HIPAA Compliance
Civicom has policies, mechanisms, and technologies in place to ensure the high level of data privacy and security for HIPAA compliance.
GDPR
Our processes are designed to comply with the EU GDPR requirements to uphold the rights of EU citizens and entities within scope.
Data Privacy Framework
We are certified under the EU-US, UK Extension to the EU-U.S., and Swiss-US Data Privacy Framework Program.
VeraSafe
In compliance with the Data Privacy Framework, Civicom participates in the VeraSafe Data Privacy Framework Dispute Resolution Procedure.
EU Digital Operational Resilience Act (DORA)
We are in compliance with the EU Digital Operational Resilience Act (DORA), implementing strong operational resilience and adherence to regulatory standards for digital and ICT systems.
Overview
This document aims to provide you with information on Civicom policies regarding the use of data received through the course of business and interaction with Civicom, as well as the steps we take to protect your privacy.
In the normal course of business, Civicom may collect both Personal Information about you and non-Personal Information associated with you.
We may update this notice from time to time. We ask you to check this notice regularly to ensure you are aware of the most updated version.
What This Privacy Policy Covers
This Privacy Policy describes Civicom privacy practices for our websites, mobile apps, content materials, website designs, products, technologies owned or leased, and business processes, including all programs, related documentation, and updates (collectively, “Services”). Please also see our Terms of Service for additional information. This Privacy Policy applies to information collected by the Services we manage and control, including adigo.com, ccamfocus.com, civi.com, civicommrs.com, confertel.net, heydan.ai, glidecentral.com, please.do, thoughtlightapp.com, transcriptionwing.com, and other domains owned and operated by Civicom, including our associated mobile apps.
This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access and correction of your Personal Information. By using our Services, you consent to the data practices described in this Privacy Policy. You may opt-out of data processing at any time by filling out this opt-out form – link.
The Ways Civicom Collects Personal Information
Civicom collects any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business.
Personal Information can also include information about any transactions, both free and paid, that you enter on our websites. We may also collect information about you through your interactions with our social media pages such as from Facebook, LinkedIn, Twitter and Google, or information from service providers.
1. Civicom Websites
When you visit our website, we collect your IP address and type of browser. Our websites also collect information by using cookies.
1.1 Website Cookies
Our cookies assign a randomly generated number to your computer. The cookies do not extract from your computer any information regarding other Internet sites or your surfing activities.
Our websites contain a notice that we use cookies to collect data. We use different types of cookies for the following reasons:
To retain your preferences for pop ups and advertisements;
To obtain details about your device and browser so the display can adapt to your screen size and layout content to fit your browser;
To improve our services with usage information about our website, such as the number and frequency of visitors and the pages you visit, your geographical location, referral source, and length of visit.
You may disable optional browser cookies at any time. To do so, please refer to your browser’s Help page.
1.2 Website Beacons
Web beacons are used to track the journey of a user navigating through our website or a series of websites to assist us in delivering cookies on our sites and to allow us to count users who have visited those web pages and in turn to deliver Services. Web beacons do not collect nor record personally identifiable information.
We may use web beacons, customized links or similar technologies to determine whether an email we sent has been opened and which links you click on in order to provide you more focused email communications or other information.
1.3 Navigational Information
In selected instances we advertise our services on other websites. These websites likely use cookies and web beacons to collect information about your activities and may provide you with targeted advertising based upon your interests. Information collected by cookies and web beacons do not include personally identifiable information. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here: http://www.aboutads.info/choices/ (or if located in the European Union, by clicking here: http://www.youronlinechoices.eu/).
Please note this does not opt you out of being served advertising. You will continue to receive generic ads.
1.4 Registrations and Forms
We collect Personal Information that is provided during webinar registration, through our sign up and landing pages,contact us forms, and through your subscribing to one or more of our blogs, or through our online chat. This information is used to either assure your registration and/or to provide you with the information or answers you requested.
