Revision July 17, 2022
This Privacy Policy governs your use of this site and is by and between Unified Practice, Inc. (referred to herein as “UP,” “Company,” “we,” “us,” or “our”) and you, the user, on behalf of yourself and the user, customer or supplier (herein referred to as “you” or “your”) for which you are visiting this Site. We are committed to protecting and preserving your privacy. Please read this Privacy Policy (“Privacy Policy”) carefully to fully understand how we collect, share and protect information about you. This Privacy Policy covers UP’s treatment of personal or personally identifiable information (“Personal Information”) that may be collected when you are on the UP website and when you use UP’s Services (“Services”). This Privacy Policy does not apply to the practices of companies that UP does not own or control, or to individuals that are not under UP’s supervisory control, such as your health and wellness Practitioner or other third parties.
By using our website (“Site”), or our mobile applications, you agree that you have read and understand this Privacy Policy and that you accept and consent to the privacy practices and uses or disclosures of information about you that are described herein.
By using the Services or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this Site.
This Site contains links to other sites not controlled by us. We are not responsible for the privacy practices of those sites, and if you visit them, we recommend that you read their privacy policy statements.
We provide a fully-integrated Practice Management and Electronic Health Record application (“EHR”), specifically designed to support the needs of health and wellness practices (“Practitioners”) which are our clients. Practitioners purchase access to the cloud-based software as a service (“SAAS”) in order to record detailed medical charts and patient notes and streamline their medical practice management, including: scheduling; patient forms and notices; billing management; inventory management; medical reference data and materials; and writing herb and supplement scripts for their patients. We are a service provider and do not own or control the information that is submitted to us. The information that is submitted to us will be held subject to the requirements specified by our clients and applicable law, such as the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”).
To use our Services, you must have an account with a health and wellness provider (“Provider”) who uses our Services. Because of this, your use of our Services is also subject to your health provider’s privacy policy. Please contact your Provider if you have any questions about their policies or terms.
Providers are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them are HIPAA and HITECH, and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of the Provider, we do so as its “business associate” (as also defined by HIPAA). We have reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of the individually identifiable information which we store and process on behalf of Providers.
We rely on the following legal grounds to process your personal information:We rely on the following legal grounds to process your personal information:
Consent. We may use your personal data as described in this Privacy Policy subject to your consent.
Performance of a contract. We may need to collect and use your personal information and the personal information of your customers, as applicable, to perform our contractual obligations. When we process personal data on behalf of third parties, we do so pursuant to agreements with such third parties.
Legitimate Interests. We may use your personal information for our legitimate interests to provide our services and to improve our services and the content on our application. We process information on behalf of third parties who have legitimate interests in operating their businesses. We may use technical information as described in this Privacy Policy and use personal information for our marketing purposes consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable law.
Our Site is designed and intended for those who have reached the age of majority (18 years of age). By using our Site, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a user’s misrepresentation of age.
We collect personally identifiable information about you only if specifically and knowingly provided by you or your Provider. This Privacy Policy statement explains what information we gather, how we gather it and how we use it.
The following are the types of information we collect:
We use cookies, web beacons and other technologies to receive and store certain types of information when you interact with us through your computer or mobile device. Using these technologies helps us customize your experience with our services, improve your experience, and tailor marketing messages. They help us and our affiliates to improve our Site. They ensure that the content from our Site is presented in the most effective manner for you and your computer. We do not track our users across websites or across time.
A “cookie” is a piece of text which asks permission to be placed on your computer’s hard drive. Once you agree, this cookie file is stored on the hard drive of your computer.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Site.
The information that we collect and store relating to you is used to enable us to provide our Services to you in the best possible manner. In addition, we may use the information for the following purposes:
You may contact us to request information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information, which requests we will do our best to honor subject to any legal and contractual obligations.
Our Director for Compliance is responsible for our privacy programs.
