At Volkart May the privacy of our customer’s and website visitor’s personal information is very important to us.
Volkart May’s continued use of your personal information, after you withdraw your consent to its use, may be required for Volkart May to comply with applicable laws and regulations.
1. Information collected and how we use it
Volkart May shares a commitment with our Covered Entity customers to protect the security and privacy of Protected Health Information that we obtain subject to the terms of our service agreements and Business Associate Agreements with our customers and Business Associate subcontractors.
Our services may include the provision of services to Covered Entities regulated under the Health Insurance Information Portability and Accountability Act (HIPAA) of 1996, as amended, including without limitation the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 (collectively referred to herein as “HIPAA”). In the process of providing services to Covered Entities we may access, receive, process, maintain, archive, and/or transmit information defined by HIPAA as Protected Health Information (PHI) and/or Electronic Protected Health Information (ePHI) from our Covered Entity customers (PHI and ePHI are collectively referred to herein as “PHI”).
Covered Entity: A Covered Entity is a health plan, healthcare provider, healthcare clearinghouse, or any authorized entity representative that must comply with the HIPAA Privacy or Security Rules.
Business Associate: A Business Associate is a person or entity who performs functions or activities for, or provides services on behalf of, a Covered Entity that involve the use or disclosure of PHI.
Business Associate Agreement: A Business Associate Agreement is a formal written agreement between Volkart May and its Covered Entity customers, and/or between Volkart May and its Business Associate subcontractors, that requires Volkart May and its Business Associate subcontractors to comply with specific protections afforded to the security and privacy of PHI under HIPAA.
Protected Health Information (PHI): PHI includes all individually identifiable health information that is transmitted or maintained in any form or medium by a covered entity. Individually identifiable information is any information that can be used to identify an individual that was created, used, or disclosed in the course of providing a healthcare service such as diagnosis or treatment, or in relation payment for the provision of healthcare services.
ii. Use and disclosure of PHI
We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of performing our obligations under our service agreements, provided that such use or disclosure is permitted or required by the applicable service agreement and Business Associate Agreement, and would not violate the HIPAA privacy or security rules as applicable to Business Associates.
We may use PHI internally for our own internal management, administration, data aggregation and legal obligations but only to the extent such use of PHI is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA as applicable to Business Associates.
We may disclose PHI to downstream subcontractors or agents that provide supporting services to us. If the performances of our services to a Covered Entity requires the release of PHI to a downstream subcontractor or agent, all such subcontractors and agents will be required to enter into a Business Associate Agreement with Volkart May and to comply with the same terms and conditions that apply to use and disclosure of PHI under service agreements and Business Associate Agreements with our customers including the implementation and maintenance of required HIPAA privacy and security safeguards.
We may disclose PHI for law enforcement purposes, or in response to subpoenas as required by law, and for other national priority purposes when an authorization or opportunity to object is not required by HIPAA.
We have established and maintain appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by our services agreements, our Business Associate Agreements and HIPAA. These safeguards include administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the PHI that we access, receive, process, maintain and/or transmit on behalf of our Covered Entity customers.
Examples of such safeguards include but are not limited to:
- Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
- Providing appropriate training to our staff to ensure that our staff complies with our privacy and security policies;
- Making appropriate use of encryption when transmitting PHI over the internet;
- Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
- Utilizing appropriate authentication and access controls to safeguard PHI;
- Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
- Maintaining a current contingency plan and emergency access plan in case of emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.
iv. Mitigation of harm
In the event of a use or disclosure of PHI that is in violation of the requirements of a Business Associate Agreement, we will mitigate, to the extent practicable, any known, harmful effect resulting from the violation.
Such mitigation will include:
- Reporting any use or disclosure of PHI not provided for the Business Associate Agreement, and any security incident that we become aware of, to the Covered Entity; and
- Documenting such disclosures of PHI and information related to such disclosures as would be required for a Covered Entity to respond to a request for an accounting of disclosures of PHI in accordance with HIPAA.
v. Access to PHI
We will make available to our Covered Entity customers that information necessary for the Covered Entity to provide individuals with their rights of access, amendment, and accounting of disclosures in accordance with HIPAA. Upon request from such Covered Entity, we will make our internal practices, books and records including policies and procedures relating to the use and disclosure of PHI received from, created by, or received by a Business Associate on behalf of the Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purposes of determining compliance with the terms of the Business Associate Agreement and HIPAA regulations.
B. Information collected through the website
When you visit our website, we automatically obtain certain information about you from your computer.
This information may include:
- The name of the domain from which you access the internet;
- The Internet Protocol address (“IP Address”) of the computer you are using;
- The type of browser and operating system you are using;
- The date and time you access our website;
- The internet address of the site from which you linked directly to our website;
- The pages on the website you have visited;
- The search terms you use; and
- The links on which you click.
