hc1.com® Website Privacy Statement, effective as of September 2, 2016

Policy

hc1.com® Privacy Policy, effective as of September 2, 2016

hc1.com Inc. (hc1.com, “us”, “our” or “we”) is committed to protecting the privacy of individuals who visit the hc1.com Web sites (“Visitors”) and individuals associated with organizations who register to use the Services as defined below (“Customers”). This Privacy Policy (the “Statement”) describes hc1.com’s privacy practices in relation to the use of hc1.com’s public Web site (www.hc1.com), other hc1.com Web sites made available from time to time, and applications and services offered by hc1.com (collectively, the “Services”).

Compliance with the EU–U.S. Privacy Shield Principles

hc1.com has also certified its compliance with the EU–U.S. Privacy Shield Principles, set forth by the U.S. Department of Commerce and the European Union, with respect to personal data transferred from the European Union to the United States . You may access the Privacy Shield Notice (here) for a description of how hc1.com complies with the Privacy Shield Principles. For more information on the EU–U.S. Privacy Shield, please visit the U.S. Department of Commerce’s Privacy Shield website here.  

Scope

This Statement covers only data collected through the Services and not any other data collection or processing, including, without limitation, data collection practices of webpages to which the Services link, or data that we or our affiliates collect offline or through webpages that do not display a direct link to this Statement.

By accessing the Services, you acknowledge notice of this Statement and agree with and acknowledge the terms, conditions and responsibilities as set out below.

We may make access available to third party sites, such as social media sites, via the Services. When accessing these third party sites, the privacy policy of the third-party applies, and this Statement does not apply.

Types of Data and Collection Methods

We receive data that you actively submit through the Services (‘Data”) as described below.

When you request information or otherwise actively send us Data through the hc1.com public Web site (“actively submitted data”), we collect Data such as name, e-mail address(es), telephone number(s), and company name. You can opt-out of providing information by not entering it when asked and, if such information is required in order to allow us to respond to your inquiry, you will receive a notice advising you of this. When you submit Data via the Services, you will know what Data we collect through the Services, because you actively submit it.

Additionally, when you visit the hc1.com public Web site(s), we also passively track information on your computer and Internet connection, such as the IP address of your computer and/or Internet service provider, the date and time you access the Web site(s), the Internet address of Web sites from which you link to our Services, the computer technology you are using and your movements and preferences on our Web site(s).

Unless you also actively submit personal information such as your name or address, passively tracked data does not typically allow us to identify you personally (even though it can theoretically be done, we do not have the means or an interest to find out who you are, unless you identify yourself voluntarily through an active submission of data). To the extent permitted by applicable law, we reserve the right to combine passively tracked Data with personal Data that you actively submit.

Collection Purposes and Use of Data

We collect Data that is passively tracked via our Services primarily for purposes of administering, protecting and improving our Services, to better understand the preferences of our Visitors, to identify server problems, to compile aggregated statistics about site usage, and to help personalize your experience on our Services. We do not deliver third party online advertisements on our sites but we may advertise our products and services on others’ Web sites.

hc1.com may also use Data you voluntarily provide to perform the services you requested. For example, if you fill out a “Contact Me” Web form, we will use the information provided to contact you about your interest in the Services.

Web Site Navigational Information

Cookies, Web Beacons and IP Addresses

hc1.com uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Site (“Web Site Navigational Information”). We specifically use targeting or advertising cookies (described below) on the hc1.com public Web site(s).

Cookies

hc1.com uses cookies to make interactions with the Services easy and meaningful. When you visit the Services, hc1.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to hc1.com, such as filling out a “Contact Me” Web form, you remain anonymous to us.

hc1.com uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. Please note that if you disable your Web browser’s ability to accept cookies, you will still be able to navigate the Services.

Targeting or Advertising Cookies

From time-to-time, hc1.com engages third parties to track and analyze Visitors’ navigation of its public Web site usage and volume statistical information from individuals who visit the public Web site. For example, these cookies remember which browsers have visited the public Web site. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after we receive it.

hc1.com may also contract with third-party advertising networks that collect IP addresses and other information from Web beacons (see below) on the public Web site, from emails, and on third-party Web sites. Ad networks follow your online activities over time by collecting Web Site Navigational Information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other Web sites. This process also helps us manage and track the effectiveness of our marketing efforts.

Third parties, with whom we partner to provide certain features on the public Web site or to display advertising based upon your Web browsing activity, may use Flash cookies to collect and store information.  Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored.

