Arctrieval Inc. Privacy Policy

(Last updated July 8, 2010)

At Arctrieval, Inc., we respect the privacy of our users' information and are committed to protecting Personal Information that users disclose on our website. This Privacy Policy describes how we will use and protect our users' personal information and how we will notify our users in the event of a security breach. This Privacy Policy is a part of our Terms of Use, which users are required to accept in order to use the Site.

BY USING THIS SITE, USERS AGREE TO BE BOUND BY THE TERMS OF THIS PRIVACY POLICY. ANY USERS WHO DO NOT AGREE WITH THESE TERMS SHOULD NOT USE THIS SITE!

1. About Our Privacy Policy. This Privacy Policy applies to www.Arctrieval.com and app.Arctrieval.com. The Site may contain links to other Web sites. We are not responsible for the privacy practices of other Web sites that users may enter by, for example, clicking on an advertisement, service, or content link on the Site. We strongly encourage users to review the privacy policy of every Web site that they visit through a link or advertisement on the Site.
2. Changes to Our Policy. We reserve the right to modify or amend this Privacy Policy at any time. All changes to this Privacy Policy will be effective immediately upon their posting to the Site. We will notify users of material changes to this Privacy Policy by conspicuously posting the changes on the Site. Information collected before changes are made will be treated in according with the previous Privacy Policy. Each version of our Privacy Policy will be prominently marked with an effective date. CONTINUED USE OF THE SITE AFTER THE EFFECTIVE DATE OF A PRIVACY POLICY WILL INDICATE THE USER'S AGREEMENT TO ANY MODIFIED TERMS.
3. Definitions/Glossary. The following terms are used in this Privacy Policy and having the meaning set forth below.

   "Content" refers to any text, graphics, logos, button icons, images, audio or video content, digital or printable downloads, and other materials that may appear on or may be produced by the Site.

   "Cookies" refer to electronic data stored by the user's computer browser. The Cookies enable us to facilitate access to different aspects of the Site.

   "Healthcare Provider" refers to any person or entity that provides health care services, including doctors' offices, clinics, and hospitals.

   "Non-Personal Information" refers to any information collected from a person that cannot be used to identify that person.

   "Personal Information" refers to Personally Identifiable Information or Protected Health Information.

   "Personally Identifiable Information" or "PII" refers to information that can be used to identify a specific individual. Some examples of PII are name, home address, telephone number and email address.

   "Protected Health Information" or "PHI" refers to personal health information that is protected by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). PHI is defined as personally identifiable information about the past, present or future physical or mental health or condition of a patient, the provision of health care to a patient or the past, present or future payment for such care.

   "Site" refers to the Arctrieval websites, www.Arctrieval.com and app.Arctrieval.com.

   "SSL" refers to Secure Socket Layer, a security protocol for securely transmitting information over the Internet. Most modern web browsers support SSL. Web sites that use SSL have a URL that begins with https:// instead of http://.

   "User" refers to any individual who visits the Site.

   "We," "our," "us," and "Arctrieval" refer to Arctrieval, Inc., a Delaware Corporation, the entity that runs and maintains the Site.

   "Web beacons" refer to Internet tools, such as transparent images on the Site or in emails that we may send the users that help us to determine, for instance, whether a page has been viewed or an email opened. For example, when the users ask us to send them information on a promotion or newsletter, we may use web beacons to determine how many of the emails we sent were actually opened. In general, any electronic image viewed as part of a web page, including a banner ad, can contain a web beacon.

4. The Non-Personal Information We Collect. We collect Non-Personal Information about users, such as IP addresses, browser types, and pages viewed. We may use cookies and/or web beacons to facilitate gathering this information.

   We use this information in the aggregate to determine how much traffic the Site receives, to statistically analyze Site usage, to improve our Content, and to customize the Site's content, layout, and services. In addition, we may use the user's IP address to help diagnose problems with our server, to manage the Site and to enhance the Site based on the usage pattern data we receive.

   We may use third party service providers to assist us in collecting and analyzing Non-Personal Information.

