Website Privacy Policy

This Website Privacy Policy ("Privacy Policy") applies to CentralReach, LLC and its affiliates (“CentralReach,” “we,” “us,” and “our”). We respect your privacy rights and value your trust. This Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your personal information, as well as your rights in determining what we do with the information that we collect or hold about you.

 

This Privacy Policy describes how CentralReach collects and uses the personal information you provide on our website located at: www.centralreach.com(“Website”). This Privacy Policy does not govern the use of CentralReach products or services offered under contract to CentralReach customers. To view our Product Privacy Policy, click here.

 

This Privacy Policy governs our interactions with you in any one of the following capacities:

 

Unless otherwise specified, this Privacy Policy applies in the same manner to you and your personal information.

 

This Privacy Policy does not apply to information collected by us offline or through any other means, including on any other website operated by CentralReach or any third party, or information collected by any third party through any application or content (including advertising) that may link to or be accessible from the Website (for further information, see below, “Do we link to other websites?”).

 

Please read this Privacy Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, then please do not use our Website. By using our Website, you agree to the terms of this Privacy Policy. This Privacy Policy may change from time to time (see below, “Changes”). Your continued use of our Website after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.

 

Website Terms of Use; Other Agreements
This Privacy Policy should be read in conjunction with the Website Terms of Use, into which this Privacy Policy is incorporated by reference.

 

Furthermore, as a Consumer or Customer, your use of the Website and our processing of your information may also be subject to a terms of sale, written contract with your employer, or other agreement specific to the nature of any transaction in which you are participating.”

 

EU-U.S. Data Privacy Framework with UK Extension, and Swiss-U.S. Data Privacy Framework
CentralReach participates in and has certified its compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. CentralReach has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. CentralReach has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF), and to view our certification, visit https://www.dataprivacyframework.gov.

 

CentralReach is responsible for the processing of personal data it receives, under each Data Privacy Framework, and subsequently transfers to a third party acting as an agent on its behalf. CentralReach complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, the UK and Switzerland, including the onward transfer liability provisions.

 

The Federal Trade Commission has jurisdiction over CentralReach’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, CentralReach may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

 

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, CentralReach commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.

 

Under certain conditions, more fully described on the Data Privacy Framework website at https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

 

What We Collect and How We Collect It
To ensure that we provide you with the best possible experience, we will store, use, and share personal information about you in accordance with this Policy. Personal information is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user, household or device (“Personal Information”). In particular, the Website may collect the following categories of Personal Information from users of the Website:

Category Examples Collected
Identifiers. A real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name. YES
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. YES
Protected classification characteristics. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
Sensitive Personal Information. Precise geolocation, Social Security number, driver’s license, state identification card, passport number, account log-in, financial account, debit card, credit card number with security, or access code or password, racial or ethnic origin, religious/philosophical beliefs, or union membership, contents of mail, email, and text messages, genetic data and processing of biometric information, health and sexual orientation. NO
Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with CentralReach’s website, application, or advertisement. YES
Geolocation data. Physical location or movements. NO
Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
Professional or employment-related information. Current or past job history or performance evaluations. NO
Non-public education information. Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
Inferences drawn from other Personal Information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

We obtain the categories of Personal Information listed above from the following categories of sources:
 

The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as contacting the Company to request further information. When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data, unless required for our services.
 
Additionally, we may ask you to create a username and password that should only be known to you. When you provide this information to us, you are no longer anonymous. Moreover, we may receive information about you from other sources and add it to the information you have provided to us.
 
Information We Collect Automatically
While you visit or use our Websites, certain information, including Personal Information, is collected about your use of the Website, as follows:
 
Device and Usage Information: Information about your hardware and software, IP address, browser type and version, operating system, browsing history and page views, length of visit, referral/exiting sources, device identifiers such as Apple IDFA or Google Advertising ID, cookie identifiers, other pseudonymous identifiers, and information about the timing, frequency, and patterns of your usage.
 
Location Information: We may collect information about your actual or non-precise physical location when you voluntarily tell us, or when you provide this information via sharing your device's IP address or mobile device's GPS, Wi-Fi, or cellular signal information. You may control, enable or disable the use of location-based services from within your device's settings or mobile application's permissions.
 
Server log files: We automatically gather server log file information when you visit our websites. This includes IP address, browser type, referring and exit web pages, and your operating system.
 
HIPAA. This Website is not intended for the processing of Protected Health Information (“PHI”) as required under the Health Insurance Portability and Accountability Act (“HIPAA”). When using the CentralReach Website, you agree you will never provide CentralReach with PHI nor will CentralReach provide you with PHI through the Website.
 
What is the information used for?
 
This collected information is used to:
 

We collect and use Personal Information solely with the objective of fulfilling those purposes specified above and for other compatible purposes, unless we obtain your consent or as required by law.
 
