Last Updated: April 22, 2023
What Information Do We Collect?
Our primary purpose in collecting personal information from you is to provide you with a safe, smooth, efficient, and customized experience. This allows us to provide services and features that most likely meet your needs, and to customize our service to make your experience safer and easier. We only collect personal information about you that we consider necessary for achieving this purpose.
In general, you can browse the Site without telling us who you are or revealing personal information about yourself. Once you become a User, we may require you to provide various contact and identity information, billing information, and other personal information as indicated on the relevant forms on the Site (which vary, depending on what kind of User you are). Where possible, on these forms we indicate which fields are required and which fields are optional.
In addition, as you use the Site, you can from time to time enter or send to us personal information. For example, if you are a Subscriber, you can enter your own billing information, and if you are a Customer you can enter information about payment of any invoice submitted by a Subscriber. As you use the Site you can also from time to time enter personal information about third parties relevant to the services we provide. For example, if you are a Subscriber, you can (within the context of the services) enter personal information about your Customers or your staff.
You always have the option to not provide information by choosing not to become a User or by not using the particular feature of the Site for which the information is being collected.
If you are a Subscriber, we collect your credit card information for billing purposes. And if you are a Customer who wishes to pay amounts to a Subscriber on a recurring basis, we collect and store your credit card information for payment purposes.
Some of our pages where personal data is collected utilize framing techniques to serve content to you from our partners while preserving the look and feel of our site. Please be aware that you are providing your personal information to these third parties and not to www.HIPAAComplete.com (in each case the relevant third party will be identified to you via that section of the website).
We also make use of third party companies to process personal information as needed for marketing or analytical purposes that enhance our existing services and programs.
Technologies such as: cookies and similar technologies are used by HIPAAComplete and our partners (e.g., advertising, marketing and analytics), affiliates, or other service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
We partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.
We, or our designated third party service provider, may from time to time contact you by telephone. Such calls may as indicated by us, and with your consent, be monitored, recorded, stored and used for the purposes specified in such calls.
How We Use Your Information
We use your personal information to provide to you the services offered by the Site; resolve service and billing disputes; troubleshoot problems; bill any amounts due from you; measure consumer interest in our products and services, inform you about online and offline offers, products, services, events and updates; deliver information to you that, in some cases, is relevant to your interests, such as product news; customize your experience; detect and protect us against error, fraud and other criminal activity; enforce our TERMS OF SERVIDE, provide you with system or administrative messages, and as otherwise described to you at the time of collection. On occasion we use email address or other contact information to contact our Users to ask them for their input on our services, to forward to them media opportunities, and even to invite them to dinner.
We may also use personal information about you to improve our marketing and promotional efforts, to analyze Site usage, to improve our content and product offerings, and to customize the Site’s content, layout, and services. These processes include automated decision-making and profiling information. The intention of the usage is to improve the Site and the HIPAAComplete application and better tailor it to meet your needs, so as to provide you with a smooth, efficient, safe and customized experience while using the Site.
Sharing of Your Information
• Subscribers and Customers Information: In the normal operation of the Site Subscriber timesheets (including information entered by “staff” members) and invoices are disclosed to the applicable Customers, and Customer information is disclosed to the applicable Subscriber. In general, information you enter on the Site is available to the other persons – whether they are Customers, Subscribers, staff members or others – to whom you give access to your account or to whom you give access to the information through the normal operation of the Site.
• Payment Information: We use credit card and other personally identifiable information (such as payment processor email addresses) you submit to us on the Site, and other information that we collect, as required, to process payments you make through the Site through our payment processor intermediaries. We do not store credit card or other payment method information unless the Subscriber or their Customers choose to enter credit card information for use in the HIPAAComplete recurring profiles module; in all other cases our payment processors have the sole and complete responsibility for the storage of credit card and payment information. We may also share personally identifiable information with our payment processor intermediaries for risk management and fraud prevention.
• Aggregated Data: We will create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data includes data derived from Personal Information and obtained by HIPAAComplete from other sources in aggregated, anonymous form and does not identify any individual (such data is referred to as “Aggregate Information”). Subject to applicable laws and regulations, we use Aggregate Information to understand our customers and to develop, improve and/or market our Services. We may provide Aggregate Information to third parties.
• Subsidiaries, Affiliates, and Service Providers: We may from time to time use the services of affiliates, subsidiaries and unrelated service providers in the operation of the Site, and may disclose personal information to them in the course of our use of their services. For example, we may use the services of third party hosting companies to host the operation of the Site. This may involve the hosting of data, including personal information, on servers operated by those hosting companies. We take care to use only service providers that we believe are reputable, have equivalent or better security safeguards in place than us, and able to live up to our and your expectations, including about the handling of confidential information. These companies are authorized to use your personal information only as necessary to provide these services to us.
