Privacy Policy - DataOceans Customer Engagement Solution

DATAOCEANS, LLC – PRIVACY POLICY

Last Updated April 19, 2024

DataOceans, LLC (“DataOceans,” “we,” or “us”) understands that privacy is tremendously important to our online visitors to our website and to our clients and their users. This Privacy Policy is intended to better help you understand our practices regarding information collected, including through (i) our websites, including, but not limited to, dataoceans.com, our mobile sites and our other affiliated websites (collectively, the “Site”); and (ii) any of our products and services offered through the Site (including, but not limited to, our Oceanus, Compliance Hub, Billing Hub along with other Hubs and subscription services) (collectively, the “Services”). This Privacy Policy describes how DataOceans collects, processes, shares and retains the personal information (or, in the EU/Switzerland, “personal data”) you provide to us through the Services. This Privacy Policy is comprised of two sections: (i) a set of terms and conditions applicable to the Services generally (“General Privacy Policy”), (ii) a set of terms and conditions applicable only to Protected Health Information (as defined below) or Nonpublic Personal Information (as defined below) submitted through our Services (“Service-Specific Privacy Policy”). References to “Policy” or “Privacy Policy” are to both aforementioned sections (i) and (ii).

Scope: This Policy applies whether you are a customer that uses the Services (each, a “Client”), a prospective Client, an end user of our Client that utilizes our solutions, a user of our Services, or whether you are simply visiting our Site (each a “User” and collectively, “Users”). However, this Policy does not apply to any websites of third-parties to which we provide links.

Consent: When you interact with the Site or the Services, you consent to such collection, processing, sharing and retaining of information (including personal information/personal data) as described in this Privacy Policy and all additional terms and conditions governing your use of the Site or the Services. You are also responsible for ensuring that the entity or people on behalf of which you are acting (such as your employer or a customer) are aware of the content of this Privacy Policy and that you have confirmed that they agree to the terms of this Privacy Policy. If you do not consent to the terms of this Privacy Policy and all additional terms and conditions, do not continue to interact with or use the Site or the Services.

Protected Information: We do not knowingly or intentionally collect any Protected Health Information ((or “Protected Information”) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and summarized by the U.S. Department of Health & Human Services here: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html), Nonpublic Personal Information (or “NPI”) as defined under the Financial Services Modernization Act of 1999 (also known as the Graham-Leach-Bliley Act) and summarized by the Federal Trade Commission here: https://www.ftc.gov/business-guidance/resources/how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act, or “sensitive personal information” as defined below (collectively, “Protected Information”) through the Site, with the exception of the Protected Information submitted by you or a Client through the Services. Unless provided solely through the Service(s) and only as necessary to use the same, please do not submit any Protected Information to us through the Services. For more information, please see the main section below entitled Sensitive Personal Information and the Service-Specific Privacy Policy.

A Special Note for International Visitors to our Site: Our computer systems are currently based in the United States, so your personally identifiable information will be processed by us in the United States, where data protection and privacy regulations may be different than other parts of the world, such as the European Union. Our Services are not marketed to or available outside of the United States or Canada, and we do not knowingly collect personal information of residents of any other jurisdiction. If you visit the Site as a visitor from outside the United States, you are agreeing to the terms of this Privacy Policy, and you will have consented to the transfer and processing of all such information in the United States, which may not offer an equivalent level of protection of that in the European Union or certain other countries. If you are not a resident of the United States, you may contact us at privacy@dataoceans.com to request that we delete any personal information that we may have inadvertently collected.

GENERAL PRIVACY POLICY

This General Privacy Policy provides the following information:

How We Collect and Use Information

How We Share Information

How We Protect Your Information

Choices About Your Information

Sensitive Personal Information

Children’s Privacy

Links to Other Websites and Services

Additional State Privacy Rights

How to Contact Us

Changes to This Privacy Policy

Transparency. We will always be transparent with the methods we use to collect data and describe exactly how we will use it to the benefit and direction of our Users.

