Privacy Policy
SCOPE AND PURPOSE
Contrast AI Inc. (“Contrast”, “us”,“we”, or “our”) operates www.contrastai.com and the Contrast web and mobileapplications (hereinafter referred to as “Services”). This privacy policy(“Policy”) outlines how Contrast collects, uses, and shares information aboutyou through Contrast Services and other websites and applications that link tothis Policy (collectively, the “Sites”).
This Policy also covers informationwe collect offline, such as during visits to our offices, at Contrast events,through interactions with our representatives, or in other contexts in which wemake this Policy available to you. This Policy does not extend to Contrastproduct offerings with their own privacy policies, or third-party websiteslinked from our Sites and Services. We do not control and are not responsiblefor the privacy practices of the websites of other entities and we urge you toreview any applicable third-party privacy policies for yourself.
Our processing of data on behalf ofour healthcare provider customers is governed by the agreements we enter intowith our customers, which may include Business Associate Agreements asapplicable and required under the Health Insurance Portability andAccountability Act (“HIPAA”). Your healthcare provider may also have its ownprivacy practices and/or policies that govern its collection and use of yourdata. We are not responsible for how your healthcare provider treats yourinformation, and we recommend you review their privacy policies.
WHAT DOES CONTRAST DO?
Contrast is a provider of network-enabled services for hospital and ambulatorycustomers nationwide, headquartered in the United States. We offer cloud-basedsolutions in healthcare to deliver providers with enhanced clinicaldocumentation capabilities in electronic health record systems. Furtherinformation about Contrast can be found at www.contrastai.com.
WHAT PERSONAL INFORMATION DO WE COLLECT?
Personal Data
While using our Sites and Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”).
Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link.
Location Data
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Sites and Services, and to improve and customize our Sites and Services.
You can enable or disable location services when you use our Sites and Services at any time by way of your device settings.
Tracking Cookies Data
We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Sites and Services.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Sites and Services.
Examples of Cookies we use:
- Session Cookies: We use Session Cookies to operate our Sites and Services.
- Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
- Security Cookies: We use Security Cookies for security purposes.
- Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.
Other Data
While using our Sites and Services, we may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at place of residence and actual address, telephone number (work, mobile), details of documents on education, qualification, professional training, employment agreements, non-disclosure agreements, information on bonuses and compensation, information on marital status, family members, social security (or other taxpayer identification) number, office location and other data.
Sensitive health data is handled with additional safeguards as per HIPAA regulations.
HOW DO WE COLLECT YOUR INFORMATION?
We may collect information from you in the following ways:
- We collect information you provide directly to us, such as when you voluntarily enter information into fields on the Sites and Services, sign up for or request certain services or information, agree to participate in our surveys, or contact our customer service. Depending on how you interact with us, we may ask for your name, practice/organization name, address, email address, telephone number, and type of user (for example, patient, provider or partner). If you have an account with us, we may also collect your username or other login information (e.g., Practice ID) you use to log into or access your account. If you visit our offices or attend inperson Contrast events, we may collect information to protect the health and safety of our personnel, clients, guests, and the general public, such as health and travel information or any other information you provide to us.
- When you access our Sites and Services, we may collect information about your visit and your device using automatic data collection technologies as described in the “Cookies and Automated Data Collection Technologies” section below. This information may include IP address, geolocation information, browser type and version, device type, mobile device identifiers, and information reflecting how you searched, browsed, and were directed to the Sites and Services, including mouse movement, click, touch, scroll, and keystroke activity.
- We may also collect information from other sources, such as lead generation companies, social networks, and business partners that offer co-branded services or help us sell or distribute our products. We may also collect information from other users of our Sites and Services or from available sources
We monitor the collection of personal information. On a quarterly basis, we evaluate accuracy of personal information records and attempt to correct inaccurate personal information as necessary. On an annual basis, we review our personal information collection practices to ensure they are in line with this Policy
HOW DO WE USE YOUR INFORMATION?
We use your information:
- In ways that you would expect us to based on why we collected it. For example, if you contact us with a request for information about our products, Sites and Services, we will use your information to respond to your request.
