Ciox Privacy Policy
Last Updated: February 10, 2021
Ciox’s Privacy Policy describes how Ciox Health (“Ciox,” “we,” and “us”) collects, uses, and discloses the Personal Information we collect from you when you use our website or otherwise interact with us (the “Services”). Please carefully review this Privacy Policy prior to using our Services or sharing your Personal Information with us.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) & State Law
Our use and disclosure of certain of your information may be subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) and applicable state law. Any information that you submit to us that constitutes “Protected Health Information,” as defined by HIPAA, is subject to HIPAA and applicable state law, and such laws control to the extent of any conflict with this Privacy Policy. The term “Protected Health Information” or “PHI” refers to individually identifiable health information about your past, present or future physical or mental health or condition, the provision of health care to you or the past, present or future payment for such care.
Ciox as a Service Provider
We are primarily a service provider for other businesses. In the course of providing services for other businesses, we may collect your Personal Information from our business customers. Generally, the businesses that we serve are responsible for determining how we may use and share your Personal Information. If you have questions about how your Personal Information is collected and used, we may direct you to the business who is responsible for your Personal Information. To the extent of any conflict between this Privacy Policy and our agreements (including HIPAA business associate agreements) with a business customer, the agreement will generally control.
Personal Information
Personal Information We Collect
“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. Ciox collects Personal Information from you when send us emails or otherwise voluntarily submit your information to us.
Depending on how you use the Services, we may collect the following categories of Personal Information about you:
- Direct Identifiers, such as your name, mailing address, email address, phone number, and account numbers. Typically, we collect this information directly from you to contact you regarding administrative notices, your use of the Services, or in connection with your interactions with us, such as through an employment application.
- Internet Activity Information, such as your browsing history and browser preferences. Typically, we collect this information through cookies and other data collection technologies to under how you use our website.
- Commercial Information, such as your financial and payment information, including credit card and payment card information. Typically, we collect this information directly from you to process payments you request or otherwise adjust your account.
In addition the purpose of collection described above, we may also collect Personal Information generally for the following reasons:
- For the purpose for which you provided it.
- To maintain and service your account.
- To administer and improve our website.
- To communicate with you and respond to inquiries you send to us.
- To promote our products and services to you, if given your permission.
- To comply with legal, regulatory and risk management obligations.
In addition, we may use your Personal Information in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services and how to improve the Services. One way in which we collect your non-identifiable information is through anonymous surveys. Participation in such surveys is voluntary and is not connected to any of your Personal Information. We may provide aggregated information to third parties, but when we do so we do not provide any of your Personal Information without your express permission.
How We Disclose the Information We Collect
We share your Personal Information for the following reasons:
Service Providers. We may share your Personal Information with third parties that provide services to us. We may use third party service providers to host the Services and gather and use on our behalf your Personal Information as contemplated by this Privacy Policy and applicable law. All such third parties are subject to confidentiality obligations in an attempt to protect your information as much as is commercially reasonable.
In Connection with a Legal Right or Obligation. We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with the Services; or (c) protect our rights, reputation, property, or that of our users, affiliates, or the public.
In a Transaction. If we, or any of our businesses, are sold or disposed of as a going concern, whether by merger, reorganization, sale of assets or otherwise, or in the event of an insolvency, bankruptcy or receivership, any and all Personal Information, including your account information, may be one of the assets sold or merged in connection with that transaction. Information about you may also need to be disclosed in connection with a commercial transaction where we or any one of our businesses are seeking financing, investment, support or funding. In such transactions, Personal Information will be subject to the promises made in any pre-existing Privacy Policy in effect when the information was obtained.
Except as stated in this Privacy Policy, we do not sell, distribute, or release to a third party your Personal Information without notice to you.
Cookies and Data Collection Technologies
Our online Services use cookies (small text files stored either temporarily or permanently on a user’s computer hard disk, which allow the website to recognize the user and track usage of the site, preferences, IP addresses, and pages visited, and to gather data and marketing information). Cookies may improve and/or simplify the use of Ciox online services.
How We Protect Your Information
Communications between your browser and portions of the online Services containing Personal Information are protected with Secure Socket Layer (“SSL”) encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information we strive to maintain the physical and electronic security of your Personal Information using commercially reasonable efforts.
NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD ENCRYPTION TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.
In the Event of a Security Breach of Your Personal Information
If we determine that your Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you in accordance with and to the extent required by applicable state and federal law using the information that we have on file.
Disclosures for California Residents
If you are a resident of California, you may be entitled to the following privacy rights:
- The right to know. You have the right to request to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in the last 12 months; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your Personal Information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your Personal Information. Generally:
- Within the preceding 12 months, Ciox has collected the categories of Personal Information detailed in the “Personal Information We Collect” section above.
- Ciox does not and will not sell your Personal Information.
- Ciox has not disclosed your Personal Information to third parties within the preceding 12 months.
- The right to deletion. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
- The right to opt out of the sale of your Personal Information. You have the right to opt out of the sale of your Personal Information. Ciox does not and will not sell your Personal Information. If we change our business practices, we will update this Privacy Policy, notify you, and honor your right to opt out of the sale of your Personal Information.
- The right to equal service. If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our services.
The CCPA does not apply to health information that (i) is deidentified in accordance with the requirements of deidentification set forth in Section 164.514 of Part 164 of Title 45 of the Code of Federal Regulations, and (ii) is derived from patient information that was originally collected, created, transmitted, or maintained by an entity regulated by the Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act, or the Federal Policy for the Protection of Human Subjects, also know as the Common Rule. Ciox may use or disclose deidentified information so long as the entities to who Ciox discloses deidentified data are prohibited from re-identifying or attempting to re-identify data.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us via our C3 at 844-882-3809 or visit our C3 website at www.cioxcomplianceconnection.com.
Ciox will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Shine the Light – Third Party Marketing: This Privacy Policy describes how we may share your Personal Information, including for marketing purposes. California residents are entitled to request and obtain from Ciox once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us at our C3 at 844-882-3809 or visit our C3 website at www.cioxcomplianceconnection.com.
Third Party Privacy
This Privacy Policy applies only to the Services provided by Ciox Health. The Services may contain links to other websites, which may be subject to a different privacy policy or are otherwise maintained or provided by a third party. We are not responsible for the privacy practices of any third party website you access from our Services. You should review the privacy policy of every website before using the website or submitting any information to the website.
Changes to Our Policy
We reserve the right to modify or amend this Privacy Policy at any time. All changes to this Privacy Policy will be effective immediately upon their posting to the Services. We will notify you of material changes to this Privacy Policy by conspicuously posting the changes on the Services. Information collected before changes are made will be treated in accordance with the previous Privacy Policy. Continued use of the Services after the effective date of a modified privacy policy will indicate your agreement to any modified terms. Each version of our Privacy Policy will be prominently marked with an effective date.
Contact Information
You may submit any questions or concerns about this Privacy Policy or our privacy practices by contacting us through the following methods:
Elizabeth Delahoussaye, Chief Privacy Officer
Robbie Hudec, Chief Information Security Officer
Ciox Health
925 North Point Parkway
Suite 350
Alpharetta, GA 30005
844-882-3809
or visit our C3 website at www.cioxcomplianceconnection.com
We regularly review our compliance with this Privacy Policy. If you believe your privacy rights have been violated, you have the right to file a complaint. You may do so by contacting the Ciox Compliance Connection at 844-882-3809.