NOTE: FOR ALL LOGIN OR SUPPORT QUESTIONS, PLEASE CONTACT: support@healthcaresource.com

Please read this page carefully. The following HealthcareSource HR, Inc. (collectively referred to as “HealthcareSource” or “we,” “us,” “our” or other similar pronouns) privacy policy (“Privacy Policy”) sets forth our policies regarding the collection, use and disclosure of certain information relating to Your use of any website under HealthcareSource’s control, whether partial or otherwise (including, without limitation, www.healthcaresource.comhttp://payst.healthcaresource.com, jobs.healthcaresource.com, the website from which this Privacy Policy was accessed, (the “Site” or “Sites”) and Your use and receipt of any and all products, services and resources offered, enabled or provided to You via the Sites, including without limitation certain software-as-a-service online programs, online training courses, online communities, live webinars, communication tools designed to facilitate personal networking, job boards, resume databases, and products and services enabling employers to complete the recruitment and hiring process (the “Services”). This Privacy Policy is incorporated into, and is part of, the HealthcareSource Terms of Service and Use  (“Terms and Conditions”), which governs Your use of the Sites and Services in general. Capitalized terms used but not defined in this Privacy Policy have the meanings assigned to them in the Terms and Conditions.

HealthcareSource takes very seriously the private nature of Your information. Please read this Privacy Policy carefully. We recommend You consult this Privacy Policy often (at least prior to or during each access or use of the Sites or use of the Services).

If You do not consent to the use of Your Data (including Personal Information) per the terms of this Privacy Policy or the Terms and Conditions, You may not access or use the Sites or Services.  If You do not grant or at any time revoke Your consent for use of any or all information described herein that is about or related to You (except as set forth under Your “opt out” rights below), Your access to the Sites or Services will be terminated and Your Account and Profile will be removed from the Sites and Services.

To the extent that the Sites or Services are available to individuals located in the European Economic Area and the United Kingdom, this Privacy Policy sets out our practices and obligations under the General Data Protection Regulation 2016/679 (the “GDPR”) solely in our capacity as a controller (as defined in the GDPR). If You are an Authorized User of a Customer, we may receive Personal Information about You in connection with our provision of the Sites or Services to such Customer, which will only be used as necessary to provide the Sites and/or Services to such Customer. Under the GDPR, to the extent applicable, we will act as a processor (as defined in the GDPR) on behalf of such Customer in respect of that Personal Information; this Privacy Policy will not apply to the processing of that Personal Data and such Customer will act as a controller (as defined in the GDPR) in respect of that Personal Information and is responsible for obtaining all necessary consents and providing You with all requisite information as required by applicable law. We may also be a processor of certain information on behalf of our enterprise customers. For the avoidance of doubt, this paragraph shall not apply to the Personal Information of End Users or Browsers, as to which HealthcareSource is controller (as defined in the GDPR), and to the extent we process Your Personal Information for our lawful business purposes, under the GDPR, to the extent applicable, we will act as a controller of such Personal Information and this Privacy Policy will apply to the processing of such Personal Information.

This Privacy Policy does not apply to Outside Contractors or other personnel HealthcareSource may use from time to time. Such relationships are governed by separate agreements entered into between us and such providers. Those separate agreements will, where we determine it to be practical, protect Your Data (including Personal Information) in a manner consistent with the terms of this Privacy Policy.

This Privacy Policy applies solely to the role HealthcareSource plays in collecting and storing information via the Sites or Services. This Privacy Policy does not apply to: (i) third party websites that may be accessible through the Sites or Services; or (ii) the privacy practices of HealthcareSource’s customers, such as employers seeking, training, or evaluating employees or End Users, who may collect Your information through the use of certain HealthcareSource Services. Please be aware that we have no control over such websites or customers. We encourage You to inquire into the privacy practices of those third parties to learn how they may collect and use information about You. HealthcareSource is not responsible for the privacy practices of its customers.

YOU MAY OPT IN TO OUR SHARING OF YOUR PERSONAL INFORMATION WITH THIRD PARTIES FOR THEIR MARKETING AND OTHER LAWFUL BUSINESS PURPOSES BY FOLLOWING THE DIRECTIONS IN THE “OPT IN AND OPT OUT RIGHTS” SECTION BELOW.

 

1. PURPOSE

In connection with Your use of the Sites and/or Services, HealthcareSource may collect, compile, maintain, process, and otherwise use information from You or about You and Your use of the Sites or the Services, including data, materials, job postings, job competencies, compensation information, assessments, resumes, cover letters, software, sound, graphics, video, advertisements, messages, Personal Information (as defined below) and other information (including all other information You may input, explicitly or otherwise, to a Site or a Service), and may collect certain information from Your computer or other device You use to access or use the Sites or the Services each time You access or use the Sites or the Services (all of the foregoing individually or collectively referred to below as “Data”). This Privacy Policy explains, in general, what Data we collect, how we may compile, maintain, process, and otherwise use the Data, and with whom we may share the Data.