HOW WE COLLECT AND USE INFORMATION

We collect the following types of information:

Information about Clients and Users: The type of personal information we collect depends on your use of the Site or Services and/or your relationship with us (e.g. whether you are a Client, a customer of a Client, a prospective employee, etc.).

Clients: If you are a Client or a prospective Client, we may collect information such as your name, phone number, address, business contact information, e-mail address, user name and password when you use our Site or Services, Request a Demo, sign up for our mailing list or subscribe for updates or otherwise communicate with us online, by telephone or in person at an event or otherwise. We may also collect payment information or banking details relating to the products and services you purchase from us.

Client Customers: If you are a customer of any of our Clients, our Clients may provide your personal information to us so that we can provide our Clients with the Services they have purchased from us. Our Clients must only provide DataOceans with personal information that they have obtained in compliance with applicable privacy laws (such as, but not limited to, ensuring your informed consent is obtained for DataOceans to provide the Services to such Client). The personal information we collect includes name, address and phone number, e-mail address, date of birth, financial information, account numbers, claims, account, loan and billing details, and other information the Client provides to us on your behalf. To the extent the Services provided to a Client include the ability for Client customers to access the Services directly, we may also collect information that such customers provide to us via the Services, which may include (in addition to the previously-described information) payment information or banking details that we collect on behalf of our Clients to process payments from you on their behalf as the merchant. More details regarding the information we collect from or on behalf of our Clients may be outlined in the Service-Specific Privacy Policy. Regardless of whether the Client or the Client customer provides us with customer data or information in connection with the Services (all such data or information, the “Customer Data”), DataOceans is considered the “data processor”, and the Client is considered the “data controller”, for such Customer Data.

Other Users: In addition to the foregoing, for visitors or Users of our Site, we ask for certain information when a User asks for more information regarding our products or services, corresponds with us online, or otherwise uses our Site; such information may include a name, email address, phone number, or message. We may also collect information provided by a User if the User sends us a message, posts content to the Site, or responds to emails or surveys. We also collect and retain data regarding your use of the Site (e.g. the duration of a page visit, information downloaded or viewed, IP address, etc.) automatically when you use the Site.

We use information collected for the following purposes:

To provide and maintain our Site or Services, including to support, optimize improve and monitor the usage of our Site and Services.
To manage registered user accounts for the Services. The personal data you provide can give you access to different functionalities of the Services that are available to you as a registered user.
For the performance of a contract for the products, items or services Clients have purchased or of any other contract with us. This may include contacting Client customers via email, telephone calls, SMS, or other equivalent forms of electronic communication as directed by our Clients based on the Customer Data provided by the Client or its customer or processing payments from Client customers on our Clients’ behalf.
To contact Users by email, telephone calls, SMS, or other equivalent forms of electronic communication, regarding updates or informative communications related to the functionalities, products or contracted services, including security updates, when necessary or reasonable for their implementation.
To provide Users with news, special offers and general information about other products and services we offer or that we believe may be of interest to you, unless you have opted not to receive such information. You always have the option to opt out of our internal marketing communications by contacting us at privacy@dataoceans.com or by following the opt-out procedure outlined in such communications. Please note that opting out of receiving these communications will not remove your personal information from our files and we will still contact you as necessary to provide and support products and services you or the Client with whom you are associated have ordered or purchased from us at your or such Client’s request. For the absence of confusion, opting out of our internal marketing communication will not prevent us from transmitting any marketing communications for or on behalf of our Clients to the extent included as part of the services we provide for such Clients.
To manage User requests to us, including requests for information regarding our products or services or to explore potential sales leads.
To evaluate or conduct a business transfer, which may be structured as a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Site users is among the assets transferred.
To comply with applicable legal or regulatory requirements and our policies, and to protect against criminal activity, claims and other liabilities.
For other purposes such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Site, products, services, marketing and your experience.

Information Collected through Technology: We automatically collect certain types of usage information when Users view the Site. We may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the site. A cookie may also convey information to us about how you use the Site (e.g., the pages you view, the links you click and other actions you take on the Site) and allows us to track your usage of the Site over time. We may collect log file information from your browser or mobile device each time you access the Site. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, number of clicks and how you interact with links on the Site, pages viewed, features used, and other such information. We may employ clear gifs (also known as web beacons), which are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Site. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Site. We do not allow third party advertising networks to collect information about the users of our Site.

