Privacy Notice

Springbuk, Inc. – Notice of Springbuk Website Data Privacy Practices
Last updated and effective: 04/14/2020
For Information on HIPAA compliance see “Notice of Springbuk® Health Intelligence™ Platform Privacy Practices"

Welcome to Springbuk, Inc.
We take protecting the privacy of your personal information collected through your use of our public-facing website found at www.springbuk.com (“Springbuk Website”) seriously. This Notice of Springbuk Website Data Privacy Practices (“Springbuk Website Notice”) describes: (a) how your internet and personal data (“Data”) collected through your interaction with the Springbuk Website may be used and/or disclosed by us in order to carry out the services we provide, (b) your rights under applicable law, and, (c) the actions we take to protect your Data.


Acceptance of Privacy Practices
By accessing the Springbuk Website and being a Springbuk Website user (“User” or “Users”), you acknowledge your consent to the way in which we may use and/or disclose your Data as provided in this Springbuk Website Notice.


Right to Amend
Springbuk reserves the right to amend this Springbuk Website Notice at any time in accordance with applicable law. You acknowledge, consent to, and are bound by any changes that are made to this Springbuk Website Notice upon accessing the Springbuk Website. Please view the top of this page for the latest effective date to discover when an update, revision, or amendment has been made.


Our Data Collection and Cookie Policy
At Springbuk, we leverage Data about our website Users in order to provide better service to those who access our content online. However, the cookies, pixels, and tracking codes used on our website are provided by third parties and allow our site to remember your settings, monitor our site’s performance, and provide us with feedback about how our website is used by visitors like you. In other words, Springbuk does not collect your Data directly. Instead, it is collected by our Third Party Partners that then facilitate our access to your Data.

In the unlikely event that we do collect your Data directly, we would only do so in an effort to provide you with an optimal customer service experience. This may involve sending your Data to our Third Party Partners. See “Third Party Partners and Springbuk Website Data” below for more information.

If you would like to browse our website without cookies, you can adjust the setting of your Internet browser to reject the setting of all or some cookies and to alert you when a cookie is placed on your device. For further information about how to do so, please refer to your browser ‘Help’ / ‘Tool’ or ‘Edit’ section or see allaboutcookies.org.


How We Process and Use Your Data
We may access Data about how you use the Springbuk Website, in addition to personally identifiable information that you voluntarily provide for us by filling out forms or responding to chat windows on the Springbuk Website, through the facilitation of our Third Party Partners. This Data is processed, securely stored, and selectively used by and within our Third Party Partners’ software applications—all of which have been vetted for stringent security protocols and compliance with privacy laws, including but not limited to CAN-SPAM. We use this Data to improve the overall performance of our website and provide you with content and information related to Springbuk that you may find relevant. We will never directly sell or trade your Data. See “Third Party Partners and Springbuk Website Data” below for more information.


How We Protect Your Data
You may access the Springbuk® Health Intelligence™ Platform through the Springbuk Website, but only certain types of Users (acting within their individually authorized accounts) are permitted to access the Springbuk® Health Intelligence™ Platform or perform certain operations to query or otherwise process your Data. Users must sign into our the Springbuk® Health Intelligence Platform™ via a secure HTTP connection (HTTPS), which prevents unauthorized users from intervening and accessing the data while it is being transmitted. For more detailed information on the Springbuk® Health Intelligence™ Platform and privacy practices related to it, please see our “Notice of Springbuk® Health Intelligence™ Platform Privacy Practices” below.

Our entire server environment runs in a secured, private network in the cloud hosted by Amazon Web Services, access to which is granted only to authorized employees (also according to our written operating procedures). In setting up the server environment, we have followed the Amazon Web Services’ documented best practices for ensuring direct access is properly configured and to ensure your Data is protected.


Springbuk Website User Rights
The Data collected about you is yours and you have the right to possess this Data or have our access to it removed per applicable law. Subject to our Third Party Partners’ privacy practices, we are willing to instruct our Third Party Partners to delete, correct, or alter your Data upon request. Upon instruction, these Third Party Partners are expected to respect your wishes, abide by their privacy practices, and comply with applicable law with respect to your Data, but we cannot guarantee that Third Party Partners will delete your Data. See “Third Party Partners and Springbuk Website Data” below for more information.


Third Party Partners and Springbuk Website Data
We may track our performance and provide you with services that are operated by our Third Party Partners on our Springbuk Website. These Third Party Partners operate under privacy practices separate and independent from those that govern Springbuk. Springbuk is not directly or indirectly liable for any damage or loss incurred by you in connection with the services of Third Party Partners, nor is Springbuk responsible for the content, security, or the privacy practices of Third Party Partners.