“Personal Information,” as used herein, refers to information that may specifically identify You as an individual or allow online or offline contact with You as an individual, such as: Your name; home and/or business address; IP address; facsimile number; professional certifications/license numbers and dates and description (and issuing authority); social security number; bank account information; records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; current and/or past job history; job title; employment dates; company name, location, and description of responsibilities; applications of employment; resumes; education history, including school name, enrollment dates, city/state/country, graduation status, degree type, field of study; profile reflecting Your employment preferences, characteristics, abilities, and aptitudes; e-mail address; relationship to a reference;  home and/or business telephone number; race; gender; nationality; citizenship; age; date of birth; eligibility to work; languages spoken; schedule and shift preferences; and/or veteran/military status. Personal Information amounts to ‘personal data’ for the purposes of and as defined in the GDPR. All references to Personal Information shall be deemed to include ‘personal data’ as defined and used in the GDPR (to the extent applicable).

We may collect from You, or You may make available to us, some special categories of personal data. By agreeing to this Privacy Policy, You explicitly consent to the processing of any such special categories of personal data. “Special categories of personal data” consist of personal data for the purposes of and as defined in the GDPR which is to be treated with particular sensitivity, and includes information revealing racial or ethnic origin.

 

Opt In and Opt Out Rights

You have the right to “opt in” and “opt out” of certain of our uses of Your Personal Information.

Except as provided in this Privacy Policy, You may elect to, or elect not to: (1) receive correspondence from us (either on our behalf or on behalf of a third party), or (2) have Your Personal Information shared with other entities for purposes described herein.

You have been “opted out” of the following uses of Your Personal Information by default. If You would like to confirm You have opted out, please send an e-mail to solutions@healthcaresource.com with the subject line “Privacy Policy—PI Opt Out” identifying Your account, stating which Site and/or Services You used, and stating whether: (i) You would like to opt out of receiving promotional correspondence from HealthcareSource in general, or just via e-mail or postal mail, (ii) You would only like to opt out of certain HealthcareSource mailings, e-newsletters, e-mail alerts or other correspondence, and if so which ones, and/or (iii) You would like to elect for us not to share Your Personal Information with third parties. Following opting out, You may opt in to any these uses at any time through the opt-in interface of the Sites, by creating a new Account or Profile, or with a similar email to solutions@healthcaresource.com with the subject line “Privacy Policy—PI Opt In”. Please note, as set out below, that e-mail transmissions may not be secure. Requests to have us stop sharing Your Personal Information will apply within a reasonable period of time following our review of Your request or any earlier timeframe required by applicable law. We will not be responsible for any communications that You may receive from entities that received Your Personal Information prior to the date we reviewed Your request.

Regardless of whether You opt-out of receiving correspondence from us, we may still contact You, and share Your Personal Information with third parties, in connection with Your relationship, activities, transactions and communications with us, including relating to access or use of the Sites or the Services by You or, if You are an Authorized User, by the Customer with which You are associated.

 

2. COLLECTION OF INFORMATION

User-Provided Information

We collect Data from You when You use our Sites and Services. For example, Data is collected when:

You register to establish an Account;

You update Your Profile;

You submit any feedback, comments or questions to us, or You contact us by e-mail or through any other means;

You submit information and materials for Services to be performed;

You complete transactions or surveys on any Site or through the Services;

You use the interactive features of the Sites, for example, to access, review, clean or manage Your Account;

You use our blog or other social media sites or portals to communicate with us and/or our personnel;

You in any other way submit Data to us via the Sites or the Services; or

You send information about our products, services, or resources to others through the Sites or Services. In some of these cases You may identify such others to us, including by providing an e-mail address of any such person or entity to us, as well as any notes or materials You communicate to such person or entity.
 

Referrals

We may collect from You Personal Information about others. For instance, if You choose to use our Services to share content found on the Sites or other information about our products, services, or resources with Your business associates, clients, friends or family members, we may ask You for such other person’s (or entity’s) name and e-mail address, or other contact information. By providing such other person’s (or entity’s) information as described in the previous sentence, You represent and warrant to HealthcareSource that You have provided notice and obtained all consents and rights from such person (or entity) required by applicable law to enable HealthcareSource to process, and determine the purposes and means of processing of, such information. Such Personal Information of others will be treated in accordance with this Privacy Policy and applicable law.


IP Address and Clickstream Data

Our server may collect information about the computer or other device You use to access or use the Sites or the Services. This information may include the Internet Protocol address of the computer or other device You use when You access or use the Sites or the Services. Your computer’s Internet Protocol address, or IP Address, is a number that is automatically assigned to Your computer by Your Internet Service Provider (“ISP”) whenever You connect Your computer to the Internet. We may also log Your domain name, which is a textual identifier for Your computer that also may have been assigned by Your ISP. We use Your IP Address and domain name to help identify You and to gather browsing/search history or demographic information about our customers as a whole. We may also record the referring webpage that linked You to us (e.g., of another website or a search engine); the webpages or other content You view on the Sites; the website or webpage You visit after the Sites; the ads You see on the Sites and/or click on; other information about the type of web browser, computer, platform, related software and settings You are using when accessing and/or using the Sites or the Services; any search terms You have entered on any Site or a referral site; and other web usage activity and data logged by our web servers. We use this information for internal system administration, to help diagnose problems with our server, and to administer the Sites and the Services. Such information may also be used to gather demographic information, such as country of origin and ISP. We may link this information with Your Personal Information.

Any or all of this information relating to accessing or usage of the Sites or the Services may be collected, compiled, maintained, processed, or otherwise used on our behalf by one or more Outside Contractors, including, for example, analytics vendor(s) and e-mail management partner(s).