For information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information, please email compliance.pc38@fullsteam.com or request by mail addressed to:
Fullsteam Operations LLC
Attn. Compliance PC38
540 Devall Drive, Suite 301
Auburn, AL 36832
Subject to local law, you may have additional rights under the laws of your jurisdiction regarding your personal data, such as the right to complain to your local data protection authority.
Data processed: Company provides online tools that our customers use to operate their services businesses, including by providing access to certain of those tools to their own customers. In providing these tools, Company processes data our customers and our customers’ customers submit to our web services or instruct us to process on their behaves. While Company’s customers and their customers’ customers decide what data to submit, it typically includes information about their customers, sales prospects, point of sale services, inventory management, and goods ordering.
Purposes of data processing: Company processes data submitted by our customers and our customers’ customers for the purpose of providing Company’s online services to them. To fulfill these purposes, Company may access the data to provide the services, to correct and address technical or service problems, or to follow instructions of the customer who submitted the data, or in response to contractual requirements.
Inquiries and complaints: If you believe Company maintains your personal data in the Company web services within the scope of the applicable law of another jurisdiction, you may direct any inquiries or complaints concerning our compliance to our address noted above. Company will respond within 45 days. We are committed to respond to complaints and to provide appropriate recourse at no cost to you.
Third parties who may receive personal data: Company uses a limited number of third-party service providers to assist us in providing our services to customers. These third- party providers assist with the transmission of data and provide data storage services. These third parties may access, process, or store personal data in the course of providing their services. Company maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our obligations, and Company may be liable if they fail to meet those obligations and we are responsible for the event giving rise to the damage.
Your rights to access, to limit use, and to limit disclosure: In some jurisdictions you may have the right to access your personal data and to limit use and disclosure of your personal data. Company has committed to respect those rights. Because Company personnel have limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Company customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.
Compelled disclosure: Company may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Our collection, use, and disclosure of information are generally governed by participation agreements with Providers. We keep your information for the period of time that you or your Provider has an account with us, and we are providing Services to you. Information maintained to provide these Services to you is retained only for as long as we have a valid business purpose or required by law. When it is no longer necessary to retain your personal information, we will delete or anonymize it.
Our Services are intended for use solely within the United States. Information may be held at our offices and those of our third-party agencies, service providers, and agents. Some of these third parties may be based outside the United States.
Where applicable, we may disclose your personal information to any affiliated business entities to provide Services to you or with service providers that assist with your Service (for example, hosting companies).
We may also disclose your personal information to third parties:
Our websites may contain links to third-party websites. While we endeavor to work with third parties that share our respect for user privacy, we are not responsible for the websites or privacy practices of such third parties. We may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our websites. Such third parties may gather information about your visit to our websites or other websites, monitor your access to or market products or services to you, monitor the ads you view, click-on, or interact with, when they were delivered, and the screens and pages that they are on.
We do not endorse these parties, their content, or any products and services they offer. You are responsible for knowing when you are leaving our website to visit a third-party website, and for reading and understanding the terms of use and privacy policy statements for each such third party. If you do not wish your information to be disclosed to any, some, or all of these third parties, you should not use our website for the services which it or they provide.
Our Calendar integration is used to sync appointment information from the UP system to your Google Calendar. When you choose to enable calendar sync we will take that as your permission for us to share with Google whatever information you have given us that is needed for that service. UP uses Google user data to view your calendar list, store the selected calendar identifier, and creating, editing, deleting events in the selected calendar. The Google Calendar integration is a one-way sync that only allows us to add, edit and delete events that were created by UP. Events you created outside of UP are not being viewed or accessed. When creating an event, we do not share PHI with Google, therefore you will not see your client’s name, email, or any other PII details about the appointments in your calendar. UP does not share Google user data with others. Our application does not share your health information with Google Calendar.
We follow generally accepted industry standards to protect the personally identifiable information as well as the financial data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
If we learn of a breach of our security system or processes, we may attempt to notify you electronically so that you can take appropriate protective steps. By using our websites, or providing personally identifiable information to us through them, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our websites. In the event of a breach, we may post a notice on our websites and/or send you an email at the email address you provided.
