This Privacy Policy (also, the ‘Policy’) applies to the website of RelateCare (also ‘we’, ‘us, ‘our’) at (the ‘Website’).

This Policy discloses our information gathering and dissemination practices relating to this Website and visitors to this Website (also, ‘users,’ ‘you,’ ‘your’). In order to fully understand your rights, you are encouraged to read this in full.

Please be aware that we are not responsible for the content or privacy practices of other websites, including those that may be accessible from links herein.

We may modify this Privacy Policy from time to time, as reflected in the date of the last update (shown below), including to accommodate changes to our services, new technologies or industry practices, updated regulatory or legal requirements, or for other purposes. Each time you use this Website you are bound by the then current Privacy Policy (and, accordingly, you may wish to review the Policy each time you use this Website).

RelateCare began as a joint venture between the Cleveland Clinic and Rigneydolphin. RelateCare is uniquely positioned to provide the very best in patient access, appointment scheduling, telehealth, contact centre and outsourcing solutions to healthcare organizations around the world. We provide the knowledge and support necessary to increase patient access, reduce readmissions and create a patient centric healthcare experience.

The following sections outline your rights if you are an EU resident. If you reside in the US, please see the section “Privacy Notice for our US Customers”.

Data Controller

RelateCare is the controller of the personal data it processes. You can contact us in a number of ways, which are set out on the ‘Let’s Talk’ page of our website at relatecare.com/contact

DPO Contact Details

In accordance with Article 37 of the GDPR, RelateCare has appointed a Data Protection Officer.  If you wish to contact our Data Protection Officer in relation to the processing of your personal data, you can do so by e-mailing dataprotection@relatecare.com.

Data Protection

We take our responsibility to protect your data seriously and will not collect any personal information about you on this website without your clear knowledge and permission. Any personal information which you volunteer to us will be treated strictly in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018. Where data is submitted it will be used for the stated purpose and any reasonably incidental purposes only.

We do not sell or distribute your personal information to third parties for purposes of allowing them to market products and services to you.

Communicating via the internet and sending information to you by other means necessarily involves your personal information passing through or being handled by third-parties.

The information we collect

• For general web-browsing certain statistical information is available to us via our internet service provider. This information may include the IP and logical address of the server you are using, the top level domain name from which you access the internet (for example .ie, .com, etc.), the type of browser you are using, the date and time you access our site and the internet address linking to our site. We may also use temporary “session” cookies which enable a visitor’s web browser to remember which pages on this website have already been visited. Please refer to our cookie policy for further information.
• You have an opportunity to send us information via this website, such as through the “Let’s Talk” page or any other area where you may send e-mails, request brochures/proposals or provide feedback. You may also choose to provide us with personal data (e.g. name, e-mail, postal address or other contact details) in an e-mail message via the careers page on our site. In these instances, we collect name, email, phone number and message content. We use these details solely for the purpose for which you provided them.
• Information contained within a job application (CV) where that is sent via our website.

The purpose of collecting information

• Website functionality – We analyse website users’ pattern of use to help us to improve, administer and diagnose problems with our server and website.
• Complaint handling – we may use the data you provide to us via our contact form or email address.
• Responding to your query – you may provide us with personal data through our contact form or email address while seeking information about our products/services.
• Sending newsletters – we will only send newsletters or marketing updates to you if you have provided your consent to receive them.
• Job applications – jobs may be advertised on our website and potential candidates will submit their personal data (e.g. CV’s) for our review.
  
  

Legal basis for processing

We process your personal data based on the following lawful basis:

1. Processing necessary for the performance of a contract (e.g. Employment contract)
2. Processing necessary for RelateCare to pursue its legitimate interests (e.g. contact centre management)
3. Processing based on the Data Subject’s consent
4. Processing that is required under applicable law (e.g. Revenue/PRSI)
   
   

We process sensitive data if such sensitive data is transmitted via the website by you and at your discretion as a user of our website. We use these sensitive data solely for the purpose for which you provided them.

Your rights

Under data protection law, data subjects have certain rights. Subject to certain restrictions, which are set out below, you can exercise these rights in relation to your personal data we process.