Imported Information

You may choose to arrive at the Sites or Services through a third-party website, such as the websites of HealthcareSource’s enterprise customers (which may include hospitals), LinkedIn or similar sites or services. When You choose to do so, HealthcareSource may import some information from Your account on such other site or service and make the imported information part of Your Account and/or Profile. If You choose to access the Sites or Services using the Sign In with LinkedIn feature, You may be providing us with access to all information, attributes, and data in Your LinkedIn public profile.  We may freely store and use such information in accordance with this Privacy Policy and the Terms and Conditions.  Such information may be stored by HealthcareSource and may be used in connection with providing the Sites or Services or to contact You.
 

3. USAGE OF INFORMATION

General Usage

We may use “cookies” and “web bugs” (described in more detail below) in the Sites, Services, or in our communications with You to enhance the functionality and features of the Sites and Services in general, to verify Your viewing and/or receipt of communications, to keep (and sometimes track) information about You, and to make Your transactions and other activities more convenient and efficient. We use cookies, for example, to remember user preferences or minimize the need for You to re-enter information.


Cookies

A “cookie” is a small data file that a website may send to Your browser and that Your browser may then store on Your computer or other device. Cookies may be used to track where You travel on the Sites and Services and what You look at and transact with. We may use cookies to deliver specific messages to You, for example, to announce a new feature that was added since the last time You visited a Site or used a Service. We may use session cookies, for example, to simulate a continuous connection, as cookies help us “remember” information about Your preferences and passwords and allow You to move within the Sites without reintroducing Yourself. A cookie may enable us to relate Your use of the Sites to other information about You, including Your Personal Information.

Most web browsers automatically accept cookies. You can usually refuse cookies, or selectively accept cookies, by adjusting the preferences in Your web browser. Please know, if You refuse or delete cookies (or configure Your web browser to refuse or delete cookies), there may be some features of the Sites or Services that will not be available to You and some webpages, areas of the Sites, Services, or features may not display or function properly.

For the avoidance of doubt, the Sites or Services may use third-party service platforms (including to help analyze how users use the Sites or Services).  These third-party service platforms may place cookies on Your computer or mobile device.  If You would like to disable "third party" cookies, You may be able to turn them off by going to the third party's website.

Here are links to the main third-party platforms we use:

https://www.google.com/policies/privacy/

https://www.pendo.io/privacypolicy/

https://newrelic.com/termsandconditions/privacy

https://www.stimulsoft.com/en/privacy-policy
 

Web Bugs

We may use web bugs (aka “web beacons” or “pixel tags”) or similar technologies in the Sites, Services, and/or in communications with You to enable us to evaluate the Sites and Services usage information about users, upgrade user information, and know whether You have visited a webpage or received a message. A “web bug” is typically a one-pixel, transparent image (although it can be a visible image as well), located on a webpage or in an e-mail or other type of message, which is retrieved from a remote site on the Internet enabling the verification of an individual’s viewing or receipt of a webpage or e-mail message. A web bug may enable us to relate Your viewing or receipt of a webpage or other message to other information about You, including Your Personal Information.
 

4. USE OF DATA AND PERSONAL INFORMATION

We will only use Your Personal Information to the extent that the law allows us to do so. Pursuant to the GDPR, legal bases for our processing Your Personal Information may include (without limitation):

(a) where You have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;

(b) where it is necessary to perform the contract we have entered into or are about to enter into with You (whether in relation to the provision of the Sites or Services or otherwise); and/or

(c) where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing the Sites and the Services and Your interests or fundamental rights and freedoms do not override those legitimate interests.

We will use the Data we collect or that You provide to use for various purposes, including, for example, to respond to Your requests, to foster a positive user experience, to provide You with the Services and features offered on or through the Sites and Services, and to operate and improve our Sites and Services.

By visiting the Site(s) or using the Service(s), including by creating an Account or Profile, by publicly posting information, or by opting in when presented with certain choices, You have consented for HealthcareSource to use Your Data, including Personal Information, in the following ways:

to maintain our internal record keeping;

to report information about Your account in connection with our collection process regarding late payments, missed payments or other defaults;

to enhance Your user experience;

to create an Account or Profile for You based on the Data You provided to us or based on the Data You imported from other sites or services (which may enable You to utilize the same Profile for applications to multiple positions);

to allow You to export Your Data to other Sites or Services;

to allow You to export Your Data to sites or services of third parties;

to match Data collected from You through different means or at different times, including both Personal Information and Site or Service usage information, and use such Data along with data obtained from other sources, including third parties;

to compare Your contact information to data in our databases in order to improve the Sites or Services and for marketing purposes;

to allow You to contact other users, including employers, End Users, colleagues, or friends;

to allow employers, End Users, colleagues, or friends to find You and connect with You;

to provide employers with information about You as an End User;

to make suggestions to You and draw inferences about You;

to customize advertisements and other content displayed to You on the Sites or through the Services, including sending You new job postings or related Services, based on Your Data;

to analyze user behavior as a measure of interest in, and use of, the Sites and Services both on an individual basis and in the aggregate;

to correspond with You, about products, services, companies, job opportunities, training curriculum, and events, sponsored by us and/or others, that we think might interest You; provided that You may opt-out of receiving such correspondence from us by following the instructions in the Opt In and Opt Out Rights section above;

to provide our customers with benchmarks about the characteristics and trends of the talent management market, including availability, behavior, experience, and performance of talent;

to give search engines access to publicly posted information; and

to detect, investigate, and prevent activities that may violate our policies or be illegal.