In addition to facilitating our access to your Data and to provide you with optimal service, these Third Party Partners may collect Data you submit to provide you with access to their service, to understand how you use their services, to troubleshoot and protect against errors, to perform data analysis and testing, and to improve their products, among other possible uses.


European Union (“EU”) General Data Protection Regulation (“GDPR”)
Springbuk does not monitor, profile, target, and/or offer services to EU citizens. Therefore, Springbuk does not adhere to the requirements of GDPR, nor do we recognize its authority.


California’s Consumer Privacy Act (“CCPA”)
Springbuk is not a service provider under the CCPA because Springbuk does not collect the personal information of California consumers. Thus, Springbuk need not comply with the CCPA, per Cal. Civ. Code §1798.145(c). However, if our circumstances at Springbuk were to change and we would find ourselves within the purview of the CCPA, we would work diligently to achieve and maintain its compliance.


Children’s and Minors’ Privacy
Springbuk’s services are not directed towards, designed for, or intended to solicit children under the age of 13. If you are or below the age of 13, please do not access or provide us with any personal information on our website. If such information is gathered without our knowledge, we will immediately delete and remove the information from our database once it has been discovered pursuant to the Children’s Online Privacy Protection Act (“COPPA”).



Springbuk, Inc. – Notice of Springbuk® Health Intelligence™ Platform Privacy Practices
Last updated and effective: 04/14/2020
For Information on general data compliance see “Notice of Springbuk Website Data Privacy Practices"

Welcome to Springbuk, Inc.

We take protecting Data and protected health information (“PHI”) seriously. This Notice of Springbuk® Health Intelligence Platform Privacy Practices (“Platform Notice”) describes (a) how data (“Platform Data”) collected about how Platform Users use the Springbuk® Health Intelligence Platform (“Springbuk Platform” or “Platform”) and how PHI may be used and/or disclosed by us in order to carry out the services we provide, (b) a Platform User’s rights under applicable law, and (c) the actions we take to protect Platform Data and PHI.


Acceptance of Privacy Practices
By accessing the Springbuk Platform, you become a “Platform User”. Further, your access and agreement to any Terms of Service is consenting to the way in which we may use and/or disclose your Platform Data as provided in this Platform Notice. The privacy and security of the PHI that is lawfully transmitted to us is governed by business associate agreements (“BAAs”) that we enter into with applicable covered entities. By entering the Springbuk Platform, you agree that you are legally permitted to access the contents as applicable therein including, but not limited to, PHI, de-identified PHI, or aggregated data.


Right to Amend
Springbuk reserves the right to amend this Platform Notice at any time in accordance with applicable law. As a Platform User, you acknowledge, consent to, and are bound by any changes that are made to this Platform Notice upon accessing our Springbuk Platform. Please view the top of this page for the latest effective date to discover when an update, revision, or amendment has been made.


Our Data Collection and Cookie Policy
At Springbuk, we leverage Platform Data about our Platform Users in order to provide better service to those who the proper authority to access it. However, the cookies, pixels, and tracking codes used on our Springbuk Platform are provided by third parties and allow our Platform to remember your settings, monitor our Platform’s performance, and provide us with feedback about how our Platform is used by authorized Platform Users. Put differently, Springbuk does not collect your Platform Data directly. Instead, it is collected by our Third Party Partners that then facilitate our access to your Data.


How We Protect Platform Data and PHI
Be advised that the language in this Platform Notice is not intended to represent the entirety of Springbuk’s PHI privacy, protection, and security functions pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended and along with its implementing regulations (“HIPAA”), and other applicable laws.

The Springbuk Platform has various levels of user access and roles, and only certain types of Platform Users (acting within their individually authorized accounts) are allowed to perform certain operations to query or otherwise process the Data and/or PHI. Pursuant to applicable law, Platform Users are required to sign into our Platform via a secure HTTP connection (HTTPS), which prevents unauthorized users from intervening and accessing PHI while it is being transmitted.

Our entire server environment runs in a secured, private network in the cloud hosted by Amazon Web Services, access to which is granted only to authorized employees (also according to our written operating procedures). In setting up the server environment, we have followed the Amazon Web Services’ documented best practices for ensuring direct access is properly configured and to ensure your Data and PHI is protected.

Springbuk’s health analytics services permits us to lawfully acquire PHI through the “health care operations” permitted use and disclosure. Through the Springbuk Platform, we leverage PHI from participating group health plans and their business associates who seek to use our services in order to provide them. The PHI is transmitted to us after the proper contractual agreements (e.g., BAAs) have been formed in accordance with HIPAA and other applicable laws. The use of this PHI is integral to the services we provide to our Platform Users. The PHI is stored securely, used selectively pursuant to HIPAA and other applicable laws, and never sold, traded, or otherwise transacted in exchange for remuneration to any third parties, unless allowed pursuant to applicable law.


