Privacy Policy

I.  SCOPE AND PURPOSE:

‍

This privacy policy (“Policy”) describes how Ambience Healthcare, Inc. and our parent companies, subsidiaries, and affiliated companies (“Ambience,” “Ambience Healthcare” “we,” “us,” “our”) may collect, use, and share information about you that we obtain through our  websites and applications (collectively, the “Sites”). This Policy also applies to any information we collect offline, such as when you visit our offices, attend Ambience events, or interact with our representatives at other events, or in other contexts in which we make this Policy available to you.

This Policy does not apply to Ambience product offerings that have their own privacy policies, or to websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of the websites of other entities and we urge you to review any applicable third-party privacy policies for yourself.

Our processing of data on behalf of our healthcare provider customers is governed by the agreements we enter into with our customers, which may include Business Associate Agreements as applicable and required under the Health Insurance Portability and Accountability Act (“HIPAA”). Your healthcare provider may also have its own privacy practices and/or policies that govern its collection and use of your data. We are not responsible for how your healthcare provider treats your information, and we recommend you review their privacy policies.

‍

II. WHAT DOES AMBIENCE DO?

‍

Ambience’s core business services involve providing clinicians with technology that enables them to document and transmit information seamlessly into their patients’ electronic health records, and perform other healthcare-related functions.

‍

III. WHAT PERSONAL INFORMATION DO WE COLLECT?

‍

Personal information is data that can be used to identify you. The types of personal information that we collect depend on your interactions with us. Over the last 12 months, we may have collected personal information that generally fall into the following categories:

‍

Identifiers, such as your name, email address, or IP address.

Information contained in our customer records, such as postal address or telephone number.

Commercial information, such as information regarding products or services you purchased.

Internet or other electronic network activity information, such as your web browser type, search history, or how you interact with our website.

‍

Professional or employment information, such as you job title or employer.

User Generated Content, such as information you provide or generate on our platform.

Geolocation data, such as your general location information (e.g., city/state) which may be collected or derived from your IP address. In addition, some of our services may request your precise location information via GPS-based functionality to allow certain features to work.

‍

IV. HOW DO WE COLLECT YOUR INFORMATION?

‍

We may collect information from you in the following ways:

• We collect information you provide directly to us, such as when you voluntarily enter information into fields on the Sites, sign up for or request certain services or information, agree to participate in our surveys, or call our customer service. Depending on how you interact with us, we may ask for your name, practice/organization name, address, email address, telephone number, and type of user (for example, patient, provider or partner). If you have an account with us, we may also collect your username or other login information you use to log into or access your account. If you visit our offices or attend in-person Ambience events, we may collect information to protect the health and safety of our personnel, clients, guests, and the general public, such as health and travel information or any other information you provide to us.

• When you access our Sites, we may collect information about your visit and your device using automatic data collection technologies as described below. This information may include IP address, geolocation information, browser type and version, device type, mobile device identifiers, and information reflecting how you searched, browsed, and were directed to the Sites, including mouse movement, click, touch, scroll, and keystroke activity.
• We may also collect information from other sources, such as lead generation companies, social networks, and business partners that offer co-branded services or help us sell or distribute our products. We may also collect information from other users of our services or from available sources.

‍

V. HOW DO WE USE YOUR INFORMATION?

‍

We use your information:

• In ways that you would expect us to based on why we collected it. For example, if you contact us with a request for information about our products or services, we will use your information to respond to your request.
• To provide, enhance and improve our services, including to optimize our Sites’ functionality and identify our visitors’ and users’ areas of interest. For example, when you participate in our surveys, screeners, and/or information gathering sessions, or otherwise provide feedback, we may use that feedback to develop new products and services.
• To identify and authenticate you, such as to determine and validate whether you are an existing user of our services or products or a prospective client.
• To enable cross-device/cross-context tracking for an account you may have with us. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices so you can more easily use your account(s).
• To communicate with you, such as you send you emails, solicitations, invitations, newsletters, awareness campaigns, and announcements.
• To maintain the safety, security, and integrity of our Sites and services, and for our own internal legal compliance purposes.
• To protect the health and safety of our personnel, clients, guests, and the general public.
• For other purposes explained at the time of collection, or for other business purposes consistent with the context of the collection of your information.
• We may use information that does not identify you and could not reasonably be used to identify you (including information that has been aggregated, anonymized, or de-identified) for any purpose except as prohibited by applicable law.

