Privacy Policy

Last updated: September 11, 2019

This privacy policy provides comprehensive information relating to how we collect, use, and share your personal data and medical information at CircleLink Health and the rights you have in relation to this data. It applies to your use of CircleLink Health’s website and all other digital, online and cloud computing services provided by CircleLink Health (collectively, the “Services”) and describes our privacy practices relating to the Services.

Our Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (”personal data”). In particular, our website has collected the categories of personal data listed below from its consumers within the last twelve (12) months.

We take the protection of your personal data very seriously. We process your data in accordance with the applicable laws on personal data, including the California Consumer Privacy Act (“CCPA”), when applicable.

This privacy policy describes we may use and disclose your protected health information for treatment, payment, or health care operations and for other purposes that are permitted or required by law. The Health Insurance Portability and Accountability Act of 1996 (”HIPAA”) imposes numerous requirements regarding how certain individually identifiable health information – known as protected health information or PHI – may be used and disclosed. This privacy policy also describes your rights to access and control your protected health information. “Protected health information” is information that is maintained or transmitted, which may identify you and that relates to your past, present, or future physical or mental health or condition and related health care services.

1. Contact Information

CircleLink Health
290 Harbor Dr.
Stamford, CT 06902
United States

E-Mail: contact@circlelinkhealth.com
Phone:  888 321 0668

2. Geographic Restrictions 

We are based in the State of Connecticut in the United States. We provide this website for use only by persons located in the United States. We make no claims that the Services or any of its content is accessible or appropriate outside of the United States. If you access the Services from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

3. Categories of personal data we collect

The data we process is determined by the context in question: For example, it may vary depending on whether you have submitted an inquiry via our contact form, registered for our newsletter, sent us a job application or submitted a complaint.

Please note that we may also make information available separately to a suitable location for specific processing where appropriate, e.g. when uploading job application documents or when submitting a contact request.

We obtain the categories of personal data listed below from the following categories of sources:

  • directly from you; for example, from forms you complete on our Services
  • indirectly from you; for example, from observing your actions on our Services or from your healthcare provider for whom we are acting as a Business Associate (per regulations in the HIPAA) for the provision of care management and software solutions

When you visit our website, we collect and process the following data:

  • name of the Internet service provider
  • information on the website you have visited us from
  • web browser and operating system used
  • the IP address assigned by your Internet service provider
  • requested files, amount of data transferred, downloads/file export
  • information on the pages of our website(s) that you visit, including date and time for reasons of technical security

When you send a demo or “contact us” request, we collect and process the following data:

  • last name, first name
  • contact data (email address and telephone number)
  • company name and type
  • number of Medicare patients
  • whether your healthcare network includes certain types of healthcare providers (for potential partners)
  • free form data on your network (for potential partners)
  • ZIP code

With newsletters, we collect and process the following data:

  • last name, first name (optional)
  • company (optional)
  • email address (mandatory)
  • analysis data from newsletter evaluation (anonymized data)

We also keep track of how you use and interact with our Services through the use of cookies and other tracking technologies as listed below.

a. Cookies

Our website uses what are known as cookies at multiple points. These are used to make our offering more user-friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard disk).

These cookies enable us to analyze how users use our website. This means we can design the Services content according to our visitors’ needs.

We use both “session cookies” and permanent cookies. The session cookies are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their expiry date is reached or when you delete them yourself before the expiry date.

Most web browsers accept cookies automatically. You can usually change your browser’s settings if you would prefer not to send the information, however. You can still make use of the offerings on our website without restrictions.

b. Social Media Widgets

We have added a “Twitter-Widget” to our homepage to display the tweets from our Twitter account. A connection to Twitter is established to achieve this. In this process, log data is sent to Twitter, and a cookie is set on your computer. More information on this can be found at Twitter privacy policy.

