Product Privacy Policy
This Product Privacy Policy ("Privacy Policy") applies to products and services of CentralReach, LLC and its affiliates, including, without limitation, avail® by CentralReach, CR Essentials® by CentralReach, Thread Learning® by CentralReach, PrecisionX® by CentralReach, and CR LiftEd™ (“CentralReach,” “we,” “us,” and “our”).
We respect your privacy rights and value your trust. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your personal information, as well as your rights in determining what we do with the information that we collect or hold about you.
This Privacy Policy describes how CentralReach collects and uses the personal information our customer organizations (“Customers”) provide in connection with our products and services (collectively “Products”). The use of information collected through our Products shall be limited to the purpose of providing the service for which our Customers have engaged CentralReach. We maintain a separate privacy policy with respect to our website. To view our Website Privacy Policy, click here.
Privacy Shield Participation
CentralReach participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom (UK), and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.
CentralReach is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. CentralReach complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, the UK, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, CentralReach is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
What information do we collect?
Our Products collect information used by our Customers to provide medical and related services. CentralReach’s Customers input data and information into CentralReach’s Products, and CentralReach processes such information on behalf of our Customers. Accordingly, CentralReach has no direct relationship with the individuals whose personal data it processes on behalf of our Customers. If you are a client or employee of one of our Customers and would no longer like to be contacted by that Customer or have any questions or concerns about data or information that Customer may have entered into our Products, please contact that Customer directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements between us and our Customers, and between us and such third parties.
For purposes of this Privacy Policy, "personal information" refers to information that relates directly or indirectly to an identified or identifiable individual ("you"). The personal information that we collect about you is dependent on our Customers use of the Products and the data that they enter into our Products relating to you, and varies depending on the services you are receiving from our Customer.
Information Collected Through Our Products
Our Products collect information about you entered by our Customers. Our Customers will collect information about you that they determine to be necessary or advisable in connection with the service they are providing to you. If you desire to obtain a specific list of all data collected about you, you must contact the Customer directly. CentralReach does not control the data entered into our Products by our Customers. Information about you that may be collected by our Customers in our Products may include:
- Name
- Email address
- Mailing address
- Phone number
- Demographic information
- Insurance information
- Payment information
- Health and biometric data
- Medical service history and related documentation
- Such other information as the Customer deems relevant
In addition, Customers may enter certain information regarding their employees into our Products. If you are an employee of one of our Customers and desire to obtain a specific list of all data collected about you, you must contact the Customer employing you directly. CentralReach does not control the employee data entered into our Products by our Customers. This information may include:
- Contact information
- Demographic information
- Benefits information
- Salary information
- Job title
- Licensing and professional certification information
- Disciplinary history
- Academic information
- Such other employment information as the Customer deems relevant
Information We Collect Automatically
While you use our Products, certain information, including personal information, is collected about your use of our Products, as follows:
Device and Usage Information: Information about your hardware and software, IP address, browser type and version, operating system, browsing history and page views, length of visit, referral/exiting sources, device identifiers such as Apple IDFA or Google Advertising ID, cookie identifiers, other pseudonymous identifiers, and information about the timing, frequency, and patterns of your usage.
Location Information: We may collect information about your actual or non-precise physical location when you voluntarily tell us, or when you provide this information via sharing your device's IP address or mobile device's GPS, wi-fi, or cellular signal information. You may control, enable or disable the use of location-based services from within your device's settings or mobile application's permissions.
Server log files: We automatically gather server log file information when you use our Products. This includes IP address, browser type, referring and exit web pages, and your operating system.
What is the information used for?
The information collected through our Products is used by CentralReach to provide our Customers with practice management, clinical and related cloud-based software solutions, which, among other things:
- Improves customer service
- Helps us administer your account
- Enables us to respond to your questions and concerns
- Facilitates customer relationships
- Allows us to render billing and invoicing services
- Obtains payment for health care services
- Provides health care operations
- Manages medical and/or health records
- Monitors treatment adherence
- Facilitates our Customers in rendering medical services
- Manages employment relationships
We collect and use personal information solely with the objective of fulfilling those purposes specified above and for other compatible purposes, unless you provide your consent or as required by law.
Do we disclose your information?
We share your personal information according to this Privacy Policy, with your consent or as necessary to provide you the products or services you request, as well as to operate our business. The ways in which we share your personal information are set forth below.
Third Party Service Providers/Vendors: We share your information with contracted third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us, pursuant to written instructions. In such cases, these companies must abide by our data privacy and security requirements, and are not allowed to use personally identifiable information, including protected health information, they receive from us for any other purpose. Representative business processes that our service providers/vendors assist us with may include:
- Promotional, marketing and sales efforts
- Network or cybersecurity monitoring and intrusion detection
- Web or application development/management
- Payment processing
- Insurance and payor invoicing
- Providing customer service
- Providing cloud computing infrastructure/storage/processing, etc.
- Technical administration, such as hosting, managing and maintaining our sites, services, applications, networks, etc.
- Analytics for research and development purposes, including products usage data, and benchmarking research and services on an de-identified basis.
- Educational development relating to training, certification, course development and related activities
Legal Compliance: In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Corporate Transactions: If CentralReach is involved in a merger, acquisition, dissolution, sale of all or a portion of its assets, or other fundamental corporate transaction, we reserve the right to sell or transfer your information as part of the transaction.
How can I exercise my choices?
Whenever possible and within its authority, CentralReach will offer you the opportunity to choose (opt-out) whether your personal information is to be used by CentralReach for a purpose other than the purpose for which it was originally collected or subsequently authorized by you. CentralReach will provide you with reasonable mechanisms to exercise your choices.
