Updated as of: June 22, 2015

Privacy Policy

Data Momma, LLC d/b/a PCIHIPAA (“PCIHIPAA” or “we” or “us”) respects your privacy rights and is committed to protecting the information we collect from you online. This Privacy Policy explains how we collect, use, disclose, and protect the information you provide to us on our website, PCIHIPAA.com (the “Website”), or otherwise.

Scope of Policy

The following privacy policy (as may be amended as stated below, the “Privacy Policy”) explains how we collect and manage your personal, company and financial information as well as how we care for your privacy and protect your information. This Privacy Policy applies, without limitation, to practices (“Practices”) that use any of the following services that are included in PCIHIPAA’s compliance package: (a) Payment Card Industry Data Security Standards (“PCI DSS”) compliance, breach protection, and administrative services; (b) Health Insurance Portability and Accountability Act (“HIPAA”) compliance, administrative, and breach protection services; (c) Data Backup Services; (d) E-mail Encryption Services; and (e) Other Related Services (clauses (a)–(e) collectively defined as “Services”), as well as any customers and patients of such Practices (the “Customers”) that benefit from any of the Services. A more detailed explanation of the Services and their terms can be found on the Website, including, without limitation, in our Terms of Service.

The Website may contain links to other websites. This Privacy Policy does not apply to information collected on or through third party websites. We are not responsible for the privacy practices of such third parties or the content of their websites. Such third parties may have their own privacy policies, and you should review those privacy policies to determine their privacy practices.

Information / Data Collection

Collection of Information

We may collect the following information:

Information about a Practice’s business, including its address, phone number, taxpayer identification number, and certain other identifiable information (such as financial information);
Certain personally identifiable information of the owner of a Practice, including his or her name, postal address, and email address;
Customer names, postal addresses, telephone numbers, email addresses, and other personally identifiable and confidential information;
Certain financial or demographic profile information to be used in the aggregate, such as age, gender, hobbies, interests, zip/postal code or country. Demographic information is not considered personal information unless it is linked to personal information about a specific user;
Mobile, home, fax and/or business telephone (including toll-free) number, service provider name, and the date, time and content of the Practice’s or Customer’s message;
IP Address, and other technical information collected from the servers utilized by you or your vendors, such as information and data that is automatically collected upon visiting the Website (i.e., webpage http headers (home server domain names, Internet Protocol address, operating system type, browser type and language) and user-specific or aggregate information on what pages Website visitors access). Technical information is not considered personal information unless it is linked to personal Information about a specific user;
Credit/debit card and other billing information, including cardholder transaction data, card numbers, and expiration dates;
Information provided on any application or authorization;
Information regarding uses of the Services; and
Other information provided to us in any way, shape or form.
How Information is Collected

We may collect information in the following ways:

Through the completion of electronic forms found on our Website, or on a Practice-hosted website;
Through the completion of paper forms provided by us;
Through SMS (Short Message Service) messages sent via cell phone, or through e-mail and other communications;
Through telephone calls made to us, or vice versa;
Through surveys;
Through referring websites or third parties, such as by third-party vendors regarding a Practice;
Through the maintenance and analysis of Website server logs; and
Via “cookies” (small text files placed by us on a Practice’s computer(s)), single pixel GIF image files (also called “Web beacons”), Website server log analysis and other similar technological means.
Certain portions of our Website may require that you register before being able to access them. On those portions of our Website that require registration, we may collect information to determine specific products and services that might be of interest or beneficial to a Practice or Customer.

By collecting and maintaining accurate information, we learn more about the needs of Practices or Customers and are better able to provide Services to such Practices or Customers.

Use of Information / Data Collected

We use the information we collect to identify the parties with whom we are dealing and to provide the Services, including Services that display customized content and advertising. We may also use the information for statistical and/or marketing purposes, to improve our technologies and Services, to provide information about our company, and to deliver promotional information from our partners and third-party vendors. These uses are intended to enhance your experience at the Website and enable us to present you content and services in which we think you might be interested

We reserve the right to share, rent, sell, or otherwise disclose the information we collect to third parties. We may also use the information you provide to market products and services we determine, in our sole judgment, you might find of interest.

When we use third parties to assist us in processing your personal information, we typically request that they comply with this Privacy Policy and any other appropriate confidentiality and security measures. However, we make no representation or warranty that such third party will so comply.

We may also share information with certain third parties in other circumstances, including when complying with legal process, preventing fraud or imminent harm, and ensuring the security of our network and services. We may disclose information about Practices, including personal information, as part of any merger, sale, transfer of company assets, or acquisition. We will take reasonable steps to assure that such information is treated in a manner consistent with this Privacy Policy.

