Privacy policy.
Effective Date: 01/01/2022
Latest Version: 09/26/2023
Ebility, LLC (referred to herein as “Ebility,” “us”, “we”, or “our”) is sensitive to the concerns that you have about the use of the information that you disclose to Ebility via its website or applications (collectively, the “Services”). Accordingly, this Privacy Policy (the “Policy”) sets forth Ebility’s privacy practices and the possible uses of the information that it gathers through the Services. Ebility will not sell, share, or rent Your Information to others in ways different from those disclosed in this Policy.
1. Data Collection
Ebility acts as the data controller for the information you provide or that is collected by Ebility or its affiliates. Ebility collects data to operate effectively as a business and to provide you, the user, with tailored services and products. In some cases, you may have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary in order for us to provide Services, you may not be able to use such Services. We provide further information below, on the types of personal data we obtain and how we use them, which apply when you use the Services.
a. Personal data
While using the Services, we may ask you to provide us with certain personally identifiable information that can be used to register, contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
i. Your First, middle and Last name
ii. Your email address
iii. Physical address
iv. Your medical specialty and NPI (National Provider Identifier)
v. Your account password
vi. Healthcare Organization
vii. Location
viii. Employment status
ix. Company role
x. Device identifiers
xi. Domain
This basic information is necessary to complete your user registration and for you to use our Services. If you decline to provide this information during the registration process, you cannot create an account on the platform and use our Services. We reserve the right to confirm the accuracy of registration data for medical verification purposes using external third-party sources, such as open government databases or other data in the public domain.
b. Cookies
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory. The Services do not use these “cookies” explicitly. However, the Services may use third party code and libraries that use “cookies” to collect information and improve their services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
c. Usage data
Usage Data is collected automatically when using the Services. Usage Data may include information such as Your Device’s Internet Protocol address, browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Services by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We may also collect information that your browser sends whenever you visit our Services or when you access the Services by or through a mobile device.
d. Correspondence
We may process personal information contained in or relating to any inquiry or communication that you send to us or that we send to you. This could include customer support queries from our users, enquiries from journalists or any other correspondence. The correspondence data may include the communication content and metadata associated with the communication, as well as any contact details you may provide to us, such as your name, email address, phone number, job title, address or social media username.
If we have some commercial relationship with you or with your employer then we may receive personal information, such as your contact details. We process these for the purposes of administering our commercial relationship with you or your employer.
Your personal information may be provided to us by someone other than you. We might be introduced to you in correspondence by a mutual commercial partner, for example, or we might receive personal information through other users of our products or services. We may also obtain your personal information in the course of our market research, if you have a public profile associated with an entity with whom we do business or wish to do business.
2. Data usage
Ebility uses the collected data for various purposes:
i. To provide and maintain our Services, including to monitor the usage of our Services.
ii. To notify you about changes to our Services and to provide customer support.
iii. To detect, prevent and address technical issues.
iv. To gather analysis or valuable information so that we can improve our Services.
v. To manage your registration as a user of the Services. The Personal Data you provide can give you access to different functionalities of the Services that are available to you as a registered user.
vi. To provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.
vii. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
viii. To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or inquired about unless you have opted not to receive such information.
ix. Gathering metrics about the survey taking experience.
xi. Gathering and processing survey information and/or contact requests from the patient surveys.
x. For any other purpose with your consent.
3. Retention of Data
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.
4. Transfer of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Ebility will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
5. Disclosure of Data
We may disclose personal information that we collect, or you provide in accordance with the following provisions:
i. Disclosure for Law Enforcement.
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.
ii. Business Transactions
If Ebility is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
iii. Other cases.
We may disclose your information also:
– To our subsidiaries and affiliates
– To contractors, service providers, and other third parties we use to support our business
– To fulfill the purpose for which you provide it
– For the purpose of including your company’s logo on our website
– For any other purpose disclosed by us when you provide the information
– With your consent in any other cases
– If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Ebility, our customers, or others.
6. Security of Data
The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
7. Your Data Protection Rights under the California Consumer Privacy Act (CCPA)
If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us what personal information we have about you. If you make this request, we will provide you with:
– The categories of personal information we have collected about you.
– The categories of sources from which we collect your personal information.
– The business or commercial purpose for collecting or selling your personal information.
– The categories of third parties with whom we share personal information.
– The specific pieces of personal information we have collected about you.
– A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
– A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
Please note, you are entitled to ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the personal information we collected about you in the previous 12 months.
If you request that we delete your personal information, we will do so and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
If you submit a request to stop selling your personal information, we will stop selling it. If you are a California resident, to opt-out of the sale of your personal information, click “Do Not Sell My Personal Information” at the bottom of our home page to submit your request.
Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances, we will discriminate against you for exercising your rights.
To exercise your California data protection rights described above, please send your request(s) by one of the following means:
By email: compliance@ebility.io
By visiting this page on our website: http://www.ebility.io/contact-us
8. Service Providers
We may employ third party companies and individuals to facilitate our Services (“Service Providers”), provide Services on our behalf, perform Services-related services or assist us in analyzing how our Services is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
9. Links to Other Sites
Our Services may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
10. Children’s Privacy
Our Services are not intended for use by children under the age of 18 (“Child” or “Children”). We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.
11. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Ebility, complies with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, as such regulations may be amended from time to time (collectively referred to herein as the “HIPAA Rules”). All Protected Health Information (PHI) shared by you or your patients for business purposes is protected in accordance with the HIPAA Rules through Business Associate Agreements (BAAs). Ebility pledges to protect any PHI obtained until such time as that PHI is destroyed.
12. Patient experience and satisfaction survey
Ebility requires that user and patient information be held in strict confidence. Our contracts with our third-party service providers strictly limit the use of privacy information and require strong security protections. We currently use the following third parties:
AWS and MondoDB for sending surveys and data storage.
Information that we collect to serve you and your patients and ways in which we use this information include (but may not be limited to):
Audit trails for security and HIPAA compliance reasons
Gathering metrics about the survey taking experience
Improving our services
Improving survey and website ease of use
Gathering and processing information and/or contact requests from our website and/or patient surveys
All data is kept secure and in compliance with system and organization controls.
We do not share your information or the information of your patients with anyone other than those required to perform our services for you, and we hold our service providers to the same standards. We do not use the information we obtain for marketing to any of our users’ patients.
Occasionally we may need to share results or data with third parties. For example:
If a user instructs us to, we share data with third party registries and CMS.
If needed to comply with any applicable law, regulations, legal processes or enforceable government requests.
Ebility creates guides and reports using aggregated and de-identified survey results. We do not include identifying information about our users or patients in these publications unless we have consent of the applicable parties. Patients may choose to publish a comment about their experience with their provider on either www.ebility.io, to google reviews, or on their own social media pages. These comments, and if applicable names, are intended for public consumption and are therefore viewable by the public.
13. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Services, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
By email: compliance@ebility.io
By visiting this page on our website: http://www.ebility.io/contact-us