1. The right to be informed about the processing of your personal data 
2. The right to access your personal data
3. The right to rectification of your personal data 
4. The right to erasure of your personal data
5. The right to data portability
6. The right to object to processing of your personal data
7. The right to restrict processing of your personal data
8. Rights in relation to automated decision making, including profiling. 
9. You have the right to complain to the Irish Data Protection Commission (www.dataprotection.ie ) and to seek compensation through the courts
   
   

We reserve the right to request you to provide additional information in order to enable us to identify your personal data and/or to verify your identity.

Restriction of data subject rights in certain circumstances

Article 23 of the GDPR allows for data subject rights to be restricted in certain circumstances. In addition, the 2018 Act contains certain provisions dealing with the restriction of rights of data subjects, in particular Sections 59, 60 and 61, which give further effect to the provisions of Article 23. Further information can be found here.

Who we share your information with

We do not share your information with third parties other than those set out in this policy. We may share your information in the following circumstances:

• Service providers: We may need to share personal information with our service providers, such as where necessary to provide our services to you. If there has been a breach of our terms of use, we may also share personal information with our legal advisors. All of our service providers will be obliged to keep your personal information safe and secure.
• Business Transfer: Where some or all of our company and/or its assets may potentially be or have been acquired, we may need to transfer your personal information to the new or prospective owners.
• Legal and safety: In certain instances, we may share information where we reasonably believe that it is necessary for legal reasons, to defend our legal rights, to enforce our terms of use or to protect our rights, property, users, customers or the safety of any person. For example, we may provide personal information where ordered by a court to do so.
• Other: We will share your information with a third party other than a service provider where you have given your consent for us to do so.
  
  

Where we store personal information

We generally store personal information on servers located inside the European Economic Area. However, in certain cases it may be necessary for us to transfer certain information to servers located outside of the EU. It is important to be aware that the privacy protections in certain jurisdictions may not be equivalent to those in Europe but we will only transfer your information outside the EEA where permitted by law and ensuring that it is subject to appropriate protections.

In the event we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to your data by ensuring at least one of the following safeguards are implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use providers based in the US, before we transfer data to them we will ensure the 2021 Standard Contractual Clauses are agreed upon and signed between both parties. This requires them to provide similar protection to personal data shared between Europe and the US as if the data were stored within the EEA.
  
  

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data in or out of the EEA.

Data Retention

RelateCare retains personal data for a range of periods as set out in our Data Retention Policy.

Security

We take our security responsibilities seriously, employing the most appropriate physical and technical measures. We review our security policy regularly.

Governing Law and Jurisdiction for EU Customers

This section of this legal policy (Privacy Notice for our European Customers) and all issues regarding use of the website within the EEA are governed exclusively by Irish law and are subject to the exclusive jurisdiction of the Irish courts.

Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information” or “personal data”). Personal information does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information specified by certain state or federal laws which may thereby be excluded from the scope of “personal information” under some state data privacy laws, such as:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
    
    

In particular, we may have collected the following categories of personal information from consumers within the last twelve (12) months:

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you. For example:
  • Contact information, such as your name, e-mail address, and log-in credentials that you provide.
  • Additional information about how you use our products or services or that you provide when submitting forms or complete product or service purchases.
  • Comments, questions, and requests you may submit.
  • Information about your preferences, such as your preferred methods of communication and the types of products and services in which you are interested.
  • Details of transactions you carry out through the Website and of the fulfillment of your orders or requests.
  • Records and copies of your correspondence (including email addresses and phone numbers), if you contact us.
  • Any other information you voluntarily provide.
    
    
• Indirectly from you. For example:
  • Device and browser information. We may collect technical information about your device, such as device identifier, device type and model, browser type, IP address, operating system, language, settings and the like. We may collect this information automatically from your device and web browser through cookies and similar technologies.
  • Information about how you interact with us. We may collect technical data about your usage of the Website and how you interact with the Website, such as content viewed or downloaded, features used, links clicked, and dates and times of interactions. We may collect this information using cookies and similar technologies.
  • Usage, viewing, logs, metrics and other device and technical data may be collected when you visit our Website, utilize our Website as an end user, or open or reply to emails we send. Usage information could include the time, date, and duration of your use of our Website, your interaction with content offered through the Website, mobile ad identifiers, cookie IDs, referring and/or exit pages and URLs, interaction information (such as clickstream data), domain names, pages viewed, software crash data, and other similar technical data.  Our servers may automatically keep an activity log of your use of the Website.
    