Our forms require you to identify your country of location. If you are located in an EU country, they require you to check a box indicating your knowledge and permission that we have collected your data, offer you the option to opt out, and provide you with information on how to do so. If you are located in the United States, we ask for you to provide your state of residence. We include information on various state privacy laws here.
Our registrations and forms may ask you only once to authorize the use of your Personal Information in order to eliminate your need to repeatedly enter the same information. If you are an EU/Swiss natural person, you may contact us at dataprotection[at]civi.com to change or request removal of your Personal Information at any time. Requests made under rights available under non-EU legislation may be directed to dataprotection[at]civi.com.
1.5 Buttons and Tools From Other Companies
Civicom websites and mobile apps may include buttons and tools that link to our social media accounts, such as our Company Facebook, LinkedIn, or Twitter accounts. Your interaction with our social networking pages may result in us receiving information about you.
2. Mobile Apps
When you register to use our mobile apps, we receive information sent by your device to our servers to identify you, such as your Device ID and email address . We will also receive any other Personal Information and content you may upload including your name, company, email address, phone number, and text messages, photos, videos and voice recordings.
We use mobile analytics software to allow us to better understand the functionality of our Mobile Apps on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. When you use our Mobile Apps we also collect your device model and version, and device identifier (or “UDID”).
If you have enabled your GPS, this may send us your latitude/longitude coordinates, cell tower and WiFi-based location information.
We send push notifications from time to time in order to update you. Mobile research study notifications may include new comments or available exercises within the scope of the research. The PleaseDo application may send notifications and promotions. Hey DAN will push announcements related to your use of the service.
We may link information we store within the analytics software to Personal Information you submit within the Mobile App. We do this to improve the services we offer you and improve our analytics and site functionality.
If you sign up for one of our services using Facebook or Google, we do not use your Facebook or Google credentials for any reason other than to enable you to use the service you signed up for, unless you provide your permission for us to use them for other reasons.
3. Operator-Assisted Conference Calls
When you participate in an operator-assisted call our facilitators may request your Personal Information in order to grant you access. By providing this information freely, you have granted us the right to use it to facilitate your call experience and provide it to the call sponsor at their request.
4. Phone Inquiries
If you contact us by phone for information or assistance with our Services, we may ask you to provide your contact information in order to serve you. By providing this information freely, you have granted us the right to use it to facilitate your call experience and provide our Services to you.
5. Trade Events
If you provide your business card to us at a trade event, we consider this your opt-in to receive information about our Services and will use your contact details to send you information and resources that we think may be valuable to you. You can opt out at any time by clicking on the unsubscribe link in an email sent by us, or email us with your request to unsubscribe. If you are an EU/Swiss natural person, you have the additional option to opt out at any time by emailing us your request to unsubscribe at dataprotection[at]civi.com. Requests made under rights available under non-EU legislation may be directed to dataprotection[at]civi.com.
6. Data on Marketing Research Respondents
Through our CiviSelect Website (https://www.civicommrs.com/civiselect-respondent-recruitment/), social media accounts, and by telephone and email, we collect information for individuals who desire to be included in our CiviSelect respondent database or in an active research study. Individuals who wish to participate must provide their first and last name, phone number, email address, country, and whether or not they have high speed internet in order to be considered for a marketing research study.
Additional information, such as address, ethnicity, birthdate, gender, health information, income, and other demographics may be required for a specific study based on client requirements to participate. These requirements also apply to any individual who replies to any of our respondent recruiting solicitations or by way of a third-party respondent recruiter or panel (“Respondent Information” is incorporated under the definition of “Personal Information”).
Respondent Information shared with us by our clients as a part of a specific study may include similar information as the above. As part of our facilitation role we will contact you based on the information provided to us and in order to include you in the study.
In order to participate in a research study, you may need to provide additional information about yourself that is required by the research study in order to confirm that you are eligible to participate under the project specifications required. This information is collected to determine if you qualify for the study. Anonymized data is in most cases entered into a spreadsheet for disposition reporting. By providing this data you realize it is for the purpose of qualifying you for a research study.