As mentioned, we may provide You an opportunity to receive offers from other entities that have services, products, and offers that we think might be of interest to You. We do not and cannot control information collected by these entities; the collection and use of that information is subject to any applicable privacy policies of those entities. Further, we will not transfer Your contact information to any unaffiliated third party for the third party’s marketing purposes unless You opt in. You may change a prior opt-in election by following the instructions to opt out in the Right to Opt In and Opt Out section above.

Please remember that if You post or transmit any of Your Data, including Personal Information, such information may be collected and used by third parties, including HealthcareSource’s customers, over whom we have no control. Data You post in public areas of the Sites or Services or make available to certain third parties or make visible or available in certain databases, such as resume or Profile databases, may be accessed, used, and stored by others around the world, including in countries that might not have legislation that guarantees adequate protection of Personal Information as defined in the country in which You reside. We are not responsible for the use made by such third parties of information You post or otherwise make publicly available.
 

5. SHARING OF INFORMATION

Potential Employers

We may share Your Personal Information and Data with potential employers, including HealthcareSource’s business customers, including when You apply for a position through the HealthcareSource Job Board.


Outside Contractors

We may use third parties who help us operate the Sites, deliver our products and Services, provide marketing assistance, process credit card payments, or provide customer service. We may share Your Data with our affiliates, advertisers, service providers, and other third parties that provide products or services for or through the Sites or Services or for our business (such as Website or database hosting companies, address list hosting companies, e-mail service providers, analytics companies, distribution companies, fulfillment companies, and other similar service providers that use such information on our behalf) (“Outside Contractors”). These Outside Contractors may have access to Your Personal Information as necessary to perform the functions, but may not use that data for any other purpose. Please note in particular that the Sites or Services may use Google Analytics, including its data reporting features.  Information collected by Google Analytics includes but is not limited to web metrics.  For information on how Google Analytics collects and processes data, please see the site “How Google uses data when You use our partners' sites or apps”, currently located at www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, we encourage You to visit Google’s website, including its list of currently available opt-out options.


Personal Information

Except with respect to (i) a business transfer (defined below); (ii) compelled disclosure (defined below); (iii) sharing with our Outside Contractors (defined above); or (iv) as otherwise stated herein, HealthcareSource will not share, disclose, sell, or lease Your Personal Information to any third party without Your consent.


Data

Subject to the “Personal Information” section above, we may use, disclose, or sell Your Data for any purpose including, but not limited to, evaluating and improving the Sites and the Services, providing customer support, developing new features of the Sites, features of the Services, products, or services, or sharing with third parties in connection with the development, marketing, and sale of the Sites or Services.

As mentioned, we may share Your Personal Information with third parties if You consent. For example:

if You make Your Account, Profile, or other Data, including resumes, assessments, training reports, and other information submitted to us through the Sites or Services, searchable by employers or other users;

if You opt-in to receive information about opportunities, products, or services of third parties, we will supply the contact information You submitted as part of opting in to such disclosure;

by applying for a job, providing Your contact information to show interest in a job, or replying to a message from an employer, You affirmatively opt-in and consent to the disclosure of Your Profile information, including Personal Information, to that employer; or

by providing any Data generated through Your use of certain features of the Sites or Services, including assessment scores, performance appraisals, or course completion reports, to an employer, You affirmatively opt-in and consent to the disclosure of such Data to that employer or to other employers.


Compelled Disclosure

We reserve the right to disclose any Data (including Personal Information) or information concerning You as necessary or appropriate to satisfy any law, regulation or other governmental request, to properly operate the Sites and Services, or to protect or defend our rights or the rights or well-being of our users or if You are involved (or are reasonably suspected to be involved) in any illegal or harmful activity, even without a subpoena, warrant or court order. We may release certain Data (including Personal Information) when we believe that such release is reasonably necessary or proper to protect the rights, property, and safety of others and ourselves. We also may disclose Data (including Personal Information) in connection with investigations by us or by a government agency or when we have reason to believe that someone is causing injury to or interference with our rights or property, other users of the Sites or Services, or anyone else that could be harmed by such activities.

From time to time, we may be required to provide Personal Information or other Data in response to a valid court order, subpoena, government investigation, lawful request by public authorities, including to meet national security or law enforcement requirements, or as otherwise required by law.

We reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.

We reserve the right to make any such compelled disclosures or reporting of unlawful activities without any notice (including any prior notice or any subsequent notice) to You.
 

Business Transfer

HealthcareSource regards its databases (including Your Data and Personal Information) as a valuable asset. In the event that HealthcareSource is or substantially all of its assets are, acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, such databases containing Personal Information and other Data may be one of the transferred assets. In using the Sites and the Services You consent to such transfer of Your Data, including Your Personal Information.


Publicly Provided Information

You acknowledge and agree that You have no expectation of privacy with respect to Your postings on any public areas of the Sites or Services, including, without limitation, related blogs, message boards, job posting, or social media sites.


Third Parties Generally

If You opt in, we may also provide Your Personal Information to third parties. For example, we might share our users’ Profile information with third parties (including without limitation consultants, partners, schools and other courseware providers), in order for third parties to contact users about products, services and information that may be of interest, including in order to send accreditation information.


6. ACCESS AND SECURITY OF INFORMATION

Access Rights

We retain all Data we gather about You in an effort to make Your repeated use with us more efficient and relevant.