Do we disclose your information?
We share your Personal Information according to this Privacy Policy, with your consent or as necessary to provide you the products or services you request, as well as to operate our business. The ways in which we share your Personal Information are set forth below.
 
Third Party Service Providers/Vendors: We share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized under contract to use your Personal Information only as necessary to provide these services to us, pursuant to written instructions. In such cases, these companies must abide by our data privacy and security requirements, and are not allowed to use personally identifiable information they receive from us for any other purpose. Representative business processes that our service providers/vendors assist us with may include:
 

Legal Compliance: In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your Personal Information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
 
Corporate Transactions: If CentralReach is involved in a merger, acquisition, dissolution, sale of all or a portion of its assets, or other fundamental corporate transaction, we reserve the right to sell or transfer your information as part of the transaction.
 
How long do we keep your information?
The period of time in which information we obtain from your use of our Websites is retained for as long as reasonably necessary to provide you the information or services described in this Privacy Policy or any applicable contract. Our retention of your Personal Information will also depend on the manner in which the information has been collected (contact forms, session cookies, etc.). If you wish to request that we remove or no longer use information you provide through our Websites, please contact us at privacy@centralreach.com. We will reserve the right to retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
 
How can I opt in/out of emails?
You may choose to stop receiving our newsletters or marketing emails by following the unsubscribe instructions included in the emails or you can contact us toll-free at 1-800-939-5414.
CentralReach will offer you the opportunity to choose (opt-out) if we intend to use your Personal Information for a purpose other than the purpose for which it was originally collected by us or subsequently authorized by you. CentralReach will provide you with reasonable mechanisms to exercise your choices in such circumstance.
 
How can I control my Personal Information?
CentralReach respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete Personal Information, request deletion of your Personal Information, or request that we no longer use it. Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond to your request within a reasonable timeframe and provide you an explanation. In order to make such a request of us, please email us at privacy@centralreach.com.
 
Do we use web cookies, beacons, and widgets?
We may use cookies and similar tracking technologies, for example, to keep track of your preferences and profile information. Cookies are also used to collect general usage and volume statistical information that does not include Personal Information.
 
Third Party Cookies: Our service providers and partners also may use cookies and similar tracking technologies to help us improve the online experience of our visitors. Our partners use session ID cookies to make it easier for you to navigate our Website.
 
We may also use tracking technologies to collect information and infer your interests for interest-based advertising purposes. If you would prefer to not receive personalized ads based on your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements. Please note that you will continue to see advertisements, but they will no longer be tailored to your interests.
 
To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, please visit:
 

Our Web pages contain electronic images known as Web Beacons (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyze how our Website is used and may be used in some of our emails to let us know which emails and links have been opened by recipients. This allows us to gauge the effectiveness of our customer communications and marketing campaigns.
 
Our Website includes widgets and social media features, such as the Facebook Like button, Twitter follow button, and Google+ button. These features may collect your IP address, which page you are visiting on our Website, and may set a cookie to enable the Feature to function properly. These are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing it.
 
Most web browsers support cookies, and users can control the use of cookies at the individual browser level. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our Websites and services.
 
To learn more about cookies, including how to disable them, view our Website Cookie Policy.
 
Do we post customer testimonials?
We post customer testimonials, comments, and reviews on our Website which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. To request removal of your Personal Information from Testimonials or comments please contact us at privacy@centralreach.com.
 
Do we link to other websites?
Our Website includes links to other websites whose privacy practices may differ from those of CentralReach. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.
 
International Transfer
To facilitate our operations, we may transfer, store and process your Personal Information in jurisdictions other than where you live, including in the United States. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your Personal Information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.
 
Your Rights Under State Law
 
California
Pursuant to California Civil Code Section § 1798.83, we will not disclose or share your Personal Information with third parties for the purposes of third-party marketing to you without your prior consent.
 
Other than as disclosed in this Privacy Policy, the Website does not track users over time and across third-party websites to provide targeted advertising. Therefore, the Website does not operate any differently when it receives Do Not Track (“DNT”) signals from your internet web browser.
 
WE DO NOT SELL OR SHARE YOUR PERSONAL INFORMATION. If we ever decide to “sell” or “share” Personal Information, as those terms are defined under the California Consumer Privacy Act of 2018, we will update you via this Policy and include a link entitled “Do Not Sell or Share My Personal Information,” to provide you with an opportunity to opt out of the selling or sharing of your Personal Information.
 
