Privacy Policy
Last Revised: August 15, 2024
PRIVACY POLICY
1. INTRODUCTION
1.1 Purpose of this Policy. This Privacy Policy (“Policy”) of Finger Lakes IPA, Inc. d/b/a Forward Leading IPA (FLIPA), a New York not-for-profit corporation (“our,” “us,” or “we”), applies to each individual from whom we receive personal information through our Environment (defined below) (“you” or “your”). This Policy relates to our Terms of Use, which incorporates this Policy (“you” or “your”).
This is an important document that describes how we collect, use, and disclose your personal information on our website. We do not guarantee or warrant the security or protection of your personal information, and you assume the risk that an unauthorized party (e.g., a hacker or cyber attacker) might access, misuse, or destroy your personal information. Therefore, please carefully review this Policy, and ensure that you find it acceptable before using our Environment or providing your personal information to us.
1.2 About Us. We are a New York independent provider association comprised of a network of participating provider member organizations with a goal of delivering care and supporting communities served across upstate New York in a more integrated, productive, cost-effective way. Notwithstanding anything in this Policy to the contrary: any FLIPA participating provider/member organization is subject to the participating provider agreement, and such participating provider agreement supersedes any contrary or conflicting provisions in this Policy. Through our websites (https://www.forwardleadingipa.org/; and https://www.brightstartconnect.org), you could be a participating provider/FLIPA member organization or community partner (or an employee of a participating provider/FLIPA member organization or community partner) receiving services from or through us under a service agreement with us or one of our member organizations. If, for purposes of the participating provider agreement or any service agreement, you provide us with protected health information (as defined in the regulations promulgated pursuant to the Health Information Portability and Accountability Act (“PHI”)) that pertains to patients or individuals under your care, we will treat and handle the PHI in accordance with the Business Associate Agreement (“BAA”) that is incorporated into that participating provider agreement or service agreement, if applicable to such PHI, or pursuant to the terms of any valid consent, if applicable to such PHI. If any terms or procedures of this Policy conflict with any terms or procedures of any applicable BAA or valid consent, the applicable BAA or valid consent, as the case may be, will control and prevail. Nothing in this Policy will be implemented that fails to comply with applicable laws and regulations relating to PHI.
1.3 Our Affiliates. We rely on our relationships with various types of Affiliates to conduct our operations. In these Terms, the term “Affiliates” means our third party technology suppliers, contractors, corporate affiliates, participating providers/member organizations, service providers, processors, vendors, licensors, lessors, and other third parties with whom we have a business relationship.
We may update this Policy from time to time. The date provided at the top of this Policy is the latest revision date of this Policy. To request a prior version of this Policy, please contact us.
2. OUR ENVIRONMENT
The