You may review, edit, and delete the Personal Information and certain other Data that is stored in Your Account or Profile on any Site or Services (e.g., Your passwords, resumes, and other contact information) by visiting a “My Profile” or similar area of Your Account or by e-mailing  solutions@healthcaresource.com. Upon written request, we will send You a copy of the Personal Information we have on file in Your user account (if any). You may send us new or updated Personal Information at any time. We will respond to Your request to access, update or delete Your information as soon as practicable. Before we are able to provide You with any Personal Information, correct any inaccuracies, or delete any information, we may ask You to verify Your identity or to provide other details to help us to respond to Your request.

Please be aware that HealthcareSource is a data processor of certain information, which may include Your Data or Personal Information, for our Customers. We may also be a processor of certain information on behalf of our enterprise customers. If HealthcareSource received Your Data in this way, You may be advised to contact the Customer instead of HealthcareSource with any request to access, review, correct, or delete Your Data, Personal Information, Account or Profile. Access to, or correction, update, or deletion of Your Data, Personal Information, Account or Profile may be denied or limited by HealthcareSource if it would violate another person’s rights and/or as otherwise prohibited by applicable law.

Under certain circumstances, and in compliance with the GDPR, You may have the right to:

Request access to Your Personal Information (commonly known as ‘subject access request’). This enables You to receive a copy of the Personal Information we hold about You and to check that we are lawfully processing it;

Request correction of the Personal Information that we hold about You. This enables You to have any incomplete or inaccurate information we hold about You corrected;

Request erasure of Your Personal Information. This enables You to ask us to delete or remove Your Personal Information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of Your Personal Information in certain circumstances;

Object to processing of Your Personal Information where we are relying on a legitimate interest (or that of a third party) and there is something about Your particular situation which makes You want to object to processing on this ground;

Request the restriction of processing of Your Personal Information. This enables You to ask us to suspend the processing of Your Personal Information, for example, if You want us to establish its accuracy or the reason for processing it;

Request the transfer of Your Personal Information to another party; or

Lodge a complaint with the relevant supervisory authority (as defined in the GDPR). If You have any complaints about the way we process Your Personal Information, please do contact us. Alternatively, You may lodge a complaint with the supervisory authority which is established in Your country.

If You want to review, verify, correct or request erasure of Your Personal Information, object to the processing of Your Personal Information, or request that we transfer a copy of Your Personal Information to another party, please contact solutions@healthcaresource.com.

Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Privacy Policy prior to such update, correction, change or deletion. To protect Your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify Your identity before granting You profile access or making corrections. You are responsible for maintaining the secrecy of Your unique password and account information at all times.

You should be aware that it may not be technologically possible to remove each and every record of the information You have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of Your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving Your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, all Personal Information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.


Security

HealthcareSource will take reasonable steps to protect the security and integrity of Your Personal Information from loss, misuse, alteration or destruction, including making sensitive information available to our employees and agents on a need-to-know basis. However, due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that any information, during transmission through the Internet or while stored on our system or otherwise in our care, will be free or absolutely safe from unauthorized access or intrusion by others, such as hackers. By using the Sites or Services, You acknowledge that You understand and agree to assume these risks.

If You contact us by e-mail or a “contact us” or similar feature on the Sites or Services, You should be aware that Your transmission might not be secure. A third party could view information You send by these methods in transit.

You may be able to create an account on the Sites or in the Services with a username and password. HealthcareSource policies preclude access to passwords by anyone at HealthcareSource or its Outside Contractors except on a need-to-know basis. If You do create a username and password, You are responsible for maintaining the strict confidentiality of Your account password, and You shall be responsible for any access to or use of the Sites or Services by You or any person or entity using Your password, whether or not such access or use has been authorized by or on behalf of You, and whether or not such person or entity is Your employee or agent. You agree to (a) immediately notify HealthcareSource of any unauthorized use of Your password or account or any other breach of security, (b) take any reasonable steps within Your control to prevent any further unauthorized use or breach, (c) ensure that You exit from Your account at the end of each session, and (d) ensure that any individual leaving Your organization no longer maintains any access to Your account. It is Your sole responsibility to protect Your password, control access to and use of Your account. We will not be responsible or liable for any loss or damage arising from Your failure to comply with this provision.

We will have no liability for disclosure of Your information due to errors or unauthorized acts of third parties during or after transmission.

In the unlikely event that we believe that the security of Your Personal Information in our possession or control may have been compromised, we may seek to notify You of that development. If a notification is appropriate, we would endeavor to do so as promptly as possible under the circumstances, and will do so using the contact information You have provided to us and that we have stored for You as Your Personal Information. It is Your responsibility to ensure Your contact information remains up-to-date. To the extent that the contact information we have for You includes  an e-mail address, we may notify You by e-mail of any potential compromise of Your Personal Information. By visiting the Sites and using the Services, You consent to our use of e-mail as a means of such notification.


Phishing

Please know that it has become increasingly common for unauthorized individuals to send e-mail messages to consumers, purporting to represent a legitimate company such as a bank or on-line merchant, requesting that the consumer provide personal, often sensitive information. Sometimes, the domain name of the e-mail address from which such an e-mail appears to have been sent, and the domain name of the website requesting such information, appears to be the domain name of a legitimate, trusted company, while in reality, such sensitive information is received by an unauthorized individual to be used for purposes of identity theft. This illegal activity is known as “phishing.”