‍

VI. HOW DO WE SHARE YOUR INFORMATION?

‍

We disclose the following categories of personal information for commercial purposes: identifiers, commercial information, internet activity, and geolocation data.

‍

We share information outside of Ambience in the following circumstances:

• With service providers and vendors that provide services to us, such as to provide analytics, manage our content, administer ads, provide insights to us related to marketing needs, for market research purposes, and to analyze our marketing efforts.
• With third parties that provide use audience matching services. For instance, we may incorporate the Facebook pixel on our non-patient facing Sites and may share your email address with Facebook as part of our use of Facebook Custom Audiences. This helps us find more potential customers that have similar interests as you do. Some technology services may provide us with their own data, which is then uploaded into another technology service for matching common factors between those datasets.
• With our related entities and/or affiliates for business purposes including, but not limited to, customer support, marketing, technical and business operations. We also may share information with affiliates for commercial purposes.
• When you make your information public or otherwise accessible to other users through the Sites. Please think carefully before posting such information as you are solely responsible for the content you post and the potential use of such information by others. Once you have posted information, you may not be able to edit or delete such information.
• With our customers, when you engage in our surveys as an authorized user, through the onboarding process, through surveys collecting feedback on how we are doing, surveys administered post interaction with us related to support or training, and other surveys, including focus groups and usability design activities such as click tests, card sorts, and other surveys and tests you participate in. We typically notify you in advance that we will share your information with our customers if you complete a survey.

‍

We also share information with other entities in the following situations:

• Where you have given us your consent to share or use information about you;
• When we believe that we need to share information about you to provide a service that you have requested from us or from others;
• Where we are required by law or other legal process to disclose information, and where required, in response to a lawful request by public authorities, including meeting national security or law enforcement requirements;
• Where we believe that it is necessary to avoid liability or violations of the law;
• To protect the rights, property, life, health, security, and safety of us, the Sites, or anyone else;
• To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, or acquisition of all or any part of our business.
• At your request or direction, such as when you choose to share information with a social network about your activities on the Sites; or
• To any other person with notice to you and your consent to the disclosure.

‍

Notwithstanding the above, we may share information that does not identify you and could not reasonably be used to identify you (including information that has been aggregated, anonymized, or de-identified) except as prohibited by applicable law.

‍

With respect to de-identified patient information, we disclose such deidentified information to third parties when permissible pursuant to our contractual commitments with our customers and in accordance with Health Insurance Portability and Accountability Act (“HIPAA”) requirements or other applicable law.  We employ the safe harbor method or the expert determination method, as enumerated under HIPAA.  Those third parties to whom the deidentified data is disclosed are third party service providers/vendors with whom we have relationships and/or academic researchers and/or institutions that are contributing to healthcare.

‍

VII. RETENTION AND PROTECTION OF DATA

‍

While we maintain your information, we protect it using administrative, physical, and technical security safeguards designed to protect your information. Despite these measures, we cannot guarantee the security of the information we maintain about you.

‍

We retain information for different periods of time depending on the purposes for which we collect and use it, as described in this Policy. We will not retain information for longer than needed to fulfill these purposes unless a longer retention period is required to comply with legal obligations. Also, there may be technical or other operational reasons where we are unable to delete or de-identify your information. Where this is the case, we will take reasonable measures to prevent further processing your information.

‍

VIII. COOKIES AND AUTOMATED DATA COLLECTION TECHNOLOGIES

‍

We, as well as third parties that provide advertising and analytics services to us, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the services. Technologies are essentially small data files placed on your computer, tablet, mobile phone, or other devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our services.

