“Sensitive Personal Information” includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.
Types of Personal Information that We Collect
- Physical address
- Email addresses
- Telephone numbers
- Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.
- User IDs and passwords
- Identifiers of devices used to access our Services
Information that We Collect from and About You
Information that You Provide to Us Voluntarily
Content: We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as HIPAA protected health information, EU personal data, and other information such as source code or regulatory compliance materials.
Other submissions: We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.
Information that We Collect Automatically When You Use Our Services
Web Logs and Analytics Information: We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers, also collect and store analytics information when you use our Services to help us improve our Services.
Information that We Collect from Other Sources
Information that We Receive About You From Our Customers
Our customers and their designated users use our Services to develop, establish, implement, and maintain secure application and database deployment environments for processing sensitive data, including personal information and sensitive personal information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store personal information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.
Our customers and prospective customers are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of personal information, prior to providing that personal information to eKare.
Why We Collect Information from and About You
We will not use your personal information for anything other than the following lawful purposes:
To establish and maintain contractual relationships with our customers:
- To establish relationships with new customers
- To fulfill our obligations to current customers
- To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
- To enable individuals to access and use our Services
To comply with our legal obligations:
- To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements
- To demonstrate compliance with applicable privacy and data security laws and regulations, such as HIPAA and GDPR
- To comply with incident monitoring, reporting, assessment, and notification requirements
- To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law
To provide services and information that you request and consent to receive:
- To provide customer service and support
- To communicate with you, including responding to your comments, questions, and requests regarding our Services
- To process and complete transactions, and send you related information, including purchase confirmations and invoices
- To provide direct marketing, email, and other distributed information distribution
To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:
- To administer, operate, maintain, and secure our website and Services
- To monitor and analyze trends, usage, and activities in connection with our Services
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
- To verify compliance with our internal policies and procedures
- For accounting, recordkeeping, backup, and administrative purposes
- To customize and improve the content of our communications, websites, and social media accounts
- To educate and train our workforce in data protection and customer support
- To provide, operate, maintain, improve, personalize, and promote our Services
- To develop new products, services, features, and functionality
- To market our products and services (first-party marketing only; we do not provide personal information for use in marketing any non-eKare, third-party goods or services)
How do we protect your information?
- We only provide articles and information. We never ask for credit card numbers.
- We do not use Malware Scanning.
- Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
- We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
- All transactions are processed through a gateway provider and are not stored or processed on our servers.
How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- other people where we have your consent.
Information for EU-Based Individuals: EU-U.S. Privacy Shield Compliance
eKare, Inc. is a participant in the U.S. Department of Commerce’s EU-U.S. Privacy Shield program, and has certified that we adhere to the EU-U.S. Privacy Shield Principles. eKare is subject to the investigatory and enforcement powers of the Federal Trade Commission. For more information about the EU-U.S. and Swiss-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
EU-U.S. Privacy Shield Onward Transfers
For personal data transferred from the EU to the U.S. or other third country not determined to meet EU adequacy requirements, if we transfer your personal data to a third party, we will ensure that the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy. We will also ensure that the third party will apply the same level of protection to that data as the EU-U.S. Privacy Shield Principles and will notify us if it makes a determination that it can no longer meet this obligation. eKare may be potentially liable if these requirements are not met.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to firstname.lastname@example.org.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to email@example.com.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to firstname.lastname@example.org. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
- Users can visit our site anonymously.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify you via email
- Within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
Complaints, Questions, and Arbitration
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we strive to resolve all complaints about privacy and the collection or use of customer information. If you have questions about our participation in the Privacy Shield programs or have a complaint, please send an e-mail to email@example.com.
Under the Privacy Shield programs, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the International Centre for Dispute Resolution®/American Arbitration Association®. If you feel that we have not satisfactorily addressed your complaint, you can visit the ICRD/AAA website.
for more information on how to file a complaint. In some cases, you may be able to invoke binding arbitration.
Notification of Changes
Your continued use of our Services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy.
3040 Williams Drive Ste 610
Fairfax, Virginia 22031
Our EU Representative
2153 GM Nieuw-Vennep
Last Edited on 08/23/2018