In addition, our website contains links to our company accounts on Facebook and LinkedIn platforms. Clicking on these links means that the respective social network receives information on which website you came from as a user. It is also possible if you are currently logged in to the network in question, that the social network links this information to your account.

c. Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie on the use of the online offering by the users are usually transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and internet usage. In this case, pseudonymous usage profiles of the users may be created from the processed data.

We only use Google Analytics with activated IP anonymization. The full IP address is sent to a Google server in the US and shortened there. The IP address sent by the user’s browser will not be merged with other data provided by Google.

Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offering and the processing of such data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

If your browser does not support the link to the Browser Add-On from Google (e.g., when using our website from your smartphone), you can also opt-out of data collection by Google Analytics by clicking on the link below. An opt-out cookie is then stored that prevents the future collection of your data when visiting this website.

Click here to opt-out of Google Analytics measurements.

4. How we use your personal data 

We use the information we receive about you for the purposes described in this privacy policy. We generally process personal data received about you through our Services on the legal basis of our legitimate interests in providing the Services and their functionalities to you where such processing is necessary for the purposes of our legitimate interest. Where appropriate, we may rely on alternate legal bases, such as your consent to certain types of processing. We use your data to initiate a business relationship, fulfill contractual and legal obligations, conduct the contractual relationship, to offer products and services, and to strengthen the customer relationship, which may include marketing and direct mail.

Our primary purposes for collecting and processing personal data is to provide our Services.  We may also use your personal data to:

  • operate and maintain our software platform, identify you as a user, and provide a personalized user experience;
  • provide support or to carry out our Services;
  • troubleshoot issues and provide more effective Services;
  • distribute alerts concerning our software platform, upgrades and maintenance;
  • perform fraud detection and authentication;
  • improve our software platform and your interactions with it;
  • send you administrative notifications, such as security or support and maintenance advisories; and
  • respond to your customer support inquiries and other requests.

5. How we use your medical information

HIPAA generally permits use and disclosure of your health information without your permission for purposes of health care treatment, payment activities, and health care operations. These uses and disclosures are more fully described below. Please note that this privacy policy does not list every use or disclosure; instead, it gives examples of the most common uses and disclosures.

a. Treatment 

When and as appropriate, we may use or disclose medical information about you to facilitate medical treatment or services by providers. We may disclose medical information about you to health care providers, including doctors, nurses, technicians, medical students, or other hospital personnel who are involved in taking care of you. For example, we might disclose information about you with physicians who are treating you.

b. Payment 

When and as appropriate, we may use and disclose medical information about you to determine your eligibility for the benefits, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility and coverage, or to coordinate your coverage. For example, we may disclose information about your medical history to a physician (including your physician) to determine whether a particular treatment is experimental, investigational, or medically necessary, or to decide if the plans will cover the treatment. Additionally, we may share medical information with another entity to assist with the adjudication or subrogation of health claims, or with another health plan to coordinate benefit payments.

c. Operations 

When and as appropriate, we may use and disclose medical information about you as needed. For example, we may use medical information in connection with: conducting quality assessment and administration improvement; underwriting, premium rating, and other activities relating to coverage; submitting claims for stop loss (or excess loss) coverage; conducting or arranging for medical review, legal services, audit services, and fraud and abuse detection programs; business planning and development such as cost management; and business management and general administrative activities. For example, we may use your information to review the effectiveness of wellness programs or in negotiating new arrangements with our current or new insurers. We will not use or disclose your genetic information for underwriting purposes.

6. How we share your personal data

We will only share your data with third parties within the scope of the statutory provisions or with the appropriate consent. Otherwise, it will not be shared with third parties unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies such as law enforcement authorities in the United States).

a. Within our organization

Within our organization, we ensure that only the individuals receive data who require that data to fulfill their contractual and legal obligations.