‍

• Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
• Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the services that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may use Facebook Pixel and Instagram
• Analytics. We may also use Google Analytics, Marketo, LinkedIn Analytics, Gigya, Site Improve, Facebook Analytics, and Twitter Analytics and other service providers to collect information regarding visit, or behavior and visitor demographics on our Services. Other third party tools. We use other third party tools which allow us to track the performance of our Sites. These tools provide us with information about errors, app and website performance, and other technical details we may use to improve our Sites and/or the Services.
• ‍Do Not Track. We do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations, and solutions.

‍

IX. SOCIAL MEDIA AND OTHER INTEGRATIONS

‍

Some of our Sites and services may have social media and technology integrations that are operated or controlled by separate entities. We also may collect information from third party social media and marketing companies to enhance our data sets. Some examples include:

• Links. Our Sites include links that hyperlink to websites, platforms, and other services not operated or controlled by us.
• Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Sites that allows you to “like” or “share” content on, or log in to, your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration.
• Brand Pages and Chatbots. We may offer our content through social media. Any information you provide to us when you engage with our social media content is treated in accordance with this Policy. Also, if you publicly reference our Sites on social media (e.g., by using a hashtag associated with Ambience in a tweet or post), we may use your reference on or in connection with our Sites.
• Platform Linking. Our Sites may offer you the ability to link to another service or partner to retrieve certain data about your account on that service. For more information about how these platforms handle information about you, please refer to their respective privacy policies and terms of use.
• Please note that when you interact with other entities, including when you leave our Sites, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

‍

X. STATE CONSUMER PRIVACY RIGHTS

‍

Rights for Residents of Applicable States
‍

If you are a resident of a state with applicable consumer privacy laws, you may have the following rights:
‍

• To confirm whether we process your personal information.
• To access your personal information.
• To correct inaccuracies in your personal information.
• To delete your personal information that we have obtained.
• To receive a copy of your personal information in a portable and readily usable format.
• To opt out of the sale or sharing of your personal information.
• To opt out of the processing of your personal information for purposes of (i) targeted advertising or (ii) automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect on you.

‍

If you live in a state that requires specific consent prior to processing your sensitive personal information for certain purposes, we will obtain such and you can withdraw your consent at any time.

‍

Residents of applicable states may exercise the above rights by contacting us per the contact information provided herein.

‍

We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

‍

California Resident Privacy Notice

Below, please find the categories of information we may have collected about you in the last twelve months, the purposes for the collection, and the third parties with whom your personal information may have been disclosed, shared, or sold.

‍

Categories of personal information collected
‍

• Identifiers
• Information contained in our customer records
• Commercial information
• Internet or other electronic network activity information
• Professional or employment information
• Geolocation data
• Inferences drawn from other personal information

‍

Purposes for the collection or sharing of personal information
‍

• To provide the Sites
• To improve the Sites
• To personalize the Sites
• Marketing and advertising
• Business operations
• Where you have given us your consent
• As required by applicable law
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets

‍

Third parties with whom personal information may have been disclosed, shared, or sold
‍

• Service providers
• Third Party Partners
• Our related entities
• Other users through the Sites (when you make your information public or otherwise accessible
• With our customers
• Where you have given us your consent

If you are a California resident, you may have the following rights with respect to the personal information we process about you:
‍

• To request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting or sharing the personal information, the categories of third parties with whom we have shared or sold your personal information, and the specific pieces of personal information we have collected about you.
• To request that we delete personal information that we have collected from you.
• To request that we correct inaccurate personal information that we maintain about you.
• To opt out of the sale or sharing of your personal information.

‍

California residents may exercise the above rights by contacting us as detailed herein.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

‍

We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We may require you to use your email address in order to perform such verification. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

‍

You may only make a consumer request for access or data portability twice within a 12-month period. We will not discriminate against you for exercising any of your rights. Any disclosures we provide will only cover the 12-month period preceding the consumer request's receipt.

‍

Other California Privacy Rights

‍

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes in particular: Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make such a request, please contact us as detailed herein. We may require additional information from you to allow us to verify your identity and we are only required to respond to requests once during any calendar year.

‍

XI. MINORS

‍

The Sites are intended for a general audience and are not intended for minors under the age of eighteen. We do not wish to obtain any information from or about such minors through the Sites. If you are under eighteen years old, do not use the Sites.