Your Rights
The Platform Data collected about you is yours and you have the right to possess this data or have our access to it removed at your discretion with the exception of PHI and Platform Data that has been lawfully de-identified or aggregated pursuant to applicable law and after prior authorization has been granted through contractual means.

We are willing and able to instruct our Third Party Partners to delete, correct, or alter your Platform Data upon request. Upon instruction, these Third Party Partners are obligated to respect your wishes relative to your Data, but we cannot guarantee that Third Party Partners will delete your Platform Data. See “Third Party Partners and Platform Data” below.

Regarding the PHI on the Springbuk Platform, an individual retains the right to request to access, update, or correct any PHI related to him/her that has been transmitted or provided to us. However, this is a process that must be requested through an individual’s group health plan as a covered entity and/or another related covered entity—not us. We do not possess the authority to access an individual’s medical record(s) and make the changes an individual may desire. An individual does, however, retain the right to request a paper copy of our Platform Notice and/or Springbuk Website Notice upon request, and retains the right to file a complaint with us or with the U.S. Department of Health and Human Services.


HIPAA
HIPAA prescribes the rules we comply with when protecting and securing PHI lawfully transmitted to us for utilization on the Springbuk Platform. Springbuk actively ensures our privacy practices remain compliant with the law. We ensure privacy and protection by only allowing authorized Platform Users to access the Springbuk Platform and only after express consent has been obtained as it is prescribed in HIPAA and other applicable laws. The PHI in the Platform is secured with a variety of security techniques and controls pursuant to HIPAA and other applicable laws.

First and foremost, an individual’s PHI is encrypted during transmission from its authorized providers to us and is kept in an encrypted state when at rest within our system. During data processing, all personnel and programs needing to access this PHI must have the required decryption keys and authorization to even be able to access it. The process for allocation of User accounts and decryption keys is controlled internally within Springbuk and according to our written operating procedures in compliance with HIPAA and other applicable laws.

Remember, the language in this Platform Notice is not intended to represent the entirety of Springbuk’s PHI protection and security functions pursuant to HIPAA and other applicable laws.


Third Party Partners and Platform Data
Third Party Partners who have access to the Springbuk Platform do not have access to PHI; they simply track and/or monitor a Platform User’s usage of the Springbuk Platform in order to provide a Platform User with optimal service. We do not sell, trade, or otherwise transact in exchange for remuneration any PHI to any third parties, unless allowed pursuant to applicable law.

These Third Party Partners operate under privacy practices and terms separate and independent from those that govern Springbuk. Springbuk is not directly or indirectly liable for any damage or loss incurred by you in connection with this authorized access, nor is Springbuk responsible for the content, security, or the privacy practices of those parties.


European Union (“EU”) General Data Protection Regulation (“GDPR”)
Springbuk does not monitor, profile, target, and/or offer services to EU citizens. Therefore, Springbuk does not adhere to the requirements of GDPR, nor do we recognize its authority.


California’s Consumer Privacy Act (“CCPA”)
Springbuk is not a service provider under the CCPA because Springbuk does not collect the personal information of California consumers. While Springbuk may collect PHI from California consumers, PHI is exempted from the CCPA’s definition of “personal information.” Thus, Springbuk need not comply with the CCPA, per Cal. Civ. Code §1798.145(c).

However, if our circumstances at Springbuk were to change and we would find ourselves within the purview of the CCPA, we would work diligently to achieve and maintain its compliance.


Children’s and Minors’ Privacy
Springbuk’s services are not directed towards, designed for, or intended to solicit children under the age of 13. If you are or below the age of 13, please do not access or provide us with any personal information on our website. If such information is gathered without our knowledge, we will immediately delete and remove the information from our database once it has been discovered pursuant to the Children’s Online Privacy Protection Act (“COPPA”).

However, we may lawfully acquire PHI from minors under the age of 18 if they are listed as dependents on their parents’, guardians’, or other person acting in loco parentis’ health insurance plans. In this event, the PHI has been lawfully procured pursuant to HIPAA and COPPA and is transmitted as prescribed in the agreements between the parties to the transaction.


Contact Information
Should you have any questions about our privacy practices, how we collect, store, or use your Data, your rights, or should you wish to lodge a complaint with us, please use the “Contact” tab on our homepage to correspond with our team. You can also reach us directly at:

Springbuk, Inc.
privacy@springbuk.com
800-786-4940
525 S Meridian St, Suite 1B
Indianapolis, IN 46225

We are happy to assist in any way we can!