In many cases, our specialist departments are supported by Service Providers (defined below) to fulfill their tasks.

b. With our Service Providers

We work with various organizations and individuals to help provide our services to you (“Service Providers”), such as website and data hosting companies and companies providing analytics information. We need to engage such third-party Service Providers to help us operate, provide, and market our services. These third parties have only limited access to your information and may use your information only to perform these tasks on our behalf. Information we share with our Service Providers may include both information you provide to us and information we collect about you, including personal data and information from data collection tools like cookies.

We take reasonable steps to ensure that our Service Providers are obligated to reasonably protect your information on our behalf. If we become aware that a Service Provider is using or disclosing information improperly, we will take commercially reasonable steps to end or correct such improper use or disclosure.

We share personal data with our Service Providers on the legal basis of our legitimate interests in providing you with our services. Our engagement of Service Providers is often necessary for us to provide the services to you, particularly where such companies play important roles like helping us keep our services operating and secure. In some other cases, these Service Providers aren’t strictly necessary for us to provide our services, but help us make it better, like by helping us conduct research into how we could better serve our users. In these latter cases, we have a legitimate interest in working with service providers to make our services better.

Specifically, we share your personal data with the following partners:

PartnerActivity
Amazon Web Services (AWS) Provides cloud computing services for our preventative care software platform
WordPressProvides a platform for our blog
GoDaddyProvides web hosting services
SalesForceProvides a software platform to manage relationships with our customers

c. To conduct business transactions 

We may purchase other businesses or their assets, sell our business assets, or be involved in a bankruptcy, merger, acquisition, reorganization or sale of assets. Your information, including personal data, may be among assets sold or transferred as part of a business transaction. In some cases, we may choose to buy or sell assets. Such transactions may be necessary and in our legitimate interests, particularly our interest in making decisions that enable our organization to develop over the long term.

d. To respond to safety and lawful requests

We may be required to disclose your information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We generally do not disclose user information unless we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. We may share your information when we believe it is necessary to comply with applicable laws, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the services or using our name, or to protect the safety of any person. This may include sharing information with other companies, lawyers, agents, or government agencies. Nothing in this privacy policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your information.

e. Aggregated non-personal data

We may disclose aggregated, non-personal data received from providing the services, including information that does not identify any individual, without restriction. We may share demographic information with business partners, but it will be aggregated and de-personalized, so that personal data is not revealed. 

f. Disclosures of personal data for a business purpose (applicable to California Consumers only) 

In the preceding twelve (12) months, we have disclosed the following personal data for a business purpose:

  • identifiers;
  • Internet or other similar network activity; and
  • geolocation data.

g. Sales of personal data

In the preceding twelve (12) months we had not sold any personal data.

7. How we share your health information

We will generally only release such records or information with your written authorization or with an appropriate court order. We will usually need to get your written authorization or an appropriate court order before we release this information. Except where there are special protections under Connecticut law or other federal laws, we may use and disclose your health information without your authorization for the following purposes:

a. For treatment 

We may use and disclose your health information to provide or assist with your treatment. For example, we may provide your health information to a laboratory in order to obtain a test result important for diagnosing or treating a condition you may have.

b. To obtain payment for health care services 

We may use and disclose your health information in order to bill and collect payment for the treatment and services provided to you. For example, we may provide limited portions of your health information to your health plan to get paid for the health care services we provide to you. We may also provide your health information to our business associates who assist us with billing, such as billing companies, claims processing companies, and others that process our health care claims. We will only disclose the minimum amount of information needed to obtain payment.

c. For health care operations 

Your health information may also be used or disclosed to improve and conduct health care operations. For example, we may use your health information in order to evaluate the quality of health care services that you received or to evaluate the performance of the professionals who provided health care services to you. We may also provide your health information to our auditors, attorneys, consultants, and others in order to make sure we are complying with the laws that affect us. We may also use a sign-in sheet at registration or other appropriate areas, and we may call you by name in waiting and service areas.