We use or may use the data collected through cookies, log files, device identifiers, clear gifs information and other similar data (collectively, “Cookies”) to: (i) remember information so that a User will not have to re-enter it during subsequent visits; (ii) provide custom, personalized content and information; (iii) to provide and monitor the functionality and effectiveness of our Site; (iv) monitor aggregate metrics such as total number of visitors, traffic, and usage on our Site; (v) diagnose or fix technology problems; and (vi) help users efficiently access information after signing in. We may also disclose such data and information to our third party partners whose services or applications interact or interface with our Site, but only as described in this Privacy Policy.

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide you with services available through the Site and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Site.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices you make when you use the Site, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time You use the Site.

Publicly Available Information: Please be advised that some information you provide may be publicly accessible, such as information posted in forums or comment sections ("Publicly Available Information"). Content, including such posted information, comments, feedback, and notes that you choose to post through features of our Site available to the public becomes public information for both us and other users to use and share without restriction. Please do not disclose Protected Information via such methods unless you intend for that data to become public. We reserve the right, but do not have the obligation, to review and monitor such posting or any other content on our Site, and to remove postings or content that may be viewed as inappropriate or offensive to others. You further agree that we are under no obligation of confidentiality, express or implied, with respect to the Publicly Available Information and may use this information as described in this Privacy Policy.

HOW WE SHARE INFORMATION

DataOceans only shares personal information in a few limited circumstances, described below. We do not rent or sell information for marketing purposes.

With third-party providers (either ours or our Clients’) whose software or services interface with or otherwise may receive information from, or provide information to, the Site, the Services or our other systems, but only as directed or approved by our Users or as necessary for us to fulfill requests submitted by our Clients or their customers. We will provide you with a list these providers upon your reasonable request, but reserve the right to change these providers from time to time with or without notice to you.
With third-party providers that provide us with technology or other support services (e.g. web hosting and analytics services), but strictly for the purpose of carrying out their work for us. We will provide you with a list of these providers upon your reasonable request, but reserve the right to change these providers from time to time with or without notice to you.
With our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include any companies that control, are controlled by or are under common control with DataOceans.
With other Users with whom you share information or otherwise interact with via interactive features of our Site; any information shared in such forums may be viewed by all users with appropriate access permissions and may be publicly distributed outside.
With Your consent, we may use or disclose your personal information for any other purpose.
With law enforcement or other third parties when compelled to do so by court order or other legal process, to comply with statutes or regulations, to enforce our contracts, or if we believe in good faith that the disclosure is necessary to protect the rights, property or personal safety of our users or our company, or otherwise to protect against a legal liability or to comply with a legal obligation.
In the event of a change of control (e.g., if we sell, divest or transfer the business or a portion of our business), we may transfer information to the new owner of the business.

We may use, store, transfer and disclose aggregated information about our Users, and information that does not identify any individual, without restriction.

HOW WE PROTECT YOUR INFORMATION

We store our data in the United States, and we take reasonable measures to keep data safe and secure.

Storage and Processing: Any information collected through our Site is stored and processed in the United States. If you access or use our Site outside of the United States, you consent to have your data transferred to the United States.

Keeping Your Information Safe: DataOceans maintains industry standard administrative, technical and physical procedures to protect information stored in the servers we utilize, which are located in the United States. While no service provider can guarantee absolute security when communicating over the internet or wireless networks, we are committed to taking steps to help secure any personal information that may be in our possession. Access to information by DataOceans personnel is limited (through user/password credentials and optional two factor authentication) to those employees and agents who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard Client Data transmitted to or from the Services, and payment information provided via the Services (if applicable) is submitted and stored through a PCI-compliant third-party provider; we will provide you with a list of such providers upon your reasonable request. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our files. Regardless, you should always be mindful and responsible whenever disclosing information online that the information is potentially accessible to the public, and consequently, could be collected and used by others without your consent.

