TECHNOLOGY PRIVACY POLICY

Last updated: November 2, 2022

This Technology Privacy Policy describes how Valant (“we”, “us”, “our”) collects and uses the Personal Information that you may provide when accessing the Valant websites, platforms, portals, mobile applications and all associated services (“Services”).  Valant places a great value on your privacy. We request that you carefully read this Technology Privacy Policy in addition to the Valant Terms of Use before using the Services. By visiting, viewing or using the Services in any manner, you are agreeing to the terms set forth in this Technology Privacy Policy.

To access and use certain Valant Services, such as access through the Valant website, platform, or mobile applications, you must have an account with a healthcare organization using our software. Because of this, your use of our Services is also subject to your healthcare organization’s privacy policy.  Please contact your healthcare organization if you have any questions about their privacy policy.

Personal Information We Collect About You. We may collect and use the following information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”):

  • Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers)
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, driver’s license or state identification card number, insurance policy number, or any other financial information, medical information, or health insurance information.
  • Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
  • Internet activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with a web site, application, or advertisement)

If you do not provide certain Personal Information, it may delay or prevent us from providing certain services to you.

We may also create or receive certain health information that identifies you, including protected health information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), when you or your healthcare providers use our Services or at the direction of your healthcare provider.  Valant is required by certain state and federal laws to implement and maintain safeguards to protect the privacy and security of certain health information that identifies you, including PHI.  Valant may use this information as permitted or required by HIPAA and applicable state and federal law.

How Your Personal Information is Collected. We collect most of this Personal Information directly from you when you provide it to us via our Services (such as information you enter into web forms, inquiries, or during registration to use our Services) or from third parties (such as your healthcare providers). We may also collect information from cookies or other online tracking tools on our Services.

Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to our Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Services.
  • Information about your device and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically is statistical data and does not include Personal Information. It helps us to improve our Services.

Links to Other Websites. Our Services may contain links to the websites of third parties whose privacy practices may differ from ours. If you submit Personal Information to any of these third-party sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit or link to from our Services.

How and Why We Use Your Personal Information. We may use Personal Information for the following purposes:

  • To provide services to you or your healthcare provider;
  • To send you requested information;
  • To respond to your requests;
  • To comply with our legal and regulatory obligations;
  • For our legitimate interests or those of a third party, meaning we have a business or commercial reason to use the Personal Information; or
  • Where you have given consent.

In addition to the foregoing, the table below provides examples of how we may use your Personal Information and our reasons for such use:

How we may use your Personal Information Our reasons
To provide services to you or your healthcare provider For the performance of our agreement with you or your healthcare provider or to comply with your requests, such as providing appointment reminders or notifications regarding secure messages or coordinating care among treatment providers
To prevent and detect fraud against you or us For our legitimate interests or those of a third party, i.e., to minimize fraud that could be damaging for us and for you
Processing necessary to comply with professional, legal and regulatory obligations that apply to our business or third parties that use our services

 

To comply with our legal and regulatory obligations or the obligations of our third party healthcare provider customers, such as providing certain usage or outcome data to state or federal agencies or other third parties or responding to law enforcement requests, court orders, and other legal processes or to carry out our legal and contractual obligations and enforce our rights
Ensuring business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures, so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service at the best price
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures For our legitimate interests or those of a third party, such as anonymizing and aggregating data for analytics and reporting
Updating and enhancing customer records To comply with our legal and regulatory obligations; and for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing products and services and new products and services

 

Who We Share Your Personal Information With. We will not sell any of your Personal Information to any outside organization. We only disclose your Personal Information to third parties as reasonably necessary to carry out the permitted uses described in this policy. For example, we may share Personal Information with:

  • third parties as necessary to carry out our obligations to your healthcare provider or that we use to help us run our business, such as email automation platforms, technical and customer support contractors, or other service providers who are required to keep the Personal Information confidential and are prohibited from using it other than to carry out their services on our behalf;
  • our successors in the event of a sale, merger, acquisition, or similar transaction affecting the relevant portion of our business; and
  • legal and governmental authorities or other third parties, to the extent required to comply with a legal order or applicable law or policy.