When a disclosure is required by federal, state, or local law, judicial or administrative proceedings, or law enforcement. For example, we make disclosures when a law requires that we report information to government agencies and law enforcement personnel about victims of abuse, neglect, or domestic violence; when dealing with gunshot and other wounds; or when ordered in a judicial or administrative proceeding.

d. Public health activities 

For example, we report required information about various diseases to government officials in charge of collecting that information, and we may provide coroners with necessary information relating to an individual’s death.

e. Health oversight activities 

For example, we will provide information to assist the government when it conducts an investigation or inspection of a health care provider or organization.

f. Research purposes 

In certain limited circumstances, we may provide health information in order to conduct medical research. Use of this information for research is subject to either a special approval process, or removal of information that may directly identify you. In most instances, we will require your written authorization prior to using or disclosing health information for research purposes.

g. Avoiding a serious threat of harm 

In order to avoid a serious threat to the health or safety of a person or the public, we may provide health information to law enforcement personnel or persons able to prevent or lessen such harm.

h. Certain government functions 

We may disclose health information of military personnel and veterans in certain situations, as well as for national security purposes or when required to assist with governmental intelligence operations.

i. Workers’ compensation 

We disclose health information in order to comply with workers’ compensation laws.

j. Appointment reminders and health-related benefits or services 

We may use health information to provide appointment reminders or give you information about treatment alternatives, other health care services or benefits we offer.

k. Business associates 

We will share your health information with business associates that assist our Service Providers. Business associates include people or companies who provide services to us. For example, health information may be disclosed to a bill processing company to obtain payment for services rendered. We have agreements with our business associates to protect the privacy of your health information.

l. Disclosures to family, friends, or others 

In very limited cases, we may provide health information to family members, or close friends who are directly involved in your care or the payment for your health care, unless you tell us not to. For example, we may tell a friend who asks for you by name where you are in our facility, and we may allow a friend or family member to pick up a prescription for you. We may also contact a family member if you have a serious injury or in other emergency circumstances. We may discuss medical information in the presence of a family member or friend if you are also present and indicate that it is okay to do so.

All other uses and disclosures require your prior written authorization. In any other situation not described above, we will ask for your written authorization before using or disclosing any of your health information. If you do sign an authorization to disclose your health information, you can later revoke that authorization in writing. This will stop any future uses and disclosures to the extent that we have not taken any action relying on the authorization. 

8. Your rights regarding your health information

a. The Right to Request Limits on Uses and Disclosures of Your Health Information

You have the right to ask us to limit the use and disclosure of your health information. We will consider your request, but we do not have to accept it. If we do, we will put any limits in writing and abide by them except in emergencies where the information is needed. You may not limit the uses and disclosures that we are legally required to make.

b. The Right to Choose How We Send Health Information to You

You have the right to ask that we send your health information to you at an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, by fax instead of regular mail). We must agree to your request if we can easily provide it in the format you requested.

c. The Right to See and Get Copies of Your Health Information 

In most cases, you have the right to look at or get copies of your health information that we have, but you must make the request in writing. If we do not have your health information but we know who does, we will tell you how to get it. We will respond to you within 30 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed. If you request copies of your health information, we will charge you a reasonable fee as permitted by law. Instead of providing the health information you requested, we may provide you with a summary or explanation of the health information. We will only do this if you agree to receive information in that form and if you agree to pay the cost in advance.

d. The Right to Get a List of Certain Disclosures We Have Made

You have the right to request a list of instances in which we have disclosed your health information. The list will not include uses or disclosures made for treatment, payment, and health care operation, or information given to your family or friends with your permission or in your presence without objection. It will also not include disclosures made directly to you or when you have given us a written authorization for the release of health information. The list will also not include information released for national security purposes or given to correctional institutions. To obtain this list, please send an email to contact@circlelinkhealth.com. The list we will give you will include disclosures made in the last six years unless you request a shorter time, but will not include any disclosure that occurred before April 14, 2003. We will provide the list to you upon request once each year at no charge.