If you use the Services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your password. We cannot secure any personal information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.

Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse or alteration of personal information so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such personal information is Customer Data, we will notify the applicable Client and coordinate with them regarding any required notices to particular individuals.

CHOICES ABOUT YOUR INFORMATION

Account Information and Settings: Clients or Client customers who maintain registered User accounts may update account information by contacting us at privacy@dataoceans.com .

Promotional Emails: In general, Site users can opt-out of receiving promotional email from us by following the opt-out procedure outlined in such communications. Clients or Client customers who maintain registered User accounts cannot unsubscribe from Service-relating messaging.

If you have any questions about reviewing or modifying account information for registered Users or any other User information (other than Client Data) maintained in our files, contact us directly at privacy@dataoceans.com.

Client Data: Client Data is provided and controlled by our Clients or the applicable Client customer User. If you have any questions about reviewing, modifying, or deleting any Client Data, please contact the Client with whom such data is associated directly.

Deleting or Disabling Cookies: Certain parts of our Site or Services require Cookies on your browser to work. If you disable cookies, such features of the Site or Services may not work properly. You can instruct your browser to refuse all browser Cookies or to indicate when a browser Cookie is being sent. For more information on how you can delete flash Cookies (i.e., local stored objects), please search the “Help” index of your browser.

How Long We Keep User Content: DataOceans may retain user personal information for a commercially reasonable time for backup, archival, or legal compliance and audit purposes. We may maintain anonymized or aggregated data, including usage data, for analytics purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Site, or we are legally obligated to retain this data for longer time periods. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize your information, or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

If you have any questions about data retention or deletion, please contact privacy@dataoceans.com.

5. SENSITIVE PERSONAL INFORMATION

“Sensitive personal information” is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information or other Protected Information from individuals through the Services, with the exception of Protected Information or NPI submitted by or on behalf of our Clients or their customers through the Services. Unless provided by you solely through the Services, and only as necessary to use the same, you must not submit to us Protected Information of any kind through the Services. For more information, please see the specific terms and conditions related to the collection, use, and disclosure of Protected Information through the Services.

If, however, you inadvertently or intentionally submit or transmit sensitive personal information to us, other than Protected Information or NPI submitted through the Services(s), you will be considered to have explicitly consented to us processing that sensitive personal information. In such case, we will use and process the Protected Information solely for the purposes of deleting it, if and when we become aware of the same.

CHILDREN’S PRIVACY

DataOceans does not knowingly collect any information from children under the age of 13. FURTHER, BY USING THE SITE OR THE SERVICES, YOU ARE ATTESTING THAT YOU ARE 18 YEARS OF AGE OR OLDER. Please contact us at privacy@dataoceans.com if you believe we have inadvertently collected personal information from a child under 13 without proper parental consents so that we may delete such data as soon as possible. We do not knowingly collect any names or other identifying details regarding children.

LINKS TO OTHER WEB SITES AND APPLICATIONS

Please remember that this Privacy Policy applies to our Site only and not other websites or thirdparty websites or software applications that may be linked via our Site (“Linked Sites”, under the Terms), which may have their own privacy policies. You should carefully read the privacy practices of each Linked Site before agreeing to engage with the Linked Site through the Site. We assume no responsibility or liability for the privacy practices of any vendor or operator of Linked Sites.

ADDITIONAL STATE PRIVACY RIGHTS

Certain states, such as California, Nevada, Connecticut, Colorado, Virginia and Utah, have consumer privacy laws that may provide their residents with additional rights regarding our use of their personal information. This section is applicable to residents of such states (sometimes called “consumers”), as applicable, who live in the applicable state on a permanent basis. This section uses certain terms that have the meaning given to them in each state’s privacy law, as applicable, including “Personal Information”, which shall be used interchangeably with privacy laws that similarly define “Personal Data”.

I. Shine The Light

Under California Civil Code Section 1798.83 ("Shine the Light"), California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us as directed in the CONTACT US section below with a reference to California Disclosure Information.