When you are a respondent in a marketing research study, we or our clients may ask your opinions and views on products and services external to our company or theirs. You understand that you are providing this information freely of your own will in order to participate in the research study you have been qualified to participate in.
Researchers who engage with us in our facilitation of a research study may have their own privacy policies which apply to studies involving you. Those privacy policies may detail how they handle your personally identifiable information. We encourage you to become familiar with any such policies.
7. Information About Children
Our websites are not intended for or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. If you believe that we have collected information about a child under 13, please contact us at dataprotection[at]civi.com, so that we may delete the information.
An exception may be where a marketing research study requires a child under 13 to become a respondent. In this case, after we have received written consent of the parent or legal guardian, the child’s privacy will be protected as under section 6 on Data on Marketing Research Respondents.
Data Protection
1. EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)
Civicom complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Civicom has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Civicom has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, Civicom is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Civicom may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Civicom commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UKand Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Civicom at dataprotection[at]civi.com.
To view Civicom’s certification, please visit https://www.dataprivacyframework.gov/s/
The entities listed below are also in compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) detailed in this section.
- ScribePT, LLC
- Call-Fusion DBA ConferTel/Civicom
- Call-Fusion
- WelcomeWare, LLC
- Civicom-DAN, LLC
2. HIPAA Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) as amended, including by the Health Information Technology for Economic and Clinical Health Act (HITECH), is a United States federal law regulating the US healthcare system, with its primary purpose to protect the privacy and security of health and medical information, known as Protected Health Information (PHI). For more information about HIPAA, see here: https://www.hhs.gov/hipaa/.
Certain Civicom clients are in the health care sector and as such, Civicom is acting as a Business Associate of Covered Entities as defined under HIPAA. Accordingly, Civicom will readily review and accept Business Associate Agreements with clients and partners to govern and ensure that PHI shared with us will not be compromised.
Civicom is committed to confidentiality and the protection of health information for individuals, clients, customers and partners. We ensure that privacy and security of their health information is protected in all forms, with particular care in controlling the confidentiality, storage and access to electronic Protected Health Information. We have achieved this by implementing security standards, administrative, technical, and physical safeguards, organizational requirements, and requirements for documentation, policies and procedures.
Our standards are maintained and improved by continuous review and audit of internal processes and business agreements, with the aid of external consultants and specialized staff dedicated to data privacy. Any complaints concerning Civicom’s privacy policies and procedures or Civicom’s compliance with such policies and procedures should be made to our Data Protection Officer by contacting dataprotection[at]civi.com.
Civicom provides training to all members of its workforce on policies and procedures with respect to PHI, as necessary and appropriate for them to carry out their job responsibilities. Processing of data is kept to a minimum and will not be excessive in relation to a declared and specified purpose.
3. US State Data Privacy Laws
US State Data Privacy Laws, such as the California Consumer Privacy Under The California Consumer Protection Act (CCPA), California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA) requires certain businesses, including Civicom, to provide certain information disclosures and services specifically to US consumers. A consumer has the right to request a copy of their personal information that a business has collected, used, sold or otherwise disclosed.
Under the US State Data Privacy Laws, Civicom has both the right and obligation to properly verify the identity of a consumer requesting to view, modify, delete or opt-out with respect to personal information. Prior to any information disclosure, we will require certain information and processes to be followed to verify the identity of the requestor, including at a minimum your name, a valid email address, a valid phone number, and a valid street address. In order to mitigate fraudulent requests and other misuse of the services provided under these data privacy regulations, if a consumer cannot be reasonably verified, we will be unable to disclose certain information to the requester.
A consumer can request for opt-out of sale of personal data, opt-out of sharing personal data for cross-context ads, and request to limit the use and disclosure of their sensitive personal data by filling out our request form here – link.
4. Choice
We offer individuals the opportunity to opt out (choose) whether their Personal Information is to be disclosed to a third party acting as a controller or processor, as well as to opt out (choose) whether their Personal Information will be used for a purpose that is materially different from the purpose for which it was originally collected or which they subsequently sanctioned for use. We require, or when acting on behalf of a client, or as a facilitator we require, written confirmation (opt in) from individuals that we are able to disclose their Sensitive Personal Information to a third party acting as either a controller or processor.