• Legal Requests and Business Transitions, Emergencies: In certain situations, HIPAAComplete may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. HIPAAComplete may disclose your personal information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (c) as otherwise required or permitted under any applicable law, rule, or regulation, and (d) in good faith, to protect or defend the rights or property of HIPAAComplete and other users and (e) if HIPAAComplete is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
• HIPAAComplete will not purchase consent, or sell, rent or share consent to opt-in to our mobile SMS/texting program.
For further details on the specific third party usage of our data, including a list of the partner organizations with whom Aggregate Information may be shared, please reach out to our team at firstname.lastname@example.org
Your Use of Other Persons’ Information
Other Information Collectors
Consent for Withdrawal
We provide you a way for you to withdraw your information being processed for individuals within the European Economic Area (EEA) and the State of California.
Contact us at support@HIPAAComplete.com to initiate the steps required. We will verify your information prior to processing and proceed with the steps necessary within the applicable laws and regulations.
If you are not a resident of the EEA or the State of California but wish to no longer be subscribed to emails or direct mail campaigns, please reach out to our support team at email@example.com
Correcting, Updating, and Transferring Your Personal Information
Upon written request HIPAAComplete will provide you with information about what personal information we have about you. To review, delete, and update your personal information to ensure it is accurate, you may login into your account to make the changes, or you may contact us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe, and typically within one month of the request being made. We may ask you for further information from you to help us respond to your request, including asking for government-issued identification to verify your identity before we provide the personal data. If you are a EEA resident requesting the porting or an export of your information, you may reach out to us at email@example.com and we will proceed with the steps necessary.
HIPAAComplete is a complex business network that connects many covered entities with business associates and other users. HIPAAComplete manages a business eco system that brings together contractors, companies and customers. This network relies on the exchange and sharing of information that is important to others in your network. Security incidents, hardware inventories, software inventories, vulnerabilities and their mitigations are all vital to other people that work with you. These are important to generate a good risk analysis and business continuity plan . The privacy laws require our systems to backup the data, and keep at least 7 years of data. Therefore data will be deleted in a compliant manner and will consider any deletion request within the requirements of applicable law.
When a customer chooses to close an account we will remove your information from our marketing and billing systems. This will ensure that there are not further mailings or billings directed towards the canceled user.
We will retain your information for as long as your account is active or as needed to provide you services and the follow the privacy laws like HIPAA.
Our goal is to retain your information as necessary to comply with our legal obligations and accepted accounting principles, resolve disputes, and enforce our agreements; this retention period may extend past the point at which you close your account.
The criteria that will be for determining periods of retention will be based on the type of data. For example, data relevant to accounting information will be retained for at least 7 years, whereas temporary cookie data of a web visitor may not be retained at all.
International Transfer of Personal Information
Other than as specified within this Policy, we do not share your personal information with third parties. Where we do transfer your personal information to third parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law.
We store personal information about Website Visitors and Subscribers within the United States and in other countries and territories. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which HIPAAComplete has operations. Therefore, your personal information may be processed outside of the United State, and which may not provide for the same level of data protection as the United States.
In this event, we will ensure that the recipient of your personal information offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the United States European Commission (Art. 46 GDPR), or we will ask you for your prior and explicit consent to such international data transfers.We have implemented safeguards to ensure an adequate level of data protection where your personal information is transferred to countries outside the EEA. For further details on the transfer of your personal information, including a list of the organizations with whom said information may be shared, please reach out to our team at firstname.lastname@example.org
Residents of united states of America
Personal information (as the term is defined in the Personal Information Protection and Electronic Documents Act of united states of America (“PIPEDA”)) will be collected, stored, used and/or processed by the HIPAAComplete in compliance with the HIPAAComplete’s obligations under PIPEDA.
The California Consumer Privacy Act (“CCPA”), which is effective as of January 1, 2020, regulates how we handle personal information of California residents and gives California residents certain rights with respect to their personal information.
When we act as a service provider (for example, by providing our services to another company that you interact with), we follow the instructions of the business that engaged us with respect to how we process your personal information. If you would like more information about how your personal information is processed by other companies, including companies that engage us as a service provider, please contact those companies directly.
European Economic Area (EEA) and United Kingdom (UK) Visitors
If you are a visitor from the European Economic Area (“EEA”) or the United Kingdom (“UK), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you (e.g. to provide you with our Services), where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time why we need to use your personal information. If we process personal information in reliance on your consent, you may withdraw your consent at any time.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information in any specific instance, please contact us using the contact details provided under the “Contact Us” section below.
Notification of Privacy Statement Changes
We may update this privacy statement to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the email address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
It is our goal to make our privacy practices easy to understand. If you have questions, concerns or if you would like more detailed information, please email our data protection representatives at:
HIPAAComplete Privacy Team
911 Washington Ave, Suite 849
St. Louis, MO 63101
United State of America
Last Updated: April 22, 2023