II. California Consumer Privacy Act Of 2018, As Revised And Updated By The California Privacy Rights Act (Collectively, "CCPA")

Collection, Disclosure, and Retention of Personal Information

The Personal Information we collect and the sources from which we collect is described above in HOW WE COLLECT AND USE INFORMATION. The Personal Information we disclose for business or commercial purposes is described above in HOW WE SHARE INFORMATION. The length of time that we retain your Personal Information is described above in CHOICES ABOUT YOUR INFORMATION.

Selling and Sharing Personal Information

We do not sell or share your Personal Information in exchange for monetary consideration; however, we may use tools such as Google Analytics, which may be interpreted as sharing your Personal Information. As such, please reference the above HOW WE SHARE YOUR INFORMATION regarding opting out of the use of these tools.

CCPA Consumer Rights

Under CCPA, consumers have certain rights regarding their Personal Information, as described below.

Right of Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information about you, limited to the preceding twelve (12) months:

The categories of Personal Information that we collected about you;
The categories of sources from which the Personal Information is collected;
The business or commercial purpose for collecting or selling Personal Information;
The categories of third parties with whom we share Personal Information;
The specific pieces of Personal Information that we have collected about you;
The categories of Personal Information that we disclosed about you for a business purpose or sold to third parties; and
For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.

Right of Deletion: You have the right to request that we delete any Personal Information about you which we have collected from you, subject to exceptions within the law.

Right to Opt-Out: You have the right to opt-out of the disclosure of Personal Information about you for monetary or other valuable consideration. However, we do not sell your Personal Information in exchange for monetary consideration. We may use tools such as Google Analytics, which may be interpreted as sharing your Personal Information. As such, please see the above HOW WE SHARE YOUR INFORMATION section for more information regarding opting out of the use of these tools.

Right to Opt-In: We do not have actual knowledge that we collect, share, or sell the Personal Information of minors under the age of 16 without proper consent of a parent or guardian.

Right to Limit Use and Disclosure of Sensitive Personal Information: You may request specific limitations on further sharing, use, or disclosure of your Sensitive Personal Information that is collected or processed for certain reasons outside of providing the Site. However, we do not collect or process Sensitive Personal Information for any of these reasons.

Right to Correction: You have the right to request that we maintain accurate Personal Information about you and correct any Personal Information about you which we have collected from you, subject to exceptions within the law.

If you would like to exercise any of the rights provided, please refer to the CONSUMER REQUESTS AND VERIFICATION section below.

III. Virginia, Colorado, Connecticut, Utah Privacy Rights

This section applies only to Virginia, Colorado, Connecticut residents to the extent their Personal Information is subject to the Virginia Consumer Data Protection Act (VCDPA), or the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA) or any amendments or acts thereto upon their effective dates.

Collection, Disclosure, and Retention of Personal Information

Consumer Rights

Virginia, Colorado, Connecticut, and Utah privacy law provides residents with specific rights regarding Personal Information, including:

Right to Access. You have the right to confirm whether or not we are processing your Personal Information and to access such information.

Right to Correction. You have the right to correct inaccuracies in your Personal Information which we have collected, taking into account the nature of the Personal Information and the purposes of processing the Personal Information.

Right to Deletion. You have the right to request deletion of Personal Information provided by or obtained about you, subject to legal exemptions.

Right to Data Portability. You have the right to obtain a copy of your Personal Information.

Right to Opt-Out. You have the right to opt out of the processing of Personal Information for purposes of (1) targeted advertising; (2) the sale of Personal Information; or, if you are in Virginia or Colorado (3) profiling in furtherance of decisions that produce legal or similarly significant effects.

If you would like to exercise any of the rights provided, please refer to the CONSUMER REQUESTS AND VERIFICATION section below.