Please know that we will never ask You to provide us with Your password for any reason, and will not ask You to provide any sensitive information (including Personal Information) via e-mail. If You receive an e-mail or other correspondence requesting that You provide any sensitive information (including Your password) via e-mail or to a website that does not seem to be affiliated with HealthcareSource, or that otherwise seems suspicious to You, please do not provide such information, and report such request to us at solutions@healthcaresource.com.


Consent to Worldwide Transfer and Processing of Personal Information

When You give Your Personal Information to HealthcareSource, it may be processed by HealthcareSource in the United States and all other countries in which HealthcareSource operates or in which our affiliates operate. Each of these countries has different privacy laws that afford varying levels of protection for Your Personal Information. Regardless of the laws in place in these countries, HealthcareSource will treat the privacy of Your information in accordance with this Privacy Policy and in accordance with the laws of the United States and of the Commonwealth of Massachusetts. By providing Your Personal Information to HealthcareSource, You fully understand and unambiguously consent to the transfer or transmission of Your information to, and processing of Your information in, any jurisdiction, in accordance with this Privacy Policy.

Without limitation of the foregoing, You hereby expressly grant consent to HealthcareSource to: (a) process and disclose such information (including special categories of personal data) in accordance with this Privacy Policy; (b) transfer such information (including special categories of personal data) throughout the world, including to the United States or other countries that do not ensure adequate protection for Personal Information (as determined by the European Commission); and (c) disclose such information (including special categories of personal data) to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements.


Third Party “Linked-To” Websites

When You visit the Sites or use the Services, You may have the opportunity to visit, submit Data to, or link to, other sites or services not operated by HealthcareSource, including the websites of HealthcareSource’s customers or other websites operated by unaffiliated third parties. These sites and services may collect Personal Information and other Data about You. HealthcareSource does not control sites that are operated by these entities and we have no responsibility or liability for any tracking, data collection, security, or other information gathering practices of these sites and third parties. This Privacy Policy does not address the information practices of those other Websites.


Do Not Track

The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. We take no action in response to automated Do Not Track requests. However, if You wish to stop such tracking, please contact us with Your request, using our contact details provided below.
 

7. GENERAL PROVISIONS

Changes to this Privacy Policy

We may revise this Privacy Policy from time to time.  We will not make changes that result in significant additional uses or disclosures of Your Personal Information without allowing You to “opt in” to such changes. We may also make non-significant changes to this Privacy Policy that generally will not significantly affect our use of Your Personal Information, for which Your opt-in is not required. We encourage You to check this page periodically for any changes. If any non-significant changes to this Privacy Policy are unacceptable to You, You must immediately contact us and, until the issue is resolved, stop using the Sites and Services. Your continued use of the Sites or Services following the posting of non-significant changes to this Privacy Policy constitutes Your acceptance of those changes.


Use By Minors Prohibited

The Sites and Services are not geared towards children, and use of all of the Sites and all of the Services is limited to legally-competent adults aged 18 and older, unless a parent or guardian explicitly authorizes such use and we consent to such use. HealthcareSource does not knowingly solicit, collect or maintain any information from children under the age of 13. If You believe that Your child under 18 has gained access to the Sites or Services without Your authorization and without our permission, please contact us at solutions@healthcaresource.com. If You are under 13 years of age, then please do not use or access the Sites or Services at any time or in any manner. Should a child whom we know to be under 13 send Personal Information to us, we will use that information only to respond directly to that child (or a parent or guardian) to inform the child that we must have consent from a parent or guardian before receiving the child’s Personal Information, and we will then take the appropriate steps to delete such information, potentially including (at our discretion) immediately terminating the Account used by the child and deleting all Data associated with the Account, potentially without advance notice to the account holder.


Questions or Comments

If You have any questions or comments regarding our privacy practices, You may contact us at solutions@healthcaresource.com. You may also send any comments, questions or concerns by mail to:

HealthcareSource HR, Inc. 
100 Sylvan Road, Suite 100 
Woburn, MA 01801

 

8. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This Section 8 shall apply only to the extent that HealthcareSource is regulated as a business (as defined in the CCPA) under the CCPA (as defined below). This Section 8 shall apply to You only if You are a California resident.

If You are an Authorized User of a Customer, we may receive consumer information (as defined below) about You in connection with our provision of the Sites or Services to such Customer. To the extent we process such consumer information solely in order to provide the Sites or Services to such Customer, under the CCPA, to the extent applicable, we will act as a service provider (as defined in the CCPA) on behalf of such Customer in respect of that consumer information; this Privacy Policy will not apply to the processing of that consumer information and such Customer will act as a business (as defined in the CCPA) in respect of that consumer information. The business is responsible for obtaining all necessary consents and providing You with all requisite information as required by applicable law. We may also be a service provider of certain information on behalf of our enterprise customers. For the avoidance of doubt, this paragraph shall not apply to the consumer information of End Users or Browsers, as to which (to the extent the CCPA is applicable) HealthcareSource is a business (as defined in the CCPA) and, to the extent we process Your consumer information for our lawful business or commercial purposes, under the CCPA, to the extent applicable, we will act as a business with respect to such consumer information and this Privacy Policy will apply to the processing of such consumer information.

As used in this Section 8, “sell” (including any grammatically inflected forms thereof) means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, consumer information (as defined below) to another business or a third party for monetary or other valuable consideration.