How can I access my account?
Our Customers access their accounts by password-protected logins as a part of their subscription to our Products and may enter and delete (subject to applicable law regarding medical records) information directly. An individual who seeks access, or who seeks to correct, amend, or delete data entered by one of our Customers should direct their inquiry directly to the Customer (the data controller). If requested by a Customer to remove data we will respond within a reasonable timeframe which will not exceed thirty (30) days or as otherwise required by law. If the process of removal will require in excess of thirty (30) days (or such other period as required by law) we will inform the Customer.
How long will my information be retained?
CentralReach will retain personal data we process on behalf of a Customer for as long as needed to provide services to such Customer. Our Customers are solely responsible for exporting all data stored in our Products prior to the termination of our services. CentralReach will retain all such data for a minimum of sixty (60) days after the termination of our services to a Customer as a safeguard in case the Customer requires more time to export its data. Customers will be responsible during this sixty (60) day period to make any requests for additional data. CentralReach reserves the right to retain such data beyond such sixty (60) day period to the extent CentralReach determines necessary to satisfy other reasonable business purposes, such as complying with legal obligations, resolving disputes, or enforcing our agreements.
Do our Products use web cookies, beacons, and widgets?
We may use cookies and similar tracking technologies, for example, to keep track of your session use within the Products. Cookies are also used to collect general usage and performance data, including volume statistical information that does not include personal information.
Most web browsers support cookies, and users can control the use of cookies at the individual browser level. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our Products.
We maintain a separate Cookie Policy. To learn more about cookies generally, including how to disable them, view our Website Cookie Policy.
International Transfer
To facilitate our operations, we may transfer, store and process your personal information in jurisdictions other than where you live, including in the United States. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.
What rights do I have if I am a California consumer?
Pursuant to California Civil Code Section § 1798.83, we will not disclose or share your personal information with third parties for the purposes of third-party marketing to you without your prior consent.
Other than as disclosed in this Privacy Policy, our Products do not track users over time and across third-party websites to provide targeted advertising. Therefore, the Products do not operate any differently when they receive Do Not Track (“DNT”) signals from your internet web browser.
If you are a California consumer, as defined by the California Consumer Privacy Act of 2018 (“CCPA”), you may be afforded additional rights with respect to your “Personal Information” as that term is explicitly defined under California law. Any Personal Information we collect is collected for the commercial purpose of effectively providing our Products to you, as well as enabling you to learn more about, and benefit from, our Products. For purposes of our Products, Central Reach operates as a “service provider” under the CCPA. As such, and in line with other representations in this Privacy Policy, we may not have the authority to fulfill your requests under the CCPA and as provided in this section of this Privacy Policy. Rather, you may need to direct such request to our Customers as “businesses” as defined under the CCPA.
To the extent we have the authority to respond to your exercising of the rights below, you may do so subject to our verification of your identity. In the event you use a third party agent to make any such request of Central Reach under this section, we may require additional confirmation of your authorization of such a request before processing your request.
Access: You may email us at privacy@centralreach.com to request a copy of the Personal Information our Products databases currently contain.
Prohibit Data Sharing. When applicable, you may prohibit the sharing of your Personal Information by CentralReach submitting a request via email to privacy@centralreach.com. In your email, please explain how you wish us to prohibit the sharing of your personal data, and which categories of third parties you want to prohibit from receiving your Personal Information. When such prohibitions are not possible to provide our services to you, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Policy.
Portability. Upon request and when possible, we can provide you with copies of your Personal Information. You may submit a request via email to privacy@centralreach.com. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Policy.
Deletion. If you should wish to cease use of our Products and have your Personal Information deleted from our Products, then you may submit a request by emailing us at privacy@centralreach.com. Upon receipt of such a request for deletion, we will confirm receipt and if you are our Customer, we will confirm once your Personal Information has been deleted, and if you are a client of one our Customers, we will forward your request to such Customer controlling your data. Where applicable, we will ensure such changes are shared with trusted third parties.
We do not sell your Personal Information. If we ever decide to sell Personal Information, we will update you via this Privacy Policy and include a link entitled “Do Not Sell My Personal Information,” to provide you with an opportunity to opt out of sales of your Personal Information. In addition to the email address provided above, you may also submit requests at the following toll-free telephone number: 1-800-939-5414.
In addition, if a California resident exercises his or her rights under California law, including the CCPA, we shall not discriminate against that California resident by denying our goods or services, charging different prices or rates to similarly situated consumers, providing a different level or quality of our goods or services, or taking any other adverse action.
In accordance with and subject to then current requirements of the CCPA, requests from California residents relating to the type of data we collect or process, or requests to delete data will be responded to within 10 business days of our receipt of the request, and completion of requested action shall occur within 45 days (or within 90 days if we advise you that additional time is required due to reasonable restraints, limitations or conditions).
How do you secure my information?
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. To report a security violation, please promptly call us at 1-800-939-5414 or email us at privacy@centralreach.com.
Changes
CentralReach may revise and update this Privacy Policy at any time, without notice to you. If we propose to make any material changes, we will notify you by means of a notice on this page prior to the change becoming effective. We encourage you to periodically reread this Privacy Policy, to see if there have been any changes to our policies that may affect you.
Contacting Us
If there are any questions regarding on our Privacy Policy please write to us at the below address or email us at: privacy@centralreach.com. We will respond to your concerns within 30 days of receipt or as otherwise required by applicable law.
CentralReach, LLC
ATTN: Privacy Officer
100 Matawan Road
Matawan, New Jersey 07747
Effective Date: March 3, 2023