IV. NEVADA PRIVACY RIGHTS

We comply with the requirements of the Nevada Privacy law, which in some instances provides residents with choices regarding how we share information. Nevada Covered Personal Information ("Nevada PI") includes personally identifiable information about a Nevada consumer collected online, such as an identifier that allows the specific individual to be contacted. Nevada PI also includes any other information about a Nevada consumer collected online that can be combined with an identifier to identify the specific individual. We may collect the following categories of covered information about you through our Site:

First and Last Name
Physical Address
Email Address
Telephone Number
Username

We may share such covered information with categories of third parties including marketing. Third parties may collect covered information about your online activities over time and across different Internet websites or online services when you use our Site.

You have the right to request that we not sell your Personal Information. Although we do not currently sell Personal Information, you may submit a request directing us not to sell Personal Information if our practices change in the future.

If you would like to exercise any of the rights provided, please refer to the CONSUMER REQUESTS AND VERIFICATION section below.

V. CONSUMER REQUESTS AND VERIFICATION

Right to Non-Discrimination

We may not discriminate against you because you exercise any of your privacy rights contained in this Privacy Policy including, but not limited to:

Denying goods or services to you;
Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
Providing a different level or quality of goods or services to you; or
Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Verifying Requests

You may request to exercise your rights of access, deletion, or correction by contacting us as described in the CONTACT US section below. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request. If you request access to or deletion of your Personal Information, we may require you to provide any of the following information: name, date of birth, email address, telephone number, or postal address. When you make such a request, you can expect the following:

As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.

We will confirm that you want your information accessed, corrected, and/or deleted.

We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.

We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing products or services or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial.

Authorized Agents

You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the CONTACT US section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require:

The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request;

You to verify your identity directly with us; or

You to directly confirm with us that you provided the authorized agent permission to submit the request.

Virginia and Connecticut Appeal Process

If you have made a request to access, correct, or delete your Personal Information under VCDPA and CTDPA, and we have declined to take action, you may appeal our decision within 45 days of the denial. When you make such an appeal, you can expect the following:

We will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.

We will review your appeal and respond in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision, within 45 days upon receipt of your appeal. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

In certain cases, an appeal may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing products or services or completing an order. If we deny your appeal, we will explain why we denied it and provide you with a method to contact your state’s Attorney General to submit a complaint.

QUESTIONS, COMPLAINTS AND DISPUTES

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at privacy@dataoceans.com. We will respond to your inquiries as soon as practicable.

CLASS ACTION WAIVER. YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

DISPUTE RESOLUTION. Except as otherwise expressly provided above (or with respect to a Client (i) the applicable contract with such Client) or otherwise required by applicable law, you agree that the exclusive jurisdiction of any actions arising out of, relating to, or in any way connected with, this Privacy Policy, shall be in the state or federal courts, as applicable, with jurisdiction over Fulton County, Georgia, United States of America; and (ii) any dispute, controversy, or claim arising out of or relating to this Privacy Policy or the collection, use, storage or transfer of any of your information or data, including, but not limited to, the arbitrability of the matter or the formation, interpretation, scope, applicability, termination, or breach of this Privacy Policy, shall be referred to and finally determined by arbitration in accordance with the JAMS Streamlined Arbitration Rules and Procedures, or JAMS International Arbitration Rules, if the matter is deemed “international” within the meaning of that term as defined in the JAMS International Arbitration Rules. The arbitration shall be administered by JAMS, shall take place before a sole arbitrator, and shall be conducted in the metropolitan Atlanta, Georgia, area. If the JAMS International Arbitration Rules apply, the language to be used in the arbitral proceedings will be English. Judgment upon the arbitral award may be entered by any court having jurisdiction. This section shall apply to and require arbitration of all disputes, controversies, and claims, regardless of whether such disputes, controversies, or claims concern a single individual, entity, or other person, multiple individuals, entities, or other people, or classes of individuals, entities, or other people. You hereby consent to receive service of process by electronic means or social media to the extent allowed by the applicable court. This constitutes express agreement of the parties regarding your consent pursuant to United States Federal Rule of Civil Procedure 5(b)(2)(E) and any applicable state (or other jurisdiction) equivalent.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time by posting revised Privacy Policy on the Site or within the Services, and we may also (but are not required to, except as required by applicable Law) notify registered Users of such posting via the most recent user email address on file with us. We encourage you to review this web page periodically. The changes will be effective immediately upon notice or posting, and we will update the effective date of this Privacy Policy upon such posting. Your use or continued use of the Site or Services following the posting or email notification (as applicable) of any changes to the Privacy Policy will be deemed to be your acceptance of the changed Privacy Policy.