We will provide individuals reasonable and clear mechanisms for individuals to exercise their choices. For purposes of this understanding Personal Information includes first and last name, phone number, email and/or physical address and phone number. Sensitive Personal Information includes health care, genetic or biometric data, information regarding religious beliefs, race, ethnicity, union memberships, and sexual behavior or orientation.
5. Security of Personal Information
We are committed to protecting your privacy and have implemented reasonable administrative, technical, and physical security controls to secure your Personal Information.
If a password is provided to help protect your projects and Personal Information, it is your responsibility to keep your password confidential.
6. Where Civicom Stores My Personal Information
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. Your Personal Information and files are stored in our servers and those hosted by our authorized third-party storage providers. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
If you have any questions about the security of your Personal Information, you can contact us at dataprotection[at]civi.com.
7. Access to My Personal Information
Civicom recognizes the right of individuals to access their Personal Information. As an account holder, you have the ability to view or edit your Personal Information online or cancel your account.
If you have an online account with Civicom, you can view or edit your Personal Information online or cancel your account at any time.
If you do not have an online account but are our client or customer, you may contact us by way of your Account Manager or by contacting us at dataprotection[at]civi.com in order to edit your information or cancel your account with us.
If you are not a customer or client, but would like to change your mind about receiving information from Civicom you also can contact us at dataprotection[at]civi.com to have your information changed or removed.
As an EU/Swiss natural person, you have the additional option to reach us to modify your information, review the information we have on file about you, or request that your information be removed from our system by emailing us at dataprotection[at]civi.com.
In the case where we are your data processor and not your data controller, you may need to contact your data controller to request to see or change your Personal Information with us.
The above paragraphs on access to your Personal Information are subject to our need to comply with our legal obligations or contractual agreements.
For requests for changes or deletions of personally identifiable information, we reserve the right to validate your identity and/or to charge you an adequate handling fee before providing access to data, except as required by the EU-U.S. and Swiss-U.S. Data Privacy Frameworks.
8. Third Party Service Providers and Clients
Civicom uses third party service providers to deliver some of our services. We may share your Personal Information with our third-party service providers to fulfill their obligations to us on your behalf. These service providers include:
Market research partners such as recruiters, transcribers, translators, moderators and end clients;
Market research technology and/or platform providers; and
Webinar platform and audio conferencing storage providers.
Customers who utilize our capabilities or otherwise subscribe to our Services are obligated through our agreements with them to comply with our Privacy Policy.
We may disclose the Personal Information you provide to our clients who use our tools and software platforms, and/or to contractors, service providers and other third-parties we use to support our business (and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them).
Civicom is committed to the protection of your personal data, including instances where it may be transferred to third parties. We ensure that any onward transfer is conducted in strict adherence to our data protection standards, and we retain responsibility for safeguarding your information throughout this process. All third parties involved are required to comply with the same stringent privacy principles, thereby ensuring the continued security and confidentiality of your data.
9. Personal Information Across National Borders
We may transfer your Personal Information electronically across borders and around the world, including to or from the United States and/or the EU/Switzerland, to facilitate our global operations. This Privacy Policy shall apply even if we transfer Personal Information to other countries.
