Privacy Notice

Springbuk, Inc. – Notice of Privacy Practices

Last updated and effective: 05/24/2019

Welcome to Springbuk, Inc.’s (“Springbuk”) Website! Thank you for your interest in Springbuk’s Notice of Privacy Practices (“Notice”); we take protecting our users’ privacy seriously. This describes how your internet and personal data (“Data”) as well as protected health information (“PHI”) collected through our platform, may be used and/or disclosed by us in order to carry out the services we provide, your rights under applicable law, and the actions we take to protect your data.

Acceptance of Privacy Practices. By accessing our website or using the Springbuk platform, you acknowledge your consent to the way in which we use and/or disclose your Data and PHI as provided in this Notice.

Right to Amend. Springbuk reserves the right to amend this Notice at any time in accordance with applicable law. You acknowledge, consent to, and are bound by any changes that are made to this Notice upon accessing our website or using the Springbuk’s platform. Please view the top of this page for the latest effective date after an update, revision, or amendment has been made.

Our Data Collection and Cookie Policy.

At Springbuk, we collect Data about our website users in order to provide better service to everyone who accesses our content online. The cookies, pixels, and tracking codes that are used on our website are provided by third parties and allow our site to remember your settings, monitor our site’s performance, and provide us with feedback about how our website is used by visitors like you.

If you would like to browse our website without cookies, you can adjust the setting of your Internet browser to reject the setting of all or some Cookies and to alert you when a Cookie is placed on your device. For further information about how to do so, please refer to your browser ‘help’ / ‘tool’ or ‘edit’ section or see allaboutcookies.org.

How We Process and Use Your Data.

We intake Data about how you use our website, in addition to personally identifiable data that you provide for us by filling out forms or responding to chat windows on our website. This Data is processed by and often stored within third party applications, all of which have been vetted for stringent security protocols and compliance with privacy laws, including CAN-SPAM. We use this data for improve the overall performance of our website and provide you with content and information related to Springbuk that you may find relevant. This Data is stored securely, used selectively, and never sold or traded to a third party.

How We Protect Your Data.

Springbuk’s website has various levels of user access and roles, and only certain types of users (acting within their individually authorized accounts) are allowed to perform certain operations to query or otherwise process the data. Users must sign into our site via a secure HTTP connection (HTTPS), which prevents unauthorized users from intervening and seeing the data while it is being transmitted.

Our entire server environment runs in a secured, private network in the cloud, access to which is granted only to authorized employees (also according to our written operating procedures). In setting up the server environment, we have followed the cloud provider’s documented best practices for ensuring direct access is properly configured.

Through the Springbuk Platform, we collect PHI from participating group health plans and their business associates who seek to use the services. The PHI data is transmitted to us after the proper contractual agreements have been formed in accordance with applicable law. The use of this PHI data is integral to the services we provide to our platform users. PHI is stored securely and used selectively pursuant to applicable law.

Your Rights. The Data we’ve collected is yours and you have the right to possess this Data or remove it from our system at your discretion. We are able and willing to delete, correct, or alter data that we have collected about you upon request. Ultimately, the Springbuk website usage Data we have collected about you is yours, and you have a right to possess this Data or remove it from our system at your discretion. As to the PHI on the Springbuk platform, you retain the right to request to access, update, or correct any PHI that’s been transmitted or provided to us and we will take necessary action involved with the request. You retain the right to request a paper copy of this Notice upon request and you retain the right to file a complaint with us or with the U.S. Department of Health and Human Services.

HIPAA. The Health Insurance Portability and Accountability Act (“HIPAA”) prescribes the rules we comply with when protecting and securing PHI lawfully provided to us for use on the Springbuk Platform. Springbuk actively ensures our privacy practices remain compliant with HIPAA and similar laws including the Privacy and Security Rules. Your privacy is ensured because only authorized users are allowed access to the Springbuk platform. The PHI data in Springbuk’s Platform is secured with a variety of techniques and controls. First and foremost, your PHI data is encrypted during transmission from 3rd-party data providers to us, and is kept in an encrypted state when at rest within our system. During data processing, all personnel and programs needing to access this PHI data must have the required decryption keys and access to even be able to access the PHI data. The process for allocation of user accounts and decryption keys is controlled internally and according to our written operating procedures.

Third Party Partners. We may also provide you access to services managed by our Third Party Partners with whom we have made arrangements to offer services through the Springbuk Platform. Some of the services made available through the Springbuk Platform may be subject to additional Third Party Partner terms, privacy policies and/or disclosures. These Third Party Partners may collect data you submit to provide you with access to their service; to understand how you use their services; to troubleshoot and protect against errors; to perform data analysis and testing; and to improve their products, among other possible uses. Springbuk is not directly or indirectly liable for any damage or loss incurred by you in connection with the services of Third Party Partners, nor is Springbuk responsible for the content, security, or the privacy practices of Third Party Partners.

European Union (“EU”) General Data Protection Regulation. Springbuk does not monitor or profile, target, and offer services to EU citizens. Therefore, Springbuk does not adhere to the requirements of GDPR or recognize its authority.

Children’s Privacy. Springbuk’s services are generally not directed towards, designed for, or intended to solicit minors under the age of 18. If you are under the age of 18, please do not provide us with any personal information on our website. If such information is gathered without our knowledge, we will immediately delete and remove the information from our database once it has been discovered. However, we may acquire PHI from minors under the age of 18 if they are listed as dependents on their parents’ or guardians’ health insurance plans. In this event, the PHI has been lawfully procured pursuant to applicable law and is transmitted as prescribed in the agreements between the parties to the transaction.

Contact Information. Should you have any questions about our privacy practices, how we collect, store, or use your Data, your rights, or should you wish to lodge a complaint with us, please use the “Contact” tab on our homepage to correspond with our team. You can also reach us directly at:

Springbuk, Inc.

privacy@springbuk.com

800-786-4940

525 S Meridian St, Suite 1B

Indianapolis, IN 46225

We are happy to assist in any way we can!