SERVICE-SPECIFIC PRIVACY POLICY

IF YOU ARE A USER OF OUR SERVICES, THE GENERAL PRIVACY POLICY AND THIS SERVICE-SPECIFIC PRIVACY POLICY BOTH APPLY TO YOUR USE OF SUCH SERVICES. THIS SECTION DESCRIBES HOW PROTECTED INFORMATION SUBMITTED BY YOU THROUGH THE SERVICES(S) MAY BE USED AND DISCLOSED. PLEASE REVIEW CAREFULLY.

The Services are operated by DataOceans. This section describes how we may use the Protected Information submitted by you through the Services. The section also describes your rights with respect to your Protected Information.

We know that keeping your Protected Information private is important to you. That is why DataOceans wants you to know how we use and disclose the Protected Information you share with us through the Services. In accordance with the terms of the General Privacy Policy above,

We maintain administrative, technical and physical safeguards that meet all applicable state and federal regulations, including HIPAA and GLBA;
We may disclose Protected Information when required by law in order to respond to a subpoena, prevent fraud or comply with an inquiry by a government agency; and
Any disclosure of your Protected Information will be done in compliance with HIPAA and GLBA.

Types of Information DataOceans Collects Through the Services. The type of Protected Information we collect depends on your use of the Services and/or your relationship with us (e.g. whether you are a User designated to use the Services, etc.). Examples of the types of information we collect from you or the applicable Client are:

Name
Address
Phone number
Email address
Financial information, including, without limitation, account number, account and payment history, credit information
Tax ID Number or Social Security Number or a portion thereof
Asset ownership information (e.g. vehicles registered in your name)
Data from medical records, including, without limitation, information such as gender, height, weight, family history, medical diagnosis, medical claims and payment history

Claims information and explanation of benefit information
Fax number

Permitted Uses and Disclosure of Your Protected Information. Generally, we may use and disclose Protected Information provided by you or the applicable Client through the Services, as described below.

We may use and disclose your Protected Information for the provision, coordination, or management of consumer finance or healthcare and related services by one or more Clients, including the provision, coordination or management of communications from your consumer financial or healthcare provider.

We may use and disclose your Protected Information for payment of consumer finance obligations or medical claims.

We may use your Protected Information to support the operations of our Clients, which may include consumer finance, banks, credit unions, financial services or healthcare operations.

More specifically, to the extent permitted by applicable law, we may use information collected in connection with the Services for:

Developing legally required communications and notices regarding your consumer finance accounts or obligations,
Conducting marketing activities and order fulfillment as requested and directed by our Clients,
Managing communication preferences and information for our Clients,
Delivering communications (statements, bills, invoices), letters or notices on behalf of our Clients through print and electronic channels
Supporting fraud and abuse detection and compliance programs,
Collecting information for the payment of consumer finance obligations or medical claims.
Updating demographic or contact information on Client systems of record

Authenticating users or supporting user administration
For use in billing our Clients and/or
Supporting payment or other transactions

Changes to the Service-Specific Privacy Policy. Per Section 10 of the General Privacy Policy, DataOceans may update the Service-Specific Privacy Policy from time to time in our sole discretion to reflect changes to our information and privacy practices regarding Protected Information submitted through the Services. We will post any updated Portal-Specific Privacy Policy on this page or in the Services or with any notice to individual Users if required by applicable law. Continued use of the Services after any such modifications constitutes acceptance to any such modified Service-Specific Privacy Policy. DataOceans encourages you to review this Service-Specific Privacy Policy regularly for any changes. The date of last revision is shown at the “Last Updated” legend at the top of this page.

If you have any questions regarding our Service-Specific Privacy Policy, our practices regarding Protected Information submitted through the Services, or your dealings with us, please feel free to email us at privacy@dataoceans.com.