- To provide, enhance and improve our Sites and Services, including to optimize our Sites’ and Services’ functionality and identify our visitors’ and users’ areas of interest. For example, when you participate in our surveys, screeners, and/or information gathering sessions, or otherwise provide feedback, we may use that feedback to develop new products and services.
- To identify and authenticate you, such as to determine and validate whether you are an existing user of our Sites and Services or products or a prospective client.
- To enable cross-device/cross-context tracking for an account you may have with us. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices so you can more easily use your account(s).
- To communicate with you, such as you send you emails, solicitations, invitations, newsletters, awareness campaigns, and announcements.
- To maintain the safety, security, and integrity of our Sites and Services, and for our own internal legal compliance purposes.
- To protect the health and safety of our personnel, clients, guests, and the general public.
- For other purposes explained at the time of collection, or for other business purposes consistent with the context of the collection of your information.
We may use information that does not identify you and could not reasonably be used to identify you (including information that has been aggregated, anonymized, or de-identified) for any purpose except as prohibited by applicable law.
HOW DO WE SHARE YOUR INFORMATION?
We disclose the following categories of personal information for commercial purposes: identifiers, commercial information, internet activity, and geolocation data.
We share information outside of Contrast in the following circumstances:
- With service providers and vendors that provide services to us, such as to provide analytics, manage our content, administer ads, provide insights to us related to marketing needs, for market research purposes, and to analyze our marketing efforts.
- With third parties that provide audience matching services. For instance, we may incorporate the Facebook pixel on our non-patient facing Sites and Services and may share your email address with Facebook as part of our use of Facebook Custom Audiences. This helps us find more potential customers that have similar interests to our existing audience. Some technology services may provide us with their own data, which is then uploaded into another technology service for matching common factors between those datasets.
- With our related entities and/or affiliates for business purposes including, but not limited to, customer support, marketing, technical and business operations. We also may share information with affiliates for commercial purposes.
- When you make your information public or otherwise accessible to other users through the Sites and Services, such as information that you post on public review pages. Please think carefully before posting such information as you are solely responsible for the content you post and the potential use of such information by others. Once you have posted information, you may not be able to edit or delete such information. We typically notify you in advance that we will share your information with our customers if you complete a survey.
We also share information with other entities in the following situations:
- Where you have given us your consent to share or use information about you;
- When we believe that we need to share information about you to provide a service that you have requested from us or from others;
- Where we are required by law or other legal process to disclose information, and where required, in response to a lawful request by public authorities, including meeting national security or law enforcement requirements;
- Where we believe that it is necessary to avoid liability or violations of the law;
- To protect the rights, property, life, health, security, and safety of us, the Sites and Services, or anyone else;
- To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, or acquisition of all or any part of our business.
- At your request or direction, such as when you choose to share information with a social network about your activities on the Sites and Services; or To any other person with notice to you and your consent to the disclosure.
Notwithstanding the above, we may share information that does not identify you and could not reasonably be used to identify you (including information that has been aggregated, anonymized, or deidentified) except as prohibited by applicable law.
With respect to deidentified patient information, we disclose such deidentified information to third parties only when permissible pursuant to our contractual commitmentswith our customers and in accordance with Health InsurancePortability and AccountabilityAct (“HIPAA”) requirements or other applicable law. We employ the safe harbor method or the expert determination method, as enumerated under HIPAA. Those third parties to whom the deidentified data is disclosed are third party service providers/vendorswith whom we have relationships and/or academic researchers and/or institutions that are contributing to healthcare.
We conduct quarterly reviews to ensure disclosure of personnel information is in line with this Policy and prevent the disclosure of personal information to third parties unless an individual has given implicit or explicit consent for disclosure.
7. OPT-OUT OF PERSONAL INFORMATION DISCLOSURE TO THIRD PARTIES
At Contrast, we respect your privacy and understand that you may not want your personal information to be shared with third parties for certain purposes. In accordance with our commitment to protect your privacy, you have the option to opt-out of the disclosure of your personal information to third parties.