As a global company working with a continuous flow of global projects, we operate a highly secure web-enabled infrastructure that assures all of our clients that we have taken the appropriate steps to ensure security as well as to meet the EU-US data protection requirements. Where global projects require data transfer to countries outside the EEA and are not deemed as having adequate data protection rules, significant controls are in place to meet the required levels of data protection under the GDPR and other legislation. When acting as controller or processor transferring personal data, we carry out such transfers using appropriate safeguards as specified under Article 46 of the GDPR. These safeguards are provided by means of: binding corporate rules, an approved code of conduct, and standard data protection clauses required. We maintain strict information security policies, data flow procedures, mapping and security measures, GDPR and HIPAA training, a Compliance team, an Information Security Team, and a Data Protection Manager
Our servers are maintained in the following locations and can be directed to any other country as an additional safeguard:
Google (Gmail/GSuite): North America: Berkeley County, South Carolina; Council Bluffs, Iowa; The Dalles, Oregon; Douglas County, Georgia; Henderson, Nevada; Jackson County, Alabama; Lenoir, North Carolina; Loudoun County, Virginia; Mayes County, Oklahoma;Midlothian, Texas; Montgomery County, Tennessee; New Albany, Ohio; Papillion, Nebraska; Storey County, Nevada; South America: Quilicura, Chile; Europe: Dublin, Ireland; Eemshaven, Netherlands; Fredericia, Denmark; Hamina, Finland; Middenmeer, Netherlands; St. Ghislain, Belgium; Asia: Changhua County, Taiwan; Singapore.
Amazon (AWS): Northern Virginia, USA; Ohio, USA; Oregon, USA.
Adobe Systems (Adobe Connect): Hillsboro, Oregon; Dallas, Texas; London, England; Sydney, Australia.
CoSo Cloud (Adobe Connect): Hong Kong, United Kingdom, and the United States.
10. Dispute Resolution
If a privacy complaint or dispute relating to Personal Data received by Civicom Inc. in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you.
To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Civicom commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
11. Binding Arbitration
If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.
How Civicom Uses the Information It Collects
If you contact us by phone for information or assistance with our Services, we may ask you to provide your contact information in order to serve you. By providing this information freely, you have granted us the right to use it to facilitate your call experience and provide our Services to you.
We may use information that was collected from you for a number of reasons:
- To respond to demo requests, pricing inquiries, and questions about our Services
- To address reports of technical issues
- To provide you with Services requested
- For billing purposes
- To conform to legal requirements or comply with legal process
- To protect or defend the rights and property of Civicom
- To enforce the Terms of Service Agreement
- To protect the rights of our account holders or others
- For normal business operations
- To improve our Services
- For any other purpose disclosed by us when you provide the information
- For shipping and handling required to deliver our Services to you
- Retention of Personal Information
We retain Personal Information that you provide to us as long as we consider it potentially useful in contacting you about your account or our other Services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements.
We will delete your Personal Information at an earlier date if you so request, as described under our “Unsubscribe” links or through contacting us to change or delete your information. You can contact us via your Account Manager, or by email to any party you have received emails from at our company. If you do not have a contact person to reach out to, email us at inquire[at]civi.com. In the case of EU/Swiss natural persons, contact us at dataprotection[at]civi.com.
If you are an agent or other party who provides information to our customers as part of their use of our Services, the customers decide how long to retain the Personal Information that is collected on their behalf. If a customer terminates its use of our Services, then we will provide the customer with access to all information stored for the customer upon their request, including any Personal Information. After an account ends, we may, unless legally prohibited, delete customer information, including Personal Information.
For marketing research studies, we delete project details and Respondent Information when requested to do so, in writing, by the client associated with the Respondent Information.
If you participate in a conference or webinar facilitated by our company, including under any of our other brand names, by default we receive records of your phone number, and any other information you potentially provide during the course of a call or webinar.
Credit Cards
If you are a credit card customer, note that we use a third-party PCI-DSS compliant service provider for credit card payments in order to process your transaction. Your credit card number is processed in encrypted form by our credit card processor. We do not have the capability to store and read it.
Changes To Privacy Policy
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we decide to change our Privacy Policy, we will post those changes to this privacy statement, which can be found on our websites’ homepages.
Who To Contact With Questions Or Concerns
If you have any questions or suggestions regarding our Privacy Policy, or have a privacy question or concern, please email us at dataprotection[at]civi.com. If you are an EU/Swiss natural person, please instead contact us as noted earlier in this Privacy Policy at dataprotection[at]civi.com. You also have the option to contact us by mail at Civicom, Inc. P.O. Box 4689, Greenwich CT 06831.
Last Reviewed Date: August 2024