You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please contact us using the contact information below.
By providing a telephone number to us, you agree that we can contact you at the number you provide, potentially using automated technology (including texts/SMS messaging) or a pre-recorded message.
We may send you, when necessary, service-related communications (example: temporary suspension of service for maintenance).
Privacy Policy Updates. We may update this Privacy Policy from time to time. If we materially alter our Privacy Policy, we will notify you of such changes by contacting you through your user account e-mail address or by posting a notice on our Site. Your continued use of the Site or use of one of our mobile applications, will be deemed your agreement that your information may be used in accordance with the new policy. If you do not agree with the changes, then you should stop using the Site and you should notify us that you do not want your information used in accordance with the changes.
California Residents – Your Privacy Rights
California Information-Sharing Disclosure
(As provided by California Civil Code Section 1798.83)
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.
However, under the law, a business is not required to provide the above-described lists if the business adopts and discloses to the public (in its privacy policy statement) a policy of not disclosing customer’s personal information to third parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure, as long as the business maintains and discloses this policy. Rather, the business may comply with the law by notifying the customer of his or her right to prevent disclosure of personal information and providing a cost free means to exercise that right.
As stated in our privacy policy statement, we do not share information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure — typically by opting-in to receive information from a third party. To prevent disclosure of your personal information for use in direct marketing by a third party, do not opt-in to such use when you provide personal information on our website. Please note that whenever you opt-in to receive future communications from a third party, your information will be subject to the third-party’s privacy policies and practices. If you later decide that you do not want that third party to use your information, you will need to contact the third party directly, as we have no control over how third parties use information. You should always review the privacy policies and practices of any party that collects your information to determine how that party will handle your information.
California customers may request further information about our compliance with this law by e-mailing compliance.pc38@fullsteam.com. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.
California Do Not Track Disclosure:
Our websites do not respond to “do not track” browser signals. Depending on the browser you are using, you may be able to choose to block third party cookies or browse in a private browsing mode. Our websites are accessible even when private browsing is turned on. The information we collect is governed by this Privacy Policy.
California Consumer Additional Information under California Consumer Privacy Act of 2018 (“CCPA”)
Please note that the CCPA does not apply to medical information governed by California’s medical privacy law (the Confidentiality of Medical Information Act), or to protected health information that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules under HIPAA or HITECH.
You will not receive discriminatory treatment by us for exercising your privacy rights conferred on you by the CCPA.
You have certain additional rights regarding your personal information, pursuant to California law. These include the rights to:
Please submit your request for information or deletion of information concerning you as noted below. In order to provide you with your requested information or to delete the information which we have concerning you, we must be able to verify that you are the person requesting the information or deletion. With your request please provide at least two items of information which you have previously provided to us for us to use for verification of your identity. If this is not sufficient, we will contact you for additional means of verification.
You may designate an authorized agent to make a request for you. If your agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, please provide proof to the same. If your agent does not have a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will require you to provide the authorized agent written permission to make the request, verify your own identity directly with us and require your agent to submit proof that they are authorized by you to act on your behalf.
For information concerning you or for deletion of information concerning you, please email compliance.pc38@fullsteam.com or request by mail addressed to:
Fullsteam Operations LLC
Attn. Compliance PC38
540 Devall Drive, Suite 301
Auburn, AL 36832
Jurisdiction and Contact Information
Unified Practice Inc. is a Delaware corporation. Our websites are controlled and operated from the United States. If you are an individual from any other jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that we may store the information we collect in the United States or in other countries where we or our third-party service providers have operations. Personal data may also be transferred from the country of your residence to other countries, including the United States.
We welcome any queries, comments, requests or complaints you may have regarding this Privacy Policy. Please do not hesitate to contact us at:
Email: compliance.pc38@fullsteam.com
Address:
Fullsteam Operations LLC
Attn. Compliance PC38
540 Devall Drive, Suite 301
Auburn, AL 36832