“Selling” does not include (i) disclosing consumer information to a third party at Your direction, provided the third party does not sell the consumer information except in accordance with the California Consumer Privacy Act (the “CCPA”), (ii) where You intentionally interact with a third party through the Services, provided the third party does not also sell the consumer information, (iii) using or sharing Your consumer information with a service provider as necessary to perform business purposes, provided that such service provider provides its services on HealthcareSource’s behalf and provided that the service provider does not further collect, sell or use the consumer information except as necessary to perform the business purpose, or (iv) transfers of Your consumer information to a third party as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of HealthcareSource, provided that information is used or shared consistently with the CCPA.

Where noted in this Privacy Policy, until January 1, 2021, the CCPA exempts consumer information reflecting a written or verbal business-to-business communication ("B2B consumer information") from some its requirements, provided that such exemptions shall not apply from and after January 1, 2021.
 

8.1       Consumer Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with particular California residents, devices, or households ("consumer information"). Consumer information does not include deidentified or aggregated information, publicly available information from government records, or any other information that is excepted from the definition of "personal information" under the CCPA or otherwise that is not regulated by the CCPA.  In particular, with respect to the Services, we have collected the following categories of consumer information from California residents, households or devices within the last twelve (12) months:

Category
Examples
Business or commercial purposes for which we use consumer information
A. Identifiers. Name, email address, telephone number, relationship to a reference, facsimile number, address, IP address, professional certifications/license numbers and dates and description (and issuing authority), eligibility to work, languages spoken, schedule and shift preferences, and any other identifiers to the extent included in a public area of any of the Sites and Services.
  • Creating an Account or Profile for You based on the Data You provided to us or based on the Data You imported from other sites or services (which may enable You to utilize the same Profile for applications to multiple positions).
  • Maintaining contact with clients/prospects for the purposes of marketing HealthcareSource products & services.
  • Provision, improvement, and marketing of the Sites and Services.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

Name, email address, telephone number, facsimile number, address, and any other Personal information categories listed in the California Customer Records statute to the extent included in a public area of any of the Sites and Services.

  • Creating an Account or Profile for You based on the Data You provided to us or based on the Data You imported from other sites or services (which may enable You to utilize the same Profile for applications to multiple positions).
  • Maintaining contact with clients/prospects for the purposes of marketing HealthcareSource products & services.
  • Provision, improvement, and marketing of the Sites and Services.
C. Protected classification characteristics under California or federal law. Age, date of birth, race, veteran/military status, gender, nationality, citizenship – only if disclosed on resume or otherwise in job application materials, and any other protected classification characteristics under California or federal law to the extent included in a public area of any of the Sites and Services.
  • Creating an Account or Profile for You based on the Data You provided to us or based on the Data You imported from other sites or services (which may enable You to utilize the same Profile for applications to multiple positions).
  • Provision, improvement, and marketing of the Sites and Services.
D. Commercial information Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, and any other commercial information to the extent included in a public area of any of the Sites and Services.
  • Understanding the nature of Your engagement with purchasing our products/services and whether You have used them in prior roles.
  • Provision, improvement, and marketing of the Sites and Services.
E. Biometric information. Any biometric information to the extent included in a public area of any of the Sites and Services.
  • Provision of the Sites and Services.
F. Internet or other similar network activity. Browsing history, domain name, ISP, IP address, search history, information on a consumer's interaction with a website, application, and any other Internet or other similar network activity information to the extent included in a public area of any of the Sites and Services.
  • Understanding the nature of Your engagement with purchasing our products/services and whether You have used them in prior roles.
  • Provision, improvement, and marketing of the Sites and Services.
G. Sensory data. Any sensory data to the extent included in a public area of any of the Sites and Services.
  • Provision of the Sites and Services.
H. Professional or employment-related information. Professional certifications/license numbers and dates and description (and issuing authority), current and/or past job history, job title, eligibility to work, employment dates, company name, location and description of responsibilities, applications of employment, resumes, schedule and shift preferences, education history, including school name, enrollment dates, city/state/country, graduation status, degree type, field of study.
  • Creating an Account or Profile for You based on the Data You provided to us or based on the Data You imported from other sites or services (which may enable You to utilize the same Profile for applications to multiple positions).
  • Understanding the nature of Your engagement with purchasing our products/services and whether You have used them in prior roles.
  • Provision, improvement, and marketing of the Sites and Services.
I. Inferences drawn from other personal information. Profile reflecting a person's employment preferences, characteristics, abilities, and aptitudes.
  • Creating an Account or Profile for You based on the Data You provided to us or based on the Data You imported from other sites or services (which may enable You to utilize the same Profile for applications to multiple positions).
  • Understanding the nature of Your engagement with purchasing our products/services and whether You have used them in prior roles.
  • Provision, improvement, and marketing of the Sites and Services.

 

8.2       Use of Consumer Information; Categories of Sources

We use consumer information for the business or commercial purposes described in the table above and in the manner described in Sections 1, 2, 3, and 4 of this Privacy Policy with respect to Personal Information.

Regarding the categories of sources from which consumer information is collected, we collect consumer information that You submit to us. We also receive information that is otherwise collected when you use the Sites and/or Services, including as described in Section 1 in the paragraph titled "IP Address and Clickstream Data" and in Section 3. We may also receive Your consumer information from third-party websites when You choose to arrive at the Sites or Services through such a third-party website, in the manner described in Section 1 in the paragraph titled "Imported Information".

