Your Personal Data We Collect and Use:
Circulation collects certain Personal Data and other non-personal information concerning your interactions with the Technology Platform. Circulation collects your Personal Data for the following purposes:
We collect your Personal Data as part of the registration process for new users of the Technology Platform. For example, we may collect limited contact information from you and/or your healthcare provider, such as your name, date of birth, home address, email address, and phone number. Provider-Reported Medical Information — We collect relevant medical information about you that is submitted to us by your healthcare provider, such as whether you require a wheelchair or oxygen tank when accessing third party transportation services.
We collect information that you provide to us pertaining to the people with whom you consent to share your Personal Data (such as a family member or caregiver).
We may use automated tracking methods such as GPS data to collect information regarding your pickup location, dropoff location, and travel route when using third party transportation services accessed through our Technology Platform.
We may also collect demographic information, such as age, gender and geographic location, as part of your profile in the Technology Platform. Ride Notifications — While you are not required and/or prompted to respond to ride notifications (e.g., scheduling reminders sent to you by email, text message, and/or phone call), we collect any Personal Data you provide us in response to ride notifications. User Feedback — From time to time, we may send you survey questions by email, text message, phone call, or other communication channels to provide us with feedback on third party drivers and/or our Technology Platform. We collect any responses that you provide. Circulation reserves the right to authenticate your Personal Data for the purposes described above. We will not use your PHI for any other purpose without your written authorization, unless otherwise permitted or required by law.
Cookies and Web Beacons:
Our Website uses a software technology called "cookies." Cookies are small text files that we place in visitors' computer browsers to store their preferences. Cookies themselves do not contain any Personal Data.
"Web beacons" are small pieces of code placed on a web page to monitor the behavior and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. We may use web beacons on our Website from time to time for this purpose.
Consent to Disclosure and Use of Personal Data in De-Identified Form:
How We Use Your Personal Data
We use your personal data to:
to provide you with access to the Technology Platform;
to provide you with information about other goods and services we offer that are similar to those that you have already signed up for or enquired about, except that we will not use PHI for marketing purposes without your prior written authorization;
to improve our Technology Platform and to ensure that content on the Technology Platform is presented in the most effective manner for you;
to administer our Technology Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
to help keep our Technology Platform safe and secure.
You acknowledge that unless you request in writing otherwise, Circulation, in its sole discretion, has the right but not the obligation to store any information, whether Personal Data or otherwise, perpetually, to the extent permitted by law.
When We May Disclose Your Personal Data:
Healthcare Professionals — You acknowledge that we may share your Personal Data with your healthcare provider as necessary for you to access the Technology Platform and as otherwise permitted by federal and state privacy laws.
Third Parties Acting on Our Behalf:
As required by federal and state privacy laws, Circulation does not rent, sell, or share or use your Personal Data with nonaffiliated companies or persons, and Circulation does not otherwise disclose your Personal Data to nonaffiliated third parties without your prior written authorization, except that we may use and share your Personal Data with certain affiliated third parties to provide the Technology Platform to you on our behalf under confidentiality agreements, including, but not limited to, our current cloud host, Amazon Web Services. These third parties will not rent, sell, share or use your Personal Data for their own purposes.
In order to facilitate your use of the Technology Platform, we may share your first name and/or pickup and dropoff GPS coordinates with independent drivers and companies that offer non-emergency medical transportation services.
Disclosure Required by Law:
We may be required to disclose your Personal Data in response to a legal process, for example, in response to a court order or a subpoena to comply with its applicable legal and regulatory reporting requirements. We also may disclose your Personal Data in response to a law enforcement agency's request, or where it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms and Conditions, or to verify or enforce compliance with applicable laws, or as otherwise required or permitted by law. In addition, we may transfer your Personal Data to an entity or individual that acquires, buys, or merges with Circulation, or our other business units.
Disclosure With Your Authorization:
Circulation may disclose your Personal Data in accordance with your prior written authorization. Additionally, we may license, sell or otherwise share your De-identified Data with institutional clients, partners, investors and contractors for any purposes related to our marketing, business, and/or research practices.
Confidentiality and Security:
We take reasonable and necessary steps to ensure that all Personal Data collected will remain secure and in its original form, i.e., free from any alteration. We have put in place reasonable and appropriate physical, electronic, and administrative procedures in compliance with federal and state law in an effort to safeguard and help prevent unauthorized access, maintain data security, and correctly use the Personal Data we collect. We cannot, however, ensure or warrant the security of your PHI or any electronic Personal Data you transmit to us by phone call, email, and/or text message, which are unencrypted and insecure channels, and you do so at your own risk. Once we receive your transmission of information, we use commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Circulation is not responsible for and will not be a party to any transactions between you and a third party provider of products, information or services accessed on third party websites. Circulation does not monitor such interactions to ensure the confidentiality of your Personal Data, including credit card information. Any separate charges, data records or obligations you incur in your dealings with third parties linked to or in conjunction with Circulation's Technology Platform are solely your responsibility. You acknowledge and understand that should you choose to provide any Personal Data to such third parties, the recipients of such personal information may not be subject to the same obligations under federal and state privacy regulations and may use or re-disclose the information so that it is no longer subject to privacy and security protections.
Confidentiality of Health Information:
Your healthcare providers may be subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among those laws is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit PHI (as such term is defined by HIPAA) on behalf of such a healthcare provider, we do so as its “business associate” (as also defined by HIPAA). When we operate as a business associate, we are also subject to such laws and regulations governing the use and disclosure of PHI, and we are prohibited from, among other things, using PHI in a manner that the healthcare provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of PHI we store and process on behalf of such healthcare providers.
Questions and Suggestions: