Last Updated: April 2020
This privacy notice applies to any Garden Heights (the “Company”), Website, service, or portal (collectively “Services”) where this privacy notice is referenced, regardless of how you access or use them. This policy along with the Terms of service govern your use of the Company’s Website. This Notice is provided to you under the Health Insurance Portability and Accountability Act (HIPAA) and applies to all records received and created about your physical and mental condition and treatment (together “PHI”).
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Changes. We may amend this privacy notice at any time by posting the amended version on this site including the effective date of the amended version.
Information We Collect
- When you use or interact with us through the Services, we may collect Personal Data, including information that may be deemed Personal Health Information.
- Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Sometimes this will be on our own behalf and other times this will be on behalf of an Servicer using our Services.
- You may provide identifying information such as your name, addresses, telephone numbers, email addresses, business seller information, or tax identification number when registering for an account with the Company. Other Information you may provide the Company when creating a profile include, but is not limited to: a. A profile picture and access to your camera and/or photo library (if you choose to enable this service on your device);
- Additional information we are required or authorized by applicable local, state and national laws to collect and process in order to authenticate or identify you or to verify the information we have collected.
- Treatment. The Company may receive PHI from you and share PHI with health care providers involved in your treatment before, during, and after your stay with the Company.
Information We Use or Disclose
The Company may make certain disclosures of your PHI as and when required or otherwise authorized by law, and will limit the use or disclosure to the amount of PHI necessary to comply with and/or serve the purposes of the relevant federal, state, or local laws or ordinances, or the legitimate needs of responsible, authorized agencies in fulfilling their purposes, including, for example:
- To the United States Department of Health and Human Services as part of an investigation or determination of compliance with relevant laws;
- To a state agency for activities such as audits and inspections;
- To a court or administrative law judge or other tribunal for judicial or administrative proceedings and/or as required by court or administrative orders, subpoenas, and/or other lawful process unless the state has more restrictive laws;1
- To a public health authority which is permitted by law to collect or receive such information for the purpose of preventing or controlling disease, injury, vital events such as death, child abuse or neglect; of conducting public health surveillance, investigation and/or intervention; and reporting adverse reactions to medications or problems with regulated products;
- To a health oversight agency for oversight activities authorized by law, such as audits, investigations, and inspections.
- To coroners, medical examiners or funeral directors consistent with applicable law to carry out their duties.
- To organ or tissue procurement organizations to facilitate the donation of organs, eyes or tissues after your death; and
- For specialized governmental functions, such as national security, intelligence activities, and for the provision of protective services to the President to the extent required by Federal and State laws.
- Emergency. In the event of your incapacity or an emergency, the Company may also disclose your medical information based on our professional judgment of whether the disclosure would be in your best interests.
- Health Care Operations. The Company may use or disclose PHI in connection with managing and operating the organization. We may also disclose your health information to business associates with whom we contract to provide services where such business associates agree to appropriately safeguard your PHI.
- If you provide Personal Data for a certain purpose, we may use the Personal Data in connection with the purpose for which it was provided. For instance, if you contact us by e-mail, we will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address from which the contact came.
- We use your personal information to provide and improve our Services, provide you with a personalized experience on our sites, contact you about your account and our Services, provide you customer service, provide you with personalized advertising and marketing, and to detect, prevent, mitigate and investigate fraudulent or illegal activities.
- We use the personal information we collect from you for a range of different business purposes and according to different legal bases of processing.
Access and Use. If you provide Personal Data in order to obtain access to or use of the Services or any functionality thereof, we will use your Personal Data to provide you with access to or use of the Services or functionality and to analyze your use of such Services or functionality. For instance, if you supply Personal Data relating to your identity or qualifications to use certain portions of the Services, we will use that information to make a decision as to granting you access to use such Services and to assess your ongoing qualification to use such Services.
Staying Signed in. When you sign in to your account on our Services, we give you the option to stay signed in to your account for a certain amount of time. If you are using a public or shared cellular device, we encourage you not to choose to stay signed in. You or any other user of the cellular device/browser you signed in on will be able to view and access most parts of your account and take certain specific actions during this signed in period without any further authorization. If you are using a public or shared cellular device, you should sign out and/or clear your cookies when you are done using our Services to protect your account and your personal information.
Service Providers. We may share your Personal Data with Medical service providers who process Personal Data on the Company to perform certain business-related functions. We are not responsible for the actions of these Servicers, or their Third Party Servicers (or other downstream recipients of your Personal Data), with respect to your Personal Data. It is important that you review the applicable policies of the Servicers, and if applicable and available, their appointed Third Party Servicers, before providing Personal Data or other information in connection with that service.
Similarly, if you are a member of a Servicer’s organization within the Company, your Personal Data will be available to the Servicer and shared with those Third Party Servicers granted permission by the Servicer to view all members of the Servicer’s organization.
Legal Requirements. We may disclose your Personal Data if required to do so by law in order to (for example) respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of Users of the Services or the public, or (e) protect against legal liability.
How We Store Your Personal Data. We take all commercially reasonable steps to protect the Personal Data collected via the Services from loss, misuse, unauthorized use, access, inadvertent disclosure, alteration and destruction. However, no network, server, database or Internet or e-mail transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us electronically. Please keep this in mind when disclosing any Personal Data.
You can request access to some of your Personal Data being stored by us. You can also ask us to correct, update or delete any inaccurate Personal Data that we process about them.