Your Consumer Rights
Some state laws in the United States provide consumers with additional rights with respect to their Personal Information (also known as “personal data”), as those terms are defined under those applicable state laws. Such state laws may include, but are not limited to, the California Consumer Privacy Act of 2018 (the “CCPA”) as amended by the California Privacy Rights Act, the Colorado Privacy Act (“CPA”) and the Virginia Consumer Data Protection Act (“VCDPA”). Any Personal Information we collect is collected for the commercial purpose of effectively providing our services to you, as well as enabling you to learn more about, and benefit from, our services. If you reside in a state that provides additional rights with respect to your Personal Information, you may exercise each of your rights as identified below, subject to our verification of your identity. In the event you use a third party agent to make any such request of Central Reach under this section, we may require additional confirmation of your authorization of such a request before processing your request.
 
Access: You may email us at privacy@centralreach.com to request a copy of the Personal Information our Website databases currently contain.
Prohibit Data Sharing. When applicable, you may prohibit the sharing of your Personal Information by submitting a request via email to privacy@centralreach.com. In your email, please explain how you wish us to prohibit the sharing of your personal data, and which categories of third parties you want to prohibit from receiving your Personal Information. When such prohibitions are not possible to provide our services to you, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Policy.
 
Portability. Upon request and when possible, we will provide you with copies of your Personal Information. You may submit a request via email to privacy@centralreach.com. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Policy.
 
Deletion. If you should wish to cease use of our Website and have your Personal Information deleted from our Website, then you may submit a request by emailing us at privacy@centralreach.com. Upon receipt of such a request for deletion, we will confirm receipt and will confirm once your Personal Information has been deleted. Where applicable, we will ensure such changes are shared with trusted third parties.
 
Non-Discrimination. If a data subject exercises his or her rights under applicable state law, including but not limited to the CCPA, CPA, and VCDPA, we shall not discriminate against that data subject by denying our goods or services, charging different prices or rates to similarly situated consumers, providing a different level or quality of our goods or services, or taking any other adverse action.
 
Exercising your rights. If you are a data subject that has rights under applicable state law, including but not limited to the CCPA, CPA, and VCDPA, who chooses to exercise the rights listed above, you can:
 

Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information. If an authorized agent makes a request on your behalf, we may require proof that you gave the agent permission to submit the request.
 
Responding to Your Request. Upon receiving your request, we will confirm receipt of your request by sending you an email confirming receipt. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the Personal Information. In some instances, such as a request to delete Personal Information, we may first separately confirm that you would like for us to in fact delete your Personal Information before acting on your request.
 
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
 
How do we secure your information?
We use reasonable technical, administrative, and physical safeguards in order to protect your Personal Information against accidental loss and from unauthorized access, use, alteration, and disclosure. However, we can never promise 100% security. You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please also notify us of any actual or suspected unauthorized use. To report a security violation, please promptly call us at 1-800-939-5414 or email us at privacy@centralreach.com.
 
For Website Users or Visitors Outside of the United States
Our Website is designed for use by individuals in the United States only. We do not warrant or represent that this Privacy Policy or the Website’s use of your Personal Information complies with the laws of any other jurisdiction. Furthermore, to provide you with our services, we may store, process, and transmit information in the United States and other locations around the world, including countries that may not have the same privacy and security laws as yours. Regardless of the country in which such information is stored, we will process your Personal Information in accordance with this Policy.
 
For Website Users or Visitors in the European Union (“EU”)
Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”), individuals in the EU are afforded specific rights with respect to their Personal Information, or “personal data” as defined under the GDPR. For the purposes of this Privacy Policy, the Company operates as a data controller. Any personal data we collect from you is processed in the United States and under the terms of this Privacy Policy.
 
Any personal data we collect from you is processed in the legitimate interest of our business and providing our services to you as the lawful means of such processing. You may always withdraw your consent to our use of your personal data as described below. We will only retain your personal data for the time necessary to provide you the information and services to which you have consented, to comply with the law and in accordance with your rights below.
 
The Data Controller is:
NAME: CentralReach, LLC
ADDRESS: 101 Crawfords Corner Road, Suite 2201, Holmdel, New Jersey, 07733
EMAIL ADDRESS: privacy@centralreach.com
 
You can exercise any of the following rights, subject to verification of your identity, by notifying us as described below:
 

Submit Complaints or Questions. If you wish to raise a complaint on how we have handled your personal data, you can contact us as described below. If you reside in a European Union member state, you may also lodge a complaint with the supervisory authority in your country.
 
Changes
CentralReach may revise and update this Privacy Policy at any time, without notice to you. If we propose to make any material changes, we will notify you by means of a notice on this page prior to the change becoming effective. We encourage you to periodically reread this Privacy Policy, to see if there have been any changes to our policies that may affect you.
 
Contacting Us
If there are any questions regarding on our Privacy Policy, please write to us at the below address or email us at: privacy@centralreach.com. We will respond to your concerns within 30 days of receipt or as otherwise required by law.
 
CentralReach, LLC
ATTN: Privacy Officer
101 Crawfords Corner Road, Suite 2201
Holmdel, New Jersey 07733
 
Last Revised: October 10, 2023