5. The Personal Information We Collect. We provide Healthcare Providers and consumers with secure and efficient solutions for health information management and correspondence services. In providing these solutions, we collect both Personally Identifiable Information and Protected Health Information from users, as described below.

   We collect information that users voluntarily share with us, which may include a user's (1) contact information (such as name, address, email address and phone number), (2) payment information (such as credit card information), (3) demographic information (such as gender, age, height and weight), and (4) Protected Health Information, subject to applicable laws and the terms of this Privacy Policy.

   We may use third party service providers, such as PayPal, to collect and process payment information. As a result of the nature of our service, we may also receive the user's Protected Health Information from third parties, such as Healthcare Providers.

6. How We Use the Personal Information We Collect. The collected information is used to provide healthcare information management and correspondence services available through the Site. In providing those services, we may disclose the user's Personal Information to Healthcare Providers, to third-party suppliers specifically involved in the processing of the user's medical record correspondence, and as otherwise necessary to provide the services request by the user.

   We may obtain, use and disclose personal information about users for the purpose of verifying their identity and, for those who are healthcare providers, verifying their practice credentials.

   We may use the user's Personal Information to identify products or services that the user may be interested in. The identified services will be communicated in advertisements displayed on the Site and according to the settings on the account preferences page for users who have set up an account.

   We may also use or disclose the user's Personal Information to resolve disputes, investigate problems, and enforce our Site Terms of Use and the End User License Agreement (EULA). We may disclose or access information whenever we believe in good faith that the law so requires, upon merger or reorganization of our company or the sale of some or all of its assets, or if we otherwise consider it necessary to do so to maintain service and improve our services.

   We may use Personal Information from users in the aggregate in a non-identifiable way in order to better understand the services being provided, how to improve these services, and how to improve the Site. We may provide this aggregated, non-identifiable information to third parties.

   Except as stated above, we will never sell, distribute, or release to a third party the user's Personal Information.

7. Special Note Concerning Protected Health Information. We will comply with (1) the provisions of the HIPAA privacy and security regulations, (2) provisions of the HIPAA Security Rule that apply to business associates under the Technology for Economic and Clinical Health Act of 2009 (the HITECH Act) and (3) the privacy and security provisions of the HITECH Act that are applicable to business associates.
8. Handling of Electronic Records. In general, we will retain all information collected through the Site for, at a minimum, the length of time required by law. Our policies on specific types of information are described below:
   1. Consent Forms and Contact Information. We retain the user's medical records release authorization consent forms and contact information indefinitely. This information is retained to provide an audit trail for the user's medical record correspondence and to notify users in the case of any breach of their Personal Information in our possession.
   2. Financial Information. We collect and retain user's financial information as necessary to process any fees associated with the services provided and to remit any monies owed.
   3. Protected Medical Information. We delete all electronic copies of medical records on our systems within 48 hours after confirmed delivery to the entity that the user designates (i.e. a Healthcare Provider, attorney, insurance company, the user himself/herself, or another designated representative) or after 30 days, whichever occurs first. Any Protected Health Information contained in the medical record release authorization consent form is part of such form and is retained indefinitely, as described in subsection 8(a) above.
   4. Other Personal Information. We will delete any other Personal Information in our database not identified in subsections 8(a), (b), or (c) above, upon account termination, upon a user's request, or as otherwise required by law. However, such information stored in backup files will be handled as described in subsection 8(f) below.
   5. Non-Personal Information. We may retain Non-Personal Information indefinitely.
   6. Backup Files. We maintain backup files as a protection against natural disasters, equipment failures or other disruptions. Backup files protect both the users and us because they lower the risk of losing valuable data. Backup files may contain records with the user's Personal Information. Removing a record from our main files does not remove that record from any backup systems. Additionally, information deleted from our main files for any reason, including upon termination of the user's account or upon the user's specific request, are not actively deleted from our backup systems. Such data will eventually be passively deleted as backup records are erased through the normal recycling of backup files. In the meantime, as long as backup records exist, they receive the same security protections as our other records.
9. Security. We employ technologically reasonable and current methods to help prevent unauthorized access, maintain data accuracy, and ensure correct use of information as described below.

   NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE TRY TO PROTECT THE USER'S PERSONAL INFORMATION, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION THAT USERS TRANSMIT TO US, AND USERS DO SO AT THEIR OWN RISK.

   USERS SHOULD ALWAYS BE CAREFUL WHENEVER THEY VOLUNTARILY DISCLOSE PERSONAL INFORMATION ONLINE—FOR EXAMPLE ON MESSAGE BOARDS, THROUGH EMAIL OR IN CHAT AREAS— AS THAT INFORMATION CAN BE COLLECTED AND USED BY OTHERS.

   1. Data System Security. Passwords and information to access account information are stored in an encrypted format. The data systems are located in a SAS 70 Type 1 certified datacenter.
   2. Physical Security. Our data systems are housed in a secured and guarded facility. Access to the facility is limited to authorized personnel only and secured with military-grade pass cards and biometric finger scan units. The facilities are monitored through closed circuit televisions and security teams are present onsite 24 hours a day, 7 days a week, and 365 days a year.
   3. Communications between Our Systems and the User's Browser. Communications between the user's browser and portions of the Site containing Personal Information are protected with Secure Socket Layer (SSL) encryption. Users must have a browser that supports 128-bit encryption to access those portions of the Site.
   4. Personal Information is Password Protected. For users who choose to set up an account, any Personal Information and account information is only accessible using the password specified for the account. Passwords are stored on our systems in an encrypted format. We recommend that users do not share their password with anyone. Our personnel will never ask a user for their password in an unsolicited phone call or in an unsolicited email. Users should remember to sign out of their account and close their browser window when they have finished their session. This is to help ensure that others cannot access their Personal Information and correspondence if they share a computer with someone else or are using a computer in a public place where others may have access to it.
10. In the Event of a Security Breach of the User's Personal Information. If we determine that a user's Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify the user, at the contact information provided to us, within a reasonable time in accordance with applicable state and federal law, so long as the notification would not interfere with a criminal investigation.
11. How Users Can Update, Correct or Delete Their Personal Information.
    1. Access to Personal Information in Our Systems. Users who choose to set up an account will have access to an account preferences page. An account preferences page will allow users to view the Personal Information in our systems, view their healthcare information management activities and history, and specify their communication preferences for alerts, updates, and other notifications.

       We will not send users promotions or announcements unless they give us permission to do so. Users can opt-in or opt-out of receiving promotions and announcements through an account preferences page or by contacting us using the contact information below.

       Users can update, correct or delete Personal Information and change the ways in which we use their Personal Information in conjunction with the Site, through an account preferences page or by contacting us using the contact information below.

    2. Deleting an Account. Users may delete their account through the account preferences page or by contacting us using the contact information below. Deleting an account will result in the user not being able to access the services available to account holders.
12. Third Party Practices. This Privacy Policy addresses only the use and disclosure of information we collect from users. If users disclose information to third party websites, even those linked from our Site, different rules may apply to the third party's use and disclosure of the information disclosed to them. We do not control the privacy policies of third parties, and users are subject to the privacy policies of those third parties where applicable. We encourage users to review the privacy policy and any other policies of third party sites before disclosing their Personal Information or engaging the third party for services.
13. Children under the Age of 18. Users must be 18 years of age or older to use the Site. Users under the age of 18 must leave this site immediately. Parents are urged to monitor and supervise their children's online activity. No Personal Information is knowingly collected from a child under the age of 18. However, a parent or legal guardian may use the Site, including creating an account and submitting information, on behalf of a child under the age of 18.
14. User Consent. By using the Site, the user consents to the collection and use of their Personal Information in the manner we describe in this Privacy Policy.
15. Inquiry into Use and Disclosure of Personal Information. Upon written request and verification of the user's identity, we will provide users with the Personal Information in our possession as well as the Personal Information that we have disclosed to third parties. Requests for information should be sent to the contact information below.

Users who have any questions or concerns about privacy that are not addressed by this document, are encouraged to contact us by email at privacy@arctrieval.com or complete the contact form at http://www.arctrieval.com/company/contact.htm.