We may also disclose Personal Information that we collect or you provide as described in this privacy policy:

  • If we believe disclosure is necessary or appropriate to protect our rights, property, or the safety of our company, our customers, or others;
  • For any other purpose disclosed by us when you provide the information; or
  • With your consent.

We may also disclose de-identified information.

In the preceding 12 months, we have not disclosed for a business purpose to any third parties the following categories of Personal Information:

  • Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)
  • Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, address, telephone number, education, employment, and employment history.
  • Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with the Services, or advertisement)

How Long Your Personal Information Will Be Kept. We will keep your Personal Information while you maintain an account using our Services or while we are providing products and services to you or your healthcare provider. Thereafter, we will keep your Personal Information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To comply with laws and regulations and provide to law enforcement agencies;
  • To preserve our business records; and/or
  • To conduct our business operations.

California Residents. California consumers have the right to request any of the following information from us regarding certain Personal Information collected about you during the preceding 12 months under the California Consumer Privacy Act of 2018 (CCPA):

  • The categories of Personal Information collected about you.
  • The categories of sources from which the Personal Information is collected.
  • The business or commercial purpose for collecting or selling Personal Information.
  • The categories of third parties with whom we share Personal Information, if any.
  • The specific Personal Information collected about you.
  • For Personal Information sold or disclosed to a third party for a business purpose, you have a right to know the categories of Personal Information about you that we sold and the categories of third parties to whom the Personal Information was sold; and the categories of Personal Information that we disclosed about you for a business purpose.

We will provide this information free of charge up to two (2) times in any twelve (12) month period within 45 days of receiving your verifiable request (including verification of your identity and your California residency), subject to delays and exclusions permitted by law.  Specific Personal Information about you or your account that is categorized as sensitive or confidential may be redacted.

As a California resident, you have the right to request that we delete any Personal Information that we have collected about you.  We will honor this request subject to the range of exclusions permitted by law.  For example, we are not required to delete Personal Information if it is necessary to complete a transaction or reasonably used for an ongoing business relationship or if it is used internally in a lawful manner that is compatible with the context in which the consumer provided the information.

As a California resident, you also have the right to opt out of the sale of your Personal Information to third parties. We do not sell your Personal Information.  However, we are permitted to share your Personal Information with a service provider.

We will not discriminate against you if you choose to exercise any of these rights. California residents may exercise the rights described above by contacting us as follows:

Mail: PO BOX 21405, Seattle, WA 98111-3405

Email: privacy@valant.com

Phone: 206-774-0532

We may require verification of your identity before further processing your request. In certain instances, we may be permitted by law to decline some or all of such request.

Please note that the CCPA does not apply to, among other things:

  • Information that is lawfully made available from federal, state, or local government records;
  • Consumer information that is deidentified or aggregated;
  • Medical information governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1) or PHI that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services (HHS), Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Public Law 111-5).
  • A provider of health care governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1) or a covered entity governed by the privacy, security, and breach notification rules issued by HHS, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to HIPAA, to the extent the provider or covered entity maintains patient information in the same manner as medical information or PHI as described in the paragraph above.

Keeping Your Personal Information Secure.  Unfortunately, the transmission of information via the internet is not completely secure. Although we take and maintain reasonable security practices and procedures, we cannot guarantee the security of your Personal Information transmitted to our services.

Treatment of Minors’ Information. Our Services are not intended for children and we do not knowingly solicit or collect Personal Information from children. The account holder for the Services for a child must be the child’s parent or legal guardian.  If we are notified or discover that a child under the age of 13 has submitted Personal Information to us, we will take reasonable steps to delete the information or take such other actions as may be required by your healthcare provider as permitted under applicable law.

Changes to This Technology Privacy Policy. We may update this policy from time to time. We will always post the then-current version of this policy on our Services and will indicate at the top of the policy the date on which the latest version took effect. Please review this policy from time to time to stay updated on our privacy practices. By continuing to access and use the Services you are agreeing to such changes made to this Technology Privacy Policy.

How to Contact Us.

Please contact us if you have any questions or comments about this privacy policy or the information we hold about you.

Mail: PO BOX 21405, Seattle, WA 98111-3405

Email: privacy@valant.com

Phone: 206-774-0532

Do You Need Extra Help? If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).