We may collect from You consumer information about others. For instance, if You choose to use our Services to share content found on the Sites or other information about our products, services, or resources with Your business associates, clients, friends or family members, we may ask You for such other person’s (or entity’s) name and e-mail address, or other contact information. By providing such other person’s (or entity’s) information as described in the previous sentence, You represent and warrant to HealthcareSource that You have provided notice and obtained all consents and rights from such person (or entity) required by applicable law to enable HealthcareSource to process, and determine the purposes and means of processing of, such information. Such consumer information of others will be treated in accordance with this Privacy Policy and applicable law.


8.3       Disclosures of Consumer Information for a Business Purpose

HealthcareSource may disclose Your consumer information described in the table above to a third party for a business purpose, as described in Sections 4 and 5 of this Privacy Policy with respect to Personal Information. In the preceding twelve (12) months, HealthcareSource has disclosed each of the categories of consumer information described in the table above for a business or commercial purpose to the following categories of third parties (as further described in Section 5 of this Privacy Policy):

8.3.1       Potential Employers

8.3.2       Outside Contractors; and

8.3.3       Third Parties Generally.

Any information posted to the public areas of the Sites and/or Services in the preceding twelve (12) months has been publicly available.


8.4       Sales of Consumer Information

In the preceding twelve (12) months, HealthcareSource has not sold, nor does it or will it sell, consumer information.


8.5       California Residents’ Rights and Choices

The CCPA provides California residents with specific rights regarding their consumer information. This Section 8.5 describes Your CCPA rights (to the extent applicable to You) and explains how to exercise those rights.

           

8.5.1    Access to Specific Information and Data Portability Rights:

You may have the right to request that HealthcareSource disclose certain information to You about our collection and use of Your consumer information over the past 12 months. Once we receive and confirm Your verifiable consumer request (in the manner described in Section 8.6 below), to the extent required by the CCPA, we will disclose to You:

8.5.1.1 The categories of consumer information we collected about You.

8.5.1.2 The categories of sources for the consumer information we collected about You.

8.5.1.3 Our business or commercial purpose for collecting that consumer information.

8.5.1.4 The categories of third parties with whom we share that consumer information.

8.5.1.5 The specific pieces of consumer information we collected about You (also called a data portability request).

8.5.1.6 If we disclosed Your consumer information for a business purpose, a list disclosing disclosures for a business purpose, identifying the consumer information categories that each category of recipient obtained.

We will not provide the foregoing access and data portability rights for B2B consumer information prior to January 1, 2021.
 

8.5.2    Deletion Request Rights: 

You have the right to request that HealthcareSource delete any of Your consumer information that we collected from You and retained, subject to certain exceptions. Once we receive and confirm a verifiable request from You (if You are a California resident) in the manner described in Section 8.6 below (“verifiable consumer request”), we will delete (and direct our service providers to delete) Your consumer information from our records, unless an exception applies. We may deny Your deletion request if retaining the information is necessary for us or our service provider(s) to:

8.5.2.1 Complete the transaction for which we collected the consumer information, provide a product or service that You requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with You.

 8.5.2.2 Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

8.5.2.3 Debug products or services to identify and repair errors that impair existing intended functionality.

8.5.2.4 Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

8.5.2.5 Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).

8.5.2.6 Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if You previously provided informed consent.

8.5.2.7 Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with us.

8.5.2.8 Comply with a legal obligation.

8.5.2.9 Make other internal and lawful uses of that information that are compatible with the context in which You provided it.

We will not provide the foregoing deletion rights for B2B consumer information prior to January 1, 2021.
 

8.6       Exercising Access, Data Portability, and Deletion Rights

8.6.1    To exercise the access, data portability, and deletion rights described in Section 8.5 above, please submit a verifiable consumer request to us by either: (1) calling us at 1(800)-869-5200; or (2) contacting us at legalteam@healthcaresource.com. Only You, or someone legally authorized to act on Your behalf (such as an authorized agent), may make a verifiable consumer request related to Your consumer information. You may also make a verifiable consumer request on behalf of Your minor child. You may make a verifiable consumer request for access or data portability no more than twice within a 12-month period. The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify You are the person about whom we collected consumer information or an authorized representative; and (ii) describe Your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to Your request or provide You with consumer information if we cannot verify Your identity or authority to make the request and confirm the consumer information relates to You. Making a verifiable consumer request does not require You to create an account with us. We will only use consumer information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We use the following process to verify consumer requests: All requests for information about categories of information or specific information we have collected and all requests to delete information will be referred to the Legal department at HCS. You will be contacted directly by the Legal department or its delegate using contact information that we have on file for verification of the request. We will require information from you that matches information we already hold to ensure the validity of the request. We will not provide you with specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of that personal information. We will require extra levels of verification to disclose a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers. We may deny your request if you are not able to provide us with verifiable responses to reasonably-requested information.

 

8.6.2    We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform You of the reason and extension period in writing. If You have an account with us, we may deliver our written response to that account. If You do not have an account with us, we will deliver our written response by mail or electronically, at Your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide Your consumer information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance. If Your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request and notify You of the reason for refusing the request.
 

8.7       Non-Discrimination

8.7.1    We will not discriminate against You for exercising any of Your CCPA rights, including, unless permitted by the CCPA, by:

8.7.1.1 Denying You goods or services.

8.7.1.2 Charging You different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

8.7.1.3 Providing You a different level or quality of goods or services.

8.7.1.4 Suggesting that You may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

 

Last updated and effective March 2021