Volkart May may keep and use your personal information that we have collected through your use of our website to personalize your experience. We may also keep and use your personal information to:
- Provide you with requested technical support;
- Remind you of our Terms of Service;
- Contact you with information that might be of interest to you about our services;
- Use the information for analytical purposes and to research, develop, and improve programs, products, services, and content;
- If you are a U.S. healthcare provider, to link your name, National Provider Identifier (NPI), state license number, and/or your IP address to web pages you visit for compliance, marketing and sales activities;
- Protect our rights or property; and
- Comply with a law or regulation, court order or other legal process.
C. Cookies and web beacons
D. Personal information collected through the services
Volkart May collects, stores and uses personally identifiable information including date of birth, payment information (e.g., credit card) and contact details such as email address, phone number, shipping/billing address and contact preferences when they are voluntarily submitted to us for purposes of receiving services and/or when you register for updates, or contact us via the website or other channels.
Volkart May may use this information to contact you for administrative communications, including contacting you by email or phone to:
- Collect payment for the services;
- Communicate with you in connection with rendering the services;
- Provide you with information about Volkart May; or
- Provide you with information that Volkart May believes may be of interest to you.
In addition, Volkart May may send you promotional communications, including updates on products and services offered by Volkart May. You can optout of receiving promotional communications by updating your account settings or by following the unsubscribe instructions within any promotional communication you receive from Volkart May.
2. Sharing personal information with third parties
To facilitate the services, Volkart May may share some personal information with third parties that we engage to perform services or functions on our behalf. For example, we may use different vendors or suppliers to assist us with providing the services. In these cases, we may provide the vendor with the required personal information to process your order such as your name and mailing address. When we share your personal information with our third-party partners, we do not authorize them to use, share or disclose your personal information with others for purposes other than the provision of services they have been retained to provide.
Volkart May will not sell or rent your personal information to any other company or organization. Information about you, including personal information, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy or receivership in which information is transferred to one or more third parties as one of our business assets.
3. Linked websites
The website may contain links to third-party external websites. Volkart May does not maintain these third-party websites and is not responsible for the privacy practices of third-party or external websites. Please refer to the specific privacy policies or statements posted on any third-party or external websites you choose to access.
4. Aggregate data collection
Volkart May, and our third-party partners, track visits to our website, and use of the services to compile anonymous aggregate statistics. Volkart May uses various technical measures to gather and anonymize these statistics to mask them from being associated with any individual. This tracking is necessary to help us customize and continually improve our users’ experience, to gather demographic information about our user base and the visitors to our website, to offer our products and services, to monitor and track our marketing programs, and to serve targeted advertising on our website and on other websites around the internet.
If you are under the age of 13, you must obtain the authorization of a responsible adult (parent, legal custodian, or teacher) before using or accessing this website. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13 without their parent or guardian’s consent, we will promptly remove such information from our databases.
6. Individual choices
You may choose to decline to share certain personal information with Volkart May. In some cases, we may not be able to provide you with some of the features and functionality of the service without that information. You may request to remove, amend, modify or transfer your personal information by contacting us at [email protected].
In addition, at times you may have an opportunity to elect to receive certain communications, including emails, from us. If you choose to stop receiving such communications at any time, you may unsubscribe by following the instructions found within each communication sent by Volkart May. Please be aware that, if you opt out of receiving email from us, it may take up to ten (10) business days for us to process your request and, during that time, you may receive promotional communications from us that you have opted-out from during that period.
7. Revocation of your consent to the processing of personal data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time by sending written revocation of your consent to the processing of your personal data to Volkart May at [email protected]. All data processed before Volkart May receives your revocation of consent will be considered legally processed with your consent. In addition, you may request that all of your data be removed from Volkart May’s systems and processes by sending written request for removal and destruction of all your data to Volkart May at [email protected] Upon receipt of such a request, Volkart May will take all steps necessary to remove all of your data completely and permanently unless we are unable to do so for legal, compliance or other legitimate reasons.
8. Right to file complaints with regulatory authorities
If you believe that Volkart May has violated any applicable data protection legislation pertaining to your personal information, you may file a complaint with the pertinent regulatory authorities within your jurisdiction.
9. Right to data portability
You have the right to request that all your personal data which Volkart May maintains within its processes or system based on your consent or in fulfillment of a contract, be automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible. To make such a request you must contact Volkart May in writing, requesting that Volkart May gather all of your personal information, by sending an email to [email protected].
10. Governing law
12. CONTACT INFORMATION
Attn: Marketing Department
3405 Annapolis Lane North
Plymouth, MN 55447
Email: [email protected]
Page updated as of: September 2, 2020