‍

We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) about children under the age of 13. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us using the information in the “Contact” section below. We will remove the data to the extent required by applicable laws.

‍

We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

‍

XII. INTERNATIONAL

‍

We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Sites from outside of the U.S., please be aware that information collected through the Sites may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Sites or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Policy.

Ambience as a Data Controller: For purposes of data protection laws, Ambience Healthcare Inc., a company duly incorporated and organized under the laws of United States of America, having its registered address as detailed herein, is the “data controller” of personal information collected and/or processed through your use of our service. This Privacy Statement applies only to instances where Ambience acts as a data controller.

‍

Ambience as a Data Processor: Wherever our customers use our services to submit, manage, or otherwise use content relating to our customers’ end users during the provision of our services, we act as a “data processor” and only process such information on behalf and under the instruction of the respective customer, who is the data controller. As such, this Privacy Statement does not apply to such processing.

‍

Please note that we may not have obligations under international data protection laws based on the size and scope of our business.
‍

• EEA, Switzerland, and UK Individuals

‍

Legal Bases for Use of Your Information. Our legal grounds for processing your information are as follows:
‍

• To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users’ requests in anticipation of entering into a contract with them. For example, we handle personal data on this basis to allow you to sign up for our Online Services.
• Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.
• Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals. This includes: operating our business and the Online Services; providing security for our websites, products, software, or applications; marketing; receiving payments; preventing fraud; and knowing the customer to whom we are providing the Online Services.
• Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations (such as our obligation to disclose data to tax authorities).
  ‍

‍Data Subject Rights. Residents of the European Economic Area (“EEA”), Switzerland, and the UK can exercise certain data subject rights available to them under applicable data protection laws. Where such rights apply, we will comply with requests to exercise these rights in accordance with applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. If these rights apply to you, they may permit you to request that we:

‍

• Right of access: You have the right to request access to your personal information and to ascertain the nature of the data being processed.
• Right of rectification: You have the right to request the rectification or amendment of incorrect personal information we hold about you.
• Right to erasure: You have the right to request the deletion or removal of your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
• Right to restriction of processing: You have the right to limit the way in which we process your personal information under specific circumstances.
• Right to object to processing: You have the right to object to the processing of your personal data in certain circumstances, including opposition to direct marketing.
• Right to data portability: You have the right to obtain and reuse your personal data in a structured, commonly used, machine-readable format that supports re-use for your own purposes across different services, thereby enabling you to move, copy or transfer your data easily.

‍

If applicable, you may make a complaint to the data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

‍

In instances where we process personal information on behalf of our customer, rights requests should be directed to the relevant customer.

‍

Ambience is not established in the EU, however we do maintain a designated UK and EU representatives under Article 27 of GDPR:

‍
EU - Ireland Representative
Adam Brogden
+ 353 15 549 700
Instant EU GDPR Representative Ltd
Office 2 12A Lower Main Street,
Lucan Co. Dublin
K78 X5P8 Ireland

‍
UK Representative
Adam Brogden
+ 441 772 217 800
GDPR Local Ltd
1st Floor Front Suite
27-29 North Street,
Brighton England BN1 1EB

‍
The fastest, most convenient way to contact GDPR Local is via these forms:
UK: https://ambiencehealthcareinc.gdprlocal.com/uk
EU: https://ambiencehealthcareinc.gdprlocal.com/eu
You can also send an email to contact@gdprlocal.com.

XIII. UPDATES TO THIS PRIVACY POLICY

‍

We reserve the right to make updates and revisions to this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on our Sites. Any changes will be effective as of the posting of the new Policy. Your continued use of our Sites following the posting of changes constitutes your acceptance of such changes.

‍

XIV.CONTACT

‍

If you have any questions or comments about this Policy, the ways in which Ambience collects and uses your information described here, your choices and rights regarding such use, or you wish to exercise your rights under an applicable state law, please contact us by:

‍

Email: security@ambiencehealthcare.com.

‍

Effective Date of this Policy: December 2023