If a Patient initiates a data deletion request, the Company is authorized to delete or anonymize Personal Data of the requesting Patient from the Services even if that means removing its availability to the Servicer through the Services. However, if you are a Patient, you understand that even if the Company deletes or anonymizes your Personal Data upon your request or pursuant to this Policy, your Personal Data may still be available in the Servicer’s own databases if transmitted to the Servicer prior to the Company receiving or taking action on any deletion or anonymization activity.
We will consider and respond to all requests in accordance with applicable law.
Access, correction, and deletion of your personal information. Upon your request, we will close your account and remove your personal information from view as soon as reasonably possible, based on your account activity and in accordance with applicable national laws.
If you believe that the information, we have about you is incorrect or incomplete, you may request an amendment to your PHI in a designated record set. You may submit a request for amendment in writing to the Privacy Officer, with a reason you wish to make the amendment. We may deny your request if you ask us to amend information that was not created by us, is not part of your designated record set, or if the information is determined to be accurate and complete as it is.
If you provide us with an authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time, and we will honor your request(s), except as required, prohibited, or permitted by law.
You have the right to request an “accounting of disclosures.” This is a list of disclosures that we have made of your PHI. We are not required to list certain disclosures, including (1) disclosures made for treatment, payment, and health care operations purposes, (2) disclosures made with your authorization, (3) disclosures made to create a limited data set, (4) disclosures made directly to you, (5) disclosures permitted or required by the Federal HIPAA Privacy Rule, and/or (6) disclosures occurring prior to April 14, 2003.
How Long We Retain Your Personal Data. We may retain your Personal Data as long as you are registered to use the Services. You may close your account by contacting us. However, we may retain Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data it may persist on backup or archival media for an additional period of time for legal, tax or regulatory reasons or for legitimate and lawful business purposes.
Limit the Personal Data You Provide. You can browse the Services without providing any Personal Data (other than Automatic Data to the extent it is considered Personal Data under applicable laws) or with limiting the Personal Data you provide. If you choose not to provide any Personal Data or limit the Personal Data you provide, you may not be able to use certain functionality of the Services.
Do Not Track. We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your Personal Data.
Third Party Privacy Practices. This privacy notice addresses only our use and handling of personal information we collect from you in connection with providing you our Services. If you disclose your information to a third party or visit a third party Website via a link from our Services, their privacy notices and practices will apply to any personal information you provide to them or they collect from you. We cannot guarantee the privacy or security of your personal information once you provide it to a third party and we encourage you to evaluate the privacy and security policies of your trading partner before entering into a transaction and choosing to share your personal information. This is true even where the third parties to whom you disclose personal information are bidders, buyers or sellers on our site.
Change of Ownership. If we are subject to a merger or acquisition with/by another company, we may share information with them in accordance with our global privacy standards. Should such an event occur, we will require that the new combined entity follow this privacy notice with respect to your personal information. If we intend to handle your personal information for any purposes not covered in this privacy notice, you will receive prior notification of the processing of your personal information for the new purposes.
At any time, if you feel that your rights have been violated or mistreated by Garden Heights, you have the right to file a grievance or a complaint. A grievance can be made by filing a complaint with the US Department of Health and Human Services, Office of Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling toll free 877-696-6775 or visiting their website at https://www.hhs.gov/hipaa/filing-a-complaint/index.html and following the instructions to submit an online complaint. It is important to understand that there will be no retaliation for a complaint filed, and you reserve this right not only during your treatment, but for any duration after the time in which you received services.
firstname.lastname@example.org or by mail
Garden Heights Recovery, Inc.
Address: 26 Journal Square Plaza, Suite 1202, Jersey City, NJ, 07306
If your personally-identifiable information changes, or if you no longer desire our service, you may correct, update, delete or deactivate it by emailing our Customer Support at email@example.com or by contacting us by telephone or postal mail at the contact information listed above. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
The Company does not charge for this service; however, message and data rates may apply from your mobile carrier. Subject to the terms and conditions of your mobile carrier, you may receive text messages sent to your mobile phone. Participation in the programs on this short code is standard rated (no premium content).
By providing your consent to participate in the Programs, you approve any such charges from your mobile carrier. Charges for text messages may appear on your mobile phone bill or be deducted from your prepaid balance. Clients and Potential Clients can text message the Company short code of (844) 209-9400 with a keyword to receive these services. The Company reserves the right to terminate this SMS service, in whole or in part, at any time without notice. The information in any message may be subject to certain time lags and/or delays. You are responsible for managing the types of SMS texts you receive. If you have any questions or need help, text HELP as a reply to any text message received from the Company, or call (844) 209-9400.
To stop receiving text messages, text STOP, STOP ALL, END, QUIT, CANCEL, or UNSUBSCRIBE, in reply to any text message received from the Company. By consenting the use of the Programs, you consent that following such a request to unsubscribe, you will receive one (1) final message from the Company confirming that you have been inactivated in our system. Following such confirmation message, no additional text messages or automatically dialed phone calls will be sent unless you re-submit your consent.
The Company may use an automatic dialing system to make telephone calls or to deliver text messages to you. The Federal Communications Commission defines an “automatic telephone dialing system” or auto dialer as equipment that has the capacity to store or produce telephone numbers to be called and to call such numbers. 47 C.F.R. § 64.1200. By your consent to be contacted through the Company’s Programs you give your consent to Company to use an automatic dialing system to make telephone calls or deliver text messages to the telephone or cell phone number to which you have directed the Company to transmit these text messages.
United States Participating Carriers Included
Contact Us. If you have a question or a complaint about this privacy notice, our global privacy standards, or our information handling practices, you can reach us by calling the office of Chief Legal Officer, at 786-923-3369, or by sending an email to firstname.lastname@example.org