Last updated August 4, 2021
When you visit our website located at https://vitalpath.com/ (the “Site”) or use our services, you trust us with your personal information. We are committed to protecting your personal information and your right to privacy. We take your privacy very seriously. In this Policy, we seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to this information. This privacy notice applies to all information collected through our Site and all related VitalPath services, sales, marketing, or events (collectively, our “Services”).
Please read this Policy carefully, as it will help you make informed decisions about sharing your personal information with us. If there are any terms in this Policy that you do not agree with, please discontinue use of our Site and our Services. If you have any questions or concerns about this Policy or our practices regarding your personal information, please contact us at [email protected]
Your personal information is processed by or on behalf of the data controller located at:
1758 Terrace Drive
Roseville, MN 55113
WHAT INFORMATION DO WE COLLECT?
Information automatically collected
In Short: Some information—such as IP address and/or browser and device characteristics—is collected automatically when you visit our Site.
We automatically collect certain information when you visit, use, or navigate the Site. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site, and other technical information. This information is primarily needed to maintain the security and operation of our Site and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
|Category of Personal Information Collected||Examples||Sources of Personal Information||Business Purpose for Collection of Personal Information|
(Customers and prospective customers)
Name, company, email
Phone, country, state, ZIP code
Name, company, address, phone, email
Required for Contact form
Optional for Contact form
Required for sales quotes and purchase orders
To respond to user inquiries; to send marketing emails if user opts in
To provide requested quotes and fulfill sales and service orders
(customers and prospective customers)
|Records of products or services purchased, obtained, or considered||Sales quotes and customer invoices||To provide requested quotes and fulfill sales and service orders|
HOW DO WE USE YOUR INFORMATION?
In Short: We process your information based on our legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or with your consent.
We use personal information collected via our Site and Services for a variety of business purposes, including:
- To provide our Services to you;
- To fulfill our legitimate interests, including to:
- Manage our business operations;
- Take steps to prevent, detect or investigate crime, fraud, misconduct or any unlawful act or omission;
- Comply with our policies and procedures such as those related to regulatory review or oversight, risk management, internal or external auditing, finance and accounting, billing and collection, data analysis, IT systems, and business continuity; and
- Inform you of our Services;
- To identify usage trends;
- To determine the effectiveness of our promotional campaigns;
- To evaluate and improve our Site and Services, products, marketing and your Site experience; and
- For other business purposes with your consent.
We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will not use identifiable personal information, other than as described in this Policy, without your consent.
WILL YOUR INFORMATION BE SHARED WITH ANYONE?
In Short: We only share information with your consent, to comply with laws, to provide you with our Services, to protect your rights, or to fulfill business obligations.
More specifically, we may share your personal information with the following:
- Vendors, Consultants and Other Third-Party Service Providers.
- We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data about how you interact with the Services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand online activity. Unless described in this Policy, we do not share, sell, rent, or trade any of your information with third parties for their promotional purposes.
- Third Parties for the Purposes of Business Transfers.
- We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Legal and Regulatory Authorities.
- We may share your data where legally required to do so unless otherwise prohibited by obligations or confidentiality with certain legal and regulatory authorities.
We do not sell your personal information.
Cross-Border Transfers: We may transfer your personal information to a third party that is located in a jurisdiction other than the one from which we collected your personal information, including to countries that have not been deemed to have an adequate level of protection for the rights and freedoms of data subjects. If we do transfer your personal information to another jurisdiction, we will do so following due diligence and provided that the data recipient is subject to contractual agreements imposing obligations on it to ensure appropriate technical and organization measures are implemented and maintained at all times to present the unauthorized and unlawful processing of personal information, and the accidental loss or destruction of, or damage to, personal information, consistent with our obligations under applicable data protection laws.
HOW LONG DO WE RETAIN YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes for which it was collected as outlined in this Policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary to fulfill the purposes for which it was collected as set out in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. Or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
HOW DO WE SECURE YOUR INFORMATION?
We take the security of the personal information provided to us very seriously, and we have implemented commercially reasonable physical, electronic, and procedural safeguards to try to ensure the protection of your personal information. We restrict access to your personal information (if any) to those employees and representatives who need to know that information, and when we no longer need your personal information, we will delete and/or destroy the information per any applicable data destruction policies.
DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Site or our Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Site or Services. If you become aware of any data we have collected from children under age 18, please contact us at [email protected].
WHAT ARE YOUR PRIVACY RIGHTS?
In Short: In some regions, you have rights that allow you greater access to and control over your personal information.
You have a number of rights under applicable data protection laws in relation to your personal information. Under certain circumstances, you have the right to:
- Have access to your personal information by submitting a request to us;
- Have your personal information deleted;
- Have your personal information corrected if it if wrong;
- Have the processing of your personal information restricted;
- Object to further processing of your personal information, including to object to marketing from us;
- Make a data portability request;
- Withdraw any consent you have provided to us; and
- Restrict any automatic processing of your personal information.
To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal.
If you are resident in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland, you also have the right to complain to your local data protection supervisory authority if you believe we are not meeting our data protection obligations to you. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
The California Consumer Privacy Act (“CCPA”) provides California residents and/or their authorized agents with specific rights regarding the collection and storage of their Personal Information.
Your Right to Know: California residents have the right to request that VitalPath disclose the following information to you about our collection and use of your Personal Information over the past twelve (12) months. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Upon verification, we will disclose to you:
- The categories of Personal Information we have collected about you.
- The categories of sources for the Personal Information we have collected about you.
- The specific pieces of Personal Information we have collected about you.
- Our business or commercial purpose for collecting or selling your Personal Information.
- The categories of third parties to whom we have shared your Personal Information, if any, and the categories of Personal Information that we have shared with each third-party recipient.
Your Right to Opt Out of Sale: California residents have the right to opt-out of the sale of their Personal Information. Please note we do not sell your personal.
Your Right to Delete: California residents have the right to request that VitalPath delete any of the Personal Information collected from you and retained by us, subject to certain exceptions. We may ask you to provide certain information to identify yourself so that we may compare it with our records in order to verify your request. Once your request is verified and we have determined that we are required to delete the requested Personal Information in accordance with the CCPA, we will delete, and direct our third-party service providers to delete, your Personal Information from applicable records. Your request to delete Personal Information that we have collected may be denied if we conclude it is necessary for us to retain such Personal Information under one or more of the exceptions listed in the CCPA.
Non-Discrimination: You will not receive any discriminatory treatment by us for the exercise of your privacy rights conferred by the CCPA.
Verifying Your Request: Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. Verifying your request will require you to provide sufficient information for us to reasonably verify that you are the person about whom we collected personal information or a person authorized to act on your behalf. We will only use the personal information that you have provided in a verifiable request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority. Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive or manifestly unfounded.
“Shine the Light” and “Eraser” Laws: Residents of the State of California may request a list of all third parties to which we have disclosed certain information during the preceding year for those third parties’ direct marketing purposes.
DO WE MAKE UPDATES TO THIS POLICY?
In Short: Yes, we will update this Policy as necessary to stay compliant with relevant laws.
We may update this Policy from time to time. The updated version will be indicated by an updated “Revised” date, and the updated version will be effective as soon as it is accessible. If we make material changes to this Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Policy frequently to be informed of how we are protecting your information.
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may email us at [email protected] or contact us by mail:
1758 Terrace Drive
Roseville, MN 55113