Web Beacons

hc1.com uses Web beacons alone or in conjunction with cookies to compile information about Visitors’ usage of the public Web site and interaction with emails from hc1.com. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, hc1.com may place Web beacons in marketing emails that notify us when you click on a link in the email that directs you to the public Web site. hc1.com uses Web beacons to operate and improve the public Web site and email communications.

IP Addresses

When you visit the public Web site, we collect your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, hc1.com uses IP addresses to monitor the regions from which Visitors navigate the public Web site.

Links to Other Web Sites

hc1.com occasionally provides links to other entities on the Services for your convenience in locating certain information, services, and products. Please be advised that when you link to these other sites, you are leaving the hc1.com Service(s) and that these third party sites are maintained by organizations over which hc1.com has no control.

Accordingly, a link on the Services do not constitute endorsement of the content, viewpoint, policies, products, or services provided or advertised on the third party site. Once you link to a site not maintained by hc1.com, you are subject to the terms and conditions of that site.

Social Media

If you post material to a blog or other social media feed located on or accessed through the Services, you should be aware that any personally identifiable information you submit can be read, collected or used by other users of these blogs, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these blogs.

Opt-Out

In connection with promotions or other projects, we may ask you specifically whether you have objections against a certain kind of data use or sharing. If you opt-out under such circumstances, we will respect your decision. To opt-out of receiving marketing communications from hc1.com via email please click on the “opt-out” link in the email communication. Please be advised that communications sent by hc1.com via other means are initiated via lists maintained by hc1.com from explicit opt-in scenarios such as website downloads or tradeshows. These lists provide for an opt-out option at the time you submit your information. Please note that our affiliates and other data recipients have their own data privacy policies, which may differ from ours and you would have to contact them separately with respect to opt-out requests.

Correcting and Updating Your Information

Customer Data

hc1.com’s Customers may electronically submit Data or information to the Services for hosting and processing purposes (“Customer Data”). hc1.com will not review, share, distribute, or reference any such Customer Data except as provided in hc1.com’s Subscription Services Agreement,  the hc1.com Terms of Service available by accessing www.hc1.com/legal/terms-service/, or as may be required by law. In accordance with the Terms of Service, hc1.com may access Customer Data only for the purpose of providing the Services or preventing or addressing service or technical problems or as may be required by law.

Your California Privacy Rights

California law provides that California residents have a right to request businesses to tell them how their personal information has been shared, if at all, with third parties for the third parties’ direct marketing purposes.  To make such a request, please contact us at the contact information listed below.

Do Not Track

Certain web browsers and other devices you may use to access the Services may permit you to indicate your preference that you do not wish to be “tracked” online.  At this time, the Services do not respond to “Do Not Track” signals.

Security

Transmissions over the Internet are never 100% secure or error-free. However, we take reasonable steps to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Children Under 13

hc1.com is committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests.  The hc1.com public Web site is not directed to children under 13 years old, and we do not market to or knowingly collect any personally identifiable information from a child under the age of 13 without the consent of the child’s parent or legal guardian. If a parent or guardian becomes aware that his or her child has provided us with personal or contact information without their consent, he or she should contact us. If we become aware that we have inadvertantly collected personally identifiable information from a child under the age of 13, we will immediately take reasonable steps to delete such information from our public Web site(s).

Amendments

We reserve the right to change, modify, add or remove portions of this Statement from time to time and in our sole discretion, but will alert you that changes have been made by indicating on the Statement the date it was last updated. When you visit the Services, you are accepting the current version of this Statement as posted on the Service at that time. We recommend that users revisit this Statement on occasion to learn of any changes.

Contact Us

If you have any questions about this Statement, please email us at privacy@hc1.com, or you may contact us at the following:

hc1.com Inc.
6100 Technology Center Drive
Indianapolis, IN 46278
Phone: (317) 219-4646

 

hc1.com and the EU-U.S. Privacy Shield Notice

Effective Date: September 2, 2016   

hc1.com Inc. adheres to the principles of the EU-U.S. Privacy Shield framework with respect to personal data submitted by hc1.com’s customers in reliance on the Privacy Shield.   Specifically, hc1.com complies with the E.U.-U.S. Privacy Shield framework as agreed to between the U.S. Department of Commerce and the European Commission regarding the collection, use, and retention of personal information from European Union (EU) member countries. hc1.com has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. By participating in the Privacy Shield, we have agreed to abide by the investigatory and enforcement powers of the U.S. Federal Trade Commission or any other U.S. authorized statutory body. For more information on the EU–U.S. Privacy Shield, and to view hc1.com’s certification, please visit the U.S. Department of Commerce’s Privacy Shield website at www.privacyshield.gov. 

