

Attn. Administrator,
9890 Irvine Center Drive
Irvine, California 92618

Privacy Policy Modifications

Patient Engagement Engine reserves the exclusive right to change, modify, or alter the terms of this privacy policy. The most current version of this policy will govern our use of your information. Continued access and use of the Patient Engagement Engine services after changes to our Privacy Policy occur indicate that you agree to be bound by the revised privacy policy.

Consent

Your continued access and use of the Patient Engagement Engine service, subject to the Terms of Use and Conditions, signifies your unequivocal consent to the terms of this privacy policy.

California Residents: Your Privacy Rights

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) allows California residents, upon a verifiable consumer request, to request that a business that collects consumers’ personal information to give consumers access, in a portable and (if technically feasible) readily usable form, to the specific pieces and categories of personal information that the business has collected about the consumer, the categories of sources for that information, the business or commercial purposes for collecting the information, and the categories of third parties with which the information was shared. California residents also have the right to submit a request for deletion of information under certain circumstances. Consistent with California law, if you choose to exercise your rights, we won’t charge you different prices or provide different quality of services unless those differences are related to your information.

We do not sell your personal information.

We disclose personal information for business purposes. From businesses that disclose personal information for a business purpose, you have the right to request:

  1. The categories of personal information that the business collected about you; and
  2. The categories of personal information that the business disclosed about you for a business purpose.

The right to request the business to delete the personal information it has collected from you, subject to certain legal exceptions, for example, when the personal information is necessary to complete a transaction for which we collected it or to comply with a legal obligation.

The right to be protected from discrimination for exercising your CCPA rights. Businesses are prohibited from discriminating against you for exercising your rights under the statute, including by: (A) denying you goods or services; (B) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (C) providing you with a different level or quality of goods or services; or (D) suggesting that you will receive a different price, rate, level, or quality of goods or services. Nothing prohibits a business from charging a different price or providing a different level or quality of service if the difference is reasonably related to the value provided to the consumer by the consumer’s data.

For additional information on any of the above, or to submit a request for personal information under the CCPA, please contact us here at info@patientengagementengine.com Please note that Patient Engagement Engine may claim legal exemptions for certain types of personal information from all or certain parts of the CCPA pursuant to various CCPA exemptions.

Additional Disclosures Under the CCPA

Patient Engagement Engine does not sell your personal information to third parties (as those terms are defined under the CCPA). However, as outlined in this policy, we do allow third parties to collect personal information through our services and share personal information with third parties for the business purposes we’ve described here. For more information, please refer to the “Types of Information We Collect” and “Information Sharing Disclosures” sections of the privacy policy above.

List of categories of personal information collected about consumers and disclosed for a business purpose*:

Information you provide to us. This includes the information you provide when you register as a member, such as your date of birth and identifiers including first name, last name, and email address, information you provide when you complete an application for services on our Site, and information you provide when you submit information in forms or through other features of our Services, from which we may make inferences. If you are a Patient Engagement Engine customer, this includes the information you provided regarding your patient practice e.g. patient name, email, phone number, address, date of birth, and appointment dates.

Information we automatically collect. We also collect information about how you access and interact with our Services. This includes device information, log information, geolocation information, and Internet or other electronic network activity information collected through technologies like cookies, web beacons, and browser web storage.

Information third parties provide about you. In order to provide our Services, we may collect information about you from third parties. This includes things such as electronic health records software, google, Facebook, Yelp and similar sites.

*Business purposes can include such things as: providing our Services, maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, performing analytics and quality control, auditing transactions, researching and testing features and improvements, detecting and preventing fraud and security incidents, debugging or repairing technical errors, and marketing our Services.