If you wish to opt-out of having your personal information disclosed to third parties, you can do so in the following way(s):
Email Request: Send an email to our Privacy Team at legal@contrastai.com with the subject line "OptOut of Personal Information Disclosure." Please include your full name and the email address associated with your account, if applicable.
By opting out, you request that your personal information not be shared with third parties for marketing purposes, analytics, or other similar uses. Please note that this does not apply to information shared for essential business purposes, such as completing transactions, performing services you have requested, or as required by law.
Once you have submitted your opt-out request, we will process it promptly and confirm its implementation. We will maintain a record of your opt-out request to ensure your choice is respected in future data processing and sharing activities.
Opting out may affect your experience with our services, as certain functionalities are dependent on data sharing. We will make efforts to minimize any impact while respecting your privacy choices
Even after opting out of personal information disclosure to third parties, you may still receive communication from us related to your account, transactions, and necessary service-related information.
8. RETENTION AND PROTECTION OF DATA
While we maintain your information, we protect it using administrative, physical, and technical security safeguards designed to protect your information. When we collect certain sensitive information, we encrypt the transmission of that information using secure socket layer technology (SSL). Despite these measures, we cannot guarantee the security of the information we maintain about you.
We retain information for different periods of time depending on the purposes for which we collect and use it, as described in this Policy. We will not retain information for longer than needed to fulfill these purposes unless a longer retention period is required to comply with legal obligations. Also, there may be technical or other operational reasons where we are unable to delete or de-identify your information. Where this is the case, we will take reasonable measures to prevent further processing your information.
9. COOKIES AND AUTOMATED DATA COLLECTION TECHNOLOGIES
Our Sites and Services may use cookies and similar technologies (such as pixels and pixel tags, ad tags, Software Development Kits (“SDKs”) clear GIFs, session replay scripts, and Javascript). Cookies are small text files placed on your device that help the Sites and Services work and help us gather statistical information about how visitors use the Sites and Services, improve your experience, and maintain security.
Cookies also help us deliver advertisements, some of which may be tailored to your behaviors on the Sites and Services. We engage third parties to help us deliver these advertisements, and these third parties may collect your information over time and across our Sites and Services (and third party sites) in order to associate different devices you use and further gain insights into the goods and services that may interest you.
To exercise your options with respect to cookies, please select “Cookie Preferences” on the banner that is visible upon first visiting our website, or click link on the bottom of www.contrastai.com labeled, “Cookie Preferences”
SOCIAL MEDIA AND OTHER INTEGRATIONS
Some of our Sites and Services may have social media and technology integrations that are operated or controlled by separate entities. We also may collect information from third party social media and marketing companies to enhance our data sets. Some examples include:
- Links. Our Sites and Services include links that hyperlink to websites, platforms, and other services not operated or controlled by us.
- Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Sites and Services that allows you to “like” or “share” content on, or log in to, your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration.
- Brand Pages and Chatbots. We may offer our content through social media. Any information you provide to us when you engage with our social media content is treated in accordance with this Policy. Also, if you publicly reference our Sites and Services on social media (e.g., by using a hashtag associated with Contrast in a tweet or post), we may use your reference on or in connection with our Sites and Services.
- Platform Linking. Our Sites and Services may offer you the ability to link to another service or partner to retrieve certain data about your account on that service. For example, if you link your account to one of Contrast’s integration partners, the linking may allow us to obtain information such as your username and email address. For more information about how these platforms handle information about you, please refer to their respective privacy policies and terms of use.
Please note that when you interact with other entities, including when you leave our Sites and Services, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
11. STATE CONSUMER PRIVACY RIGHTS
Rights for Residents of Applicable States If you are a resident of a state with applicable consumer privacy laws, you may have the following rights:
- To confirm whether we process your personal information.
- To access your personal information.
- To correct inaccuracies in your personal information.
- To delete your personal information that we have obtained.
- To receive a copy of your personal information in a portable and readily usable format.
- To opt out of the sale or sharing of your personal information.