    

Use Of Personal Information

We may use or disclose the personal information we collect, including for one or more of the following purposes:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our services, we may use that personal information to respond to your inquiry.
• To provide, support, personalize, and develop our Website and services.
• To create, maintain, customize, and secure your account with us.
• To process your requests and transactions, and prevent transactional fraud.
• To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
• To help maintain the safety, security, and integrity of our Website and services, databases and other technology assets, and business.
• For testing, research, analysis, and service development, including to develop and improve our Website and services.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As otherwise described to you when collecting your personal information.
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Website users and consumers is among the assets transferred.
  
  

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose When we share personal information for a business purpose, it is done pursuant to the terms of a contract.

We may share your personal information with the following categories of third parties:

• Service providers
• Partners
• Cookie data recipients (like Google Analytics). This is dependent on your choice of cookies selection for the Website from the cookie management tool.
  
  

Your rights and choices

Some state laws provide consumers with specific rights regarding their personal information. This section describes some of the rights you may have, depending on the state in which you are located, and explains how to exercise those rights.

Your rights under certain data protection laws may include the right to:

1. request access to your personal data;
2. request corrections to your personal data;
3. request limitations on collection, storage and/or use of your personal data;
4. request that your personal data not be sold (see below);
5. request erasure/deletion of your personal data;
6. request restriction or object to processing of your personal data, including opting out of automated decision-making;
7. request transfer of your personal data in a suitable format;
8. know what data is being collected
9. not face discrimination for exercising such rights, and
10. withdraw your consent for or opt out of information collection.
    
    

Access to Specific Information and Data Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Correction and Deletion Rights), we will disclose to you:

• The categories of personal information we may have collected about you.
• The categories of sources for the personal information we may have collected about you.
• Our business or commercial purpose for collecting or using any such personal information.
• The categories of third parties with whom we share such personal information.
• The specific pieces of personal information we collect about you.
• If we shared or disclosed your personal information for a business purpose, a list disclosing such disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  
  

Correction, Deletion Request Rights

You have the right to request that we correct inaccurate personal information about you or delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request (see Exercising Access, Data Portability, Correction and Deletion Rights), we will use commercially reasonable efforts to correct such inaccurate personal information or delete (and direct our service providers to correct or delete) your personal information from our records, unless an exception applies.

We may deny your request for correction if the personal information in question is accurate (subject to your rights in determining same, as well as your right to provide a written addendum to be made part of your record with respect to any item or statement therein concerning your health that you believe to be incomplete or incorrect).

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
3. Debug products to identify and repair errors that impair existing intended functionality;
4. Exercise free speech rights, ensure the right of another to exercise their free speech rights, or exercise another right provided for by law;
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.) or similar state law(s);
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when deletion of the information may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
8. Comply with a legal obligation; or
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
   
   

Do Not Track

“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the “Do Not Track” signal, the browser sends a message to websites requesting them not to track the user. We currently do not respond to “Do Not Track” or similar signals.For more information about Do Not Track, visit www.allaboutdnt.org.

Exercising Access, Data Portability, Correction and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at: 1 216 553 3727
• Emailing us at dataprotection@relatecare.com
  
  

We will only respond to verifiable requests related to your personal information coming from you, or someone legally authorized to act on your behalf. You may also make a verifiable request on behalf of your minor child.

Such request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of that person.
• Communicate your request with sufficient detail to allow us to properly understand, evaluate, and respond to it.
  
  

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the relevant personal information relates to you.

Making such a verifiable request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in such a verifiable request to verify the requestor’s identity or authority to make the request.

Response Timing and Formats

We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide may only cover the 12-month period preceding our receipt of the verifiable request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is commonly used and should allow you to transmit the information from one entity to another entity without undue hindrance.

Non-Discrimination

We will not discriminate against you for exercising any of your rights described herein. Unless permitted by law, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  
  

Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to dataprotection@relatecare.com or write us at: RelateCare, 3615 Superior Ave E, Ste. 4406C, Cleveland OH 44114

Delay or failure on our part in enforcing any of our rights shall not constitute a waiver by us of our rights and remedies. If any part of this Privacy Policy is held to be invalid or unenforceable, the validity or enforceability of the remainder will not be affected.

If you have any questions about this Policy, our practices relating to the Website, your rights regarding your personal data or your dealing with the Website you can contact us at dataprotection@relatecare.com.

We may revise this policy on occasion. This privacy policy was last updated on 21^st December 2022. Prepared by Ambit Compliance.