We may add your information to our databases to contact you through future e-mails, postal mailings, telemarketing and SMS text-messaging regarding site updates, upcoming events, new products and services, and/or the status of orders placed online.

We reserve the right to release information to law enforcement or other governmental officials as we, in our sole and absolute discretion, deem necessary to comply with the law.

Use of Web Technologies

Cookies

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use cookies on the Website. We may link the information we store in cookies to personally identifiable information that you submit while on our Website. We use both session ID cookies and persistent cookies. A session ID cookie expires when a browser is closed. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our Website. You can remove the persistent cookies by following the directions provided in your internet browser’s “help” file. If you reject cookies, you may still use our Website, but your ability to use some areas of our Website will be limited.

Clear Gifs

We employ a software technology called clear gifs (aka web beacons/web bugs), that helps us better manage the content on our Website by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Website users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on website pages and are about the size of the period at the end of a sentence. We do not tie the information gathered by clear gifs to your personally identifiable information.

We use clear gifts in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out of these emails, please see the “Opting Out” section of this Privacy Policy below.

Log Files

As is true of most websites, we gather information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information, which does not identify individual users, to analyze trends, to administer the Website, to track users’ movements around the site and to gather demographic information about our user base as a whole.

Do Not Track

When you use one or more of our Websites, we may receive “do not track” requests from you, whether via signals from web browsers or other mechanisms. At this time, we do not respond to such “do not track” requests, although we may choose to do so in the future.

Security

We take reasonable precautions to protect the confidentiality and security of Practices’ and Customers’ personally identifiable information by using industry recognized security safeguards such as site monitoring, secured networks and servers, firewalls, and encryption. When we ask for sensitive information, we protect it through the use of encryption during transmission, such as SSL (Secure Socket Layer). We regularly test and update our technology to enhance security. However, no method of transmission over the Internet is 100% secure. Therefore, while we strive to protect Practices’ and Customers’ personally identifiable information within industry standards, we cannot guarantee its absolute security.

Our employees are trained and required to safeguard Practices’ and Customers’ information. Our internal controls limit access to information based on job functionality.

No Information Collected from Children

The information and Services provided by us or our affiliates, sponsors, and advertisers are not intended to be viewed by children (under 18 years old). No information is knowingly collected or retained from children (except as Customers), nor is any such information knowingly used for any marketing or promotional purposes whatsoever, either inside or outside the Website. No part of the Website is designed to attract anyone under the age of 18. Children are not eligible to use the Services and we ask that minors (under the age of 18) do not submit any personal information to us or use the Services.

Communications

Based upon the personally identifiable information that you provide us, we may send you a welcoming email. We will also communicate with you in response to your inquiries, to provide the Services you request, and to manage your account.

Opting Out

If you want to be removed from our marketing list and do not want us to send you email, regular mail, or other messages about our products and services, you can opt out. To do so, please send an email to Unsubscribe@PCIHIPAA.com, with the word “REMOVE” in the subject line, or unsubscribe by clicking here: Unsubscribe To opt out of SMS text messages, reply to the text you received with the word “REMOVE.”

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of such residents’ personal information to third parties for such third parties’ direct marketing purposes. To make such a request, please e-mail us at: info@PCIHIPAA.com.

Privacy Policy Updates

We reserve the right to change this Privacy Policy at any time, so please review it on a regular basis. Any changes made to this Privacy Policy will be posted here. The date stamp at the top of the page represents the last day this Privacy Policy was updated. If you have questions about this Privacy Policy, you can contact us at info@pcihipaa.com. By using or accessing the Services or the Website, you will be deemed to have agreed to and accepted this Privacy Policy.

Manage Accurate Information

If your personally identifiable information changes, or if you no longer choose to use our Services, you can contact customer service by email, telephone or postal mail at the contact information listed below to assist you with changes to your account.

To the extent any Practice’s account(s) close or become inactive, we will continue to protect such Practice’s and it Customers’ information as described in this Privacy Policy.

Business Transitions

In the event that we go through a business transition, such as a merger, acquisition, or sales, your personal information will likely be among the assets transferred. You will be notified of any such change in ownership or control of your personal information.

Contact Us

If you have any questions or suggestions regarding this Privacy Policy, please contact us as follows:

By mail:
PCIHIPAA
7349 N. Via Paseo Del Sur #515-169
Scottsdale, Arizona 85258
Attn: [Practice Support]

By telephone:
(800) 588-0254

By email:
info@pcihipaa.com