Last Updated: February 10, 2021
Health Insurance Portability and Accountability Act of 1996 (HIPAA) & State Law
Ciox as a Service Provider
Personal Information We Collect
“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. Ciox collects Personal Information from you when send us emails or otherwise voluntarily submit your information to us.
Depending on how you use the Services, we may collect the following categories of Personal Information about you:
- Direct Identifiers, such as your name, mailing address, email address, phone number, and account numbers. Typically, we collect this information directly from you to contact you regarding administrative notices, your use of the Services, or in connection with your interactions with us, such as through an employment application.
- Internet Activity Information, such as your browsing history and browser preferences. Typically, we collect this information through cookies and other data collection technologies to under how you use our website.
- Commercial Information, such as your financial and payment information, including credit card and payment card information. Typically, we collect this information directly from you to process payments you request or otherwise adjust your account.
In addition the purpose of collection described above, we may also collect Personal Information generally for the following reasons:
- For the purpose for which you provided it.
- To maintain and service your account.
- To administer and improve our website.
- To communicate with you and respond to inquiries you send to us.
- To promote our products and services to you, if given your permission.
- To comply with legal, regulatory and risk management obligations.
In addition, we may use your Personal Information in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services and how to improve the Services. One way in which we collect your non-identifiable information is through anonymous surveys. Participation in such surveys is voluntary and is not connected to any of your Personal Information. We may provide aggregated information to third parties, but when we do so we do not provide any of your Personal Information without your express permission.
How We Disclose the Information We Collect
We share your Personal Information for the following reasons:
In Connection with a Legal Right or Obligation. We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with the Services; or (c) protect our rights, reputation, property, or that of our users, affiliates, or the public.
Cookies and Data Collection Technologies
How We Protect Your Information
Communications between your browser and portions of the online Services containing Personal Information are protected with Secure Socket Layer (“SSL”) encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your information we strive to maintain the physical and electronic security of your Personal Information using commercially reasonable efforts.
NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD ENCRYPTION TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.
In the Event of a Security Breach of Your Personal Information
If we determine that your Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you in accordance with and to the extent required by applicable state and federal law using the information that we have on file.
Disclosures for California Residents
If you are a resident of California, you may be entitled to the following privacy rights:
- The right to know. You have the right to request to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in the last 12 months; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in the last 12 months; (v) the categories of third parties to whom your Personal Information was sold or disclosed in the last 12 months; and (vi) the purpose for collecting and selling your Personal Information. Generally:
- Within the preceding 12 months, Ciox has collected the categories of Personal Information detailed in the “Personal Information We Collect” section above.
- Ciox does not and will not sell your Personal Information.
- Ciox has not disclosed your Personal Information to third parties within the preceding 12 months.
- The right to deletion. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
- The right to equal service. If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our services.
The CCPA does not apply to health information that (i) is deidentified in accordance with the requirements of deidentification set forth in Section 164.514 of Part 164 of Title 45 of the Code of Federal Regulations, and (ii) is derived from patient information that was originally collected, created, transmitted, or maintained by an entity regulated by the Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act, or the Federal Policy for the Protection of Human Subjects, also know as the Common Rule. Ciox may use or disclose deidentified information so long as the entities to who Ciox discloses deidentified data are prohibited from re-identifying or attempting to re-identify data.
You may exercise your right to know and your right to deletion twice a year free of charge. To exercise your right to know or your right to deletion, contact us via our C3 at 844-882-3809 or visit our C3 website at www.cioxcomplianceconnection.com.
Ciox will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.
You may use an authorized agent to submit a request to know or a request to delete. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.
Third Party Privacy
Changes to Our Policy
Elizabeth Delahoussaye, Chief Privacy Officer
Robbie Hudec, Chief Information Security Officer
925 North Point Parkway
Alpharetta, GA 30005
or visit our C3 website at www.cioxcomplianceconnection.com