This notice outlines our general policy and practices for implementing the Privacy Shield Principles.  If there is any conflict between the policies in this notice and the Privacy Shield Principles, the Privacy Shield Principles will govern.  For the purposes of this notice, “personal data” refers to any personally identifiable information that we receive in the U.S. from the E.U. “Sensitive personal data” is a subcategory of “personal data” and is defined as personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual.

For more information on how hc1.com generally collects and maintains personal data, and to review our policies regarding data privacy and security, please access the hc1.com Privacy Policy here.

Data Processing

hc1.com is a data processor on behalf of its Customers.  We provide services to our Customers to use to operate aspects of their businesses. hc1.com may process Data our Customers submit to our Services or instruct us to process the Data on their behalves. hc1.com’s Customers are data controllers and decide what Data to submit.

 

Types of Personal Data Collected and Purposes for Using and Disclosing Personal Data

To provide Services to our Customers, hc1.com collects personal data that includes, but is not limited to, (1) first and last names; (2) email addresses; (3) telephone numbers; (4) mailing addresses; and (5) medical information, such as laboratory test results, generated by our Customers’ clients. “Sensitive data” is a subset of “personal data” and includes information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or the sex life of the individual.

hc1.com processes Data submitted by Customers for various purposes, including, but not limited to: (1) providing hc1.com’s online Services to our Customers and (2) marketing our products and services to our Customers. To fulfill these purposes, hc1.com may access the Data to provide the Services, to correct and address technical or service problems, to follow the instructions of the Customer who submitted the Data, or to fulfill contractual requirements. Please be aware that in rare situations, it may be necessary disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Choice to Limit Use and Disclosure of Personal Data

We recognize that EU individuals have the right to limit the use and disclosure of their personal data, and hc1.com is committed to respecting those rights.  We offer individuals the opportunity to opt-out of disclosures of personal data to a third party or the use of personal data for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual.  

We will comply with the Privacy Shield Principles with respect to disclosures of sensitive data including, when applicable, obtaining the explicit consent (i.e., opt-in consent by way of our Customers) of the individual prior to disclosing sensitive data to a third party or using sensitive data for purposes other than those for which it was originally collected or subsequently authorized by the individual.

Accountability for Onward Transfers of Personal Data to Third Parties

We are potentially liable in cases of onward transfers of personal information to third parties, such as when third parties that act as agents on our behalf process personal information in a manner inconsistent with the Privacy Shield Principles.  hc1.com uses a limited number of third-party service providers to assist us in providing our Services to Customers. These third parties may access, process, or store personal data in the course of providing their services. hc1.com maintains contracts with these third parties to ensure that they provide the same level of privacy protection as is required by the Privacy Shield principles and to restrict their access, use and disclosure of personal data in compliance with our Privacy Shield obligations.  

We also transfer personal data to our third party agents, such as: infrastructure as a service providers and vulnerability testing providers.

Right to Access Personal Data

hc1.com recognizes that EU individuals have the right to access personal data about them, and to limit use and disclosure of their personal data and hc1.com is committed to respect this right. Individuals also have the right to obtain our confirmation of whether we maintain personal data relating to you.  Further, hc1.com will also enable you to correct, amend or delete personal data related to you in our possession and control that is inaccurate or incomplete.  Your right to access your personal data may be restricted in exceptional circumstances, including, but not limited to, when the burden or expense of providing this access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated by the provision of such access.  If hc1.com determines that your access should be restricted in a particular instance, we will provide you with an explanation of our determination and respond to any inquiries you may have.

Because hc1.com personnel have limited ability to access the data our Customers submit to our Services, individuals who wish to request access, to limit use, or to limit disclosure of his/her Data must provide the name of the hc1.com Customer who submitted his or her Data to the Service(s). hc1.com will contact the Customer with your request and will support the Customer as needed in responding to your request.  To request to access, correct, amend, or delete personal data, please contact hc1.com at privacy@hc1.com.

Recourse, Enforcement, and Liability

 

EU individuals whose data is maintained through the Services may direct inquiries or complaints concerning our privacy practices or Privacy Shield compliance to privacy@hc1.com. hc1.com will respond within 45 days of receiving the inquiry. For complaints that cannot be resolved with hc1.com directly, hc1.com has contracted with the American Arbitration Association (AAA) in relation to such unresolved complaints.  We will cooperate with (AAA), an independent dispute resolution mechanism, to resolve any complaint that is not resolved through our internal processes.

Please note that if an individual’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.  

 

Professional Services Addendum

 

hc1.com and the EU-U.S. Privacy Shield Notice