- To opt out of the processing of your personal information for purposes of (i) targeted advertising or (ii) automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect on you.
If you live in a state that requires specific consent prior to processing your sensitive personal information for certain purposes, we will obtain such and you can withdraw your consent at any time.
Residents of applicable states may exercise the above rights by:
- Submitting a written request to legal@contrastai.com.
We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.
Response Timing and Format
We endeavor to respond to a consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
California Resident Privacy Notice
Below, please find the categories of information we may have collected about you in the last twelve months, the purposes for the collection, and the third parties with whom your personal information may have been disclosed, shared, or sold. For more information on these practices, please see Sections III-VI.
Categories of personal information collected
- Identifiers
- Information contained in our customer records
- Commercial information Internet or other electronic network activity information
- Professional or employment information
- Geolocation data Inferences drawn from other personal information
Purposes for the collection or sharing of personal information
- To provide the Sites and Services
- To improve the Sites and Services
- To personalize the Sites and Services Marketing and advertising Business operations
- Where you have given us your consent
- As required by applicable law
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets
Third parties with whom personal information may have been disclosed, shared, or sold
- Service providers
- Third Party Partners
- Our related entities
- Other users through the Sites and Services (when you make your information public or otherwise accessible
- With our customers
- Where you have given us your consent
If you are a California resident, you may have the following rights with respect to the personal information we process about you:
To request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting or sharing the personal information, the categories of third parties with whom we have shared or sold your personal information, and the specific pieces of personal information we have collected about you.
- To request that we delete personal information that we have collected from you.
- To request that we correct inaccurate personal information that we maintain about you.
- To opt out of the sale or sharing of your personal information.
California residents may exercise the above rights by:
- Submitting a written request to legal@contrastai.com.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We may require you to use your email address in order to perform such verification. We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain information may be exempt from such requests. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process. You may only make a consumer request for access or data portability twice within a 12-month period. We will not discriminate against you for exercising any of your rights.
Response Timing and Format
We endeavor to respond to a consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Other California Privacy Rights
California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Sites and Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes in particular: Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make such a request, please write us at: Privacy Officer, Contrast AI, Inc. 222 West Merchandise Mart Plaza Suite 1230, Box 15, Chicago, Illinois 60654. We may require additional information from you to allow us to verify your identity and we are only required to respond to requests once during any calendar year.
12. MINOR’S PRIVACY
The Sites and Services are intended for a general audience and are not intended for minors under the age of eighteen. Contrast does not wish to obtain any information from or about such minors through the Sites and Services. If you are under eighteen years old, do not use the Sites and Services.
We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) about children under the age of 13. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us using the information in the “Contact” section below. We will remove the data to the extent required by applicable laws.
We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
13. INTERNATIONAL TRANSFER
Information collected is governed by U.S. law and may be transferred to, processed, and stored in the U.S. and other jurisdictions.
We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Sites and Services from outside of the U.S., please be aware that information collected through the Sites and Services may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Sites and Services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Policy.
14. UPDATES TO THIS PRIVACY POLICY
We review and compare our privacy program and Policy to requirements of applicable law and regulations at least annually. We reserve the right to make updates and revisions to this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on www.contrastai.com/legal and update the effective date. Any changes will be effective as of the “Effective” date. Your continued use of our Sites and Services following the posting of changes constitutes your acceptance of such changes
15. UPDATES TO SITES AND SERVICES
Contrast’s Privacy Officer reviews and approves changes to Sites and Services to ensure compliance with this Policy prior to implementation.
16. CONTACT
Contrast’s Privacy Officer presides over this Policy and data subject concerns. If you have any questions or comments about this Policy, the ways in which Contrast collects and uses your information described here, your choices and rights regarding such use, or you wish to exercise your rights under an applicable state law, please contact us by:
- Submitting a written request to legal@contrastai.com.
- Writing to:
Contrast AI, Inc.
Attn: Privacy Officer
222 West Merchandise Mart Plaza Suite 1230, Box 15
Chicago, Illinois 60654