e. The Right to Amend or Update Your Health Information

If you believe that there is a mistake in your health information or that a piece of important information is missing, you have the right to request that we amend the existing information. You must provide the request and your reason for the request to contact@circlelinkhealth.com. We may deny your request in writing if the health information is: (1) correct and complete; (2) not created by us; (3) not allowed to be disclosed, or (4) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you do not file a statement of disagreement, you have the right to ask that your request and our denial be attached to all future disclosures of your health information. If we approve your request, we will make the change to your health information, tell you that we have done it, and tell others that need to know about the change to your health information.

f. The Right to Get This Privacy Policy by Email

You have the right to get a copy of this privacy policy by email. Even if you have agreed to receive privacy policy via email, you also have the right to request a paper copy of this notice.

 9. Your rights regarding your personal data (applicable to California Consumers) 

The California Consumer Privacy Act (CCPA) provides consumers (California residents) with specific rights regarding their personal data. This section describes your CCPA rights and explains how to exercise those rights. 

a. Access to specific information and data portability rights 

You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • the categories of personal data we collected about you
  • the categories of sources for the personal data we collected about you
  • our business or commercial purpose for collecting or selling that personal data
  • the categories of third parties with whom we share that personal data.
  • the specific pieces of personal data we collected about you (also called a data portability request).
  • If we sold or disclosed your personal data for a business purpose, two separate lists disclosing:
    • sales, identifying the personal data categories that each category of recipient purchased; and
    • disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.                                       

b. Deletion request rights 

You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request your personal data from our records unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our Service Provider(s) to:

  • complete the transaction for which we collected the personal data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • debug products to identify and repair errors that impair existing intended functionality
  • exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  • comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
  • comply with a legal obligation
  • make other internal and lawful uses of that information that are compatible with the context in which you provided it 

c. Personal data sales opt-out and opt-in rights 

If you are 16 years of age or older, you have the right to direct us to not sell your personal data at any time (the “right to opt-out”). We do not sell the personal data of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal data sales may opt-out of future sales at any time.

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal data sales.

You do not need to create an account with us to exercise your opt-out rights. We will only use personal data provided in an opt-out request to review and comply with the request.

d. Non-Discrimination 

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • deny you goods or services.
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • provide you a different level or quality of goods or services.
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

e. Other California Privacy Rights

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to contact@circlelinkhealth.com.

10. Data retention period

We store your data as long as it is necessary for the processing purpose in question. Please note that a number of legally imposed retention periods require data to be stored for extended periods. This relates in particular to commercial or fiscal retention obligations. Unless there are further retention requirements, the data will be routinely deleted after use.

In addition, we may retain the information if you have given us your permission to do so, or in the event of legal disputes and we use evidence within the statutory limitation periods.

11. Information security 

The security of your personal data is important to us.  We make commercially reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction.  We have implemented security measures consistent with industry standards.  As no data security protocol is impenetrable, we cannot guarantee the security of our systems or databases, nor can we guarantee that personal data we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information including your personal data is provided at your own risk.

12. Links to other providers

Our Services also contains links to the websites of other companies. Where links to websites of other providers are available, we have no influence as to their content. As a result, no guarantee and liability can be assumed for this content. The content of these pages is always the responsibility of the respective provider or operator of the pages.

13. Online offerings for children

We do not collect any information from children. Persons under the age of 16 are not permitted to submit any personal data to us without the consent of the legal guardian or a declaration of consent. We encourage parents and guardians to actively participate in the online activities and interests of their children.

14. Changes to our privacy policy 

We may modify this privacy policy from time to time. The most current version of this privacy policy will govern our use of your information and will be located at circlelinkhealth.com/privacy-policy. We will notify you of material changes to this policy by posting a notice at the website or by emailing you at an email address associated with you, if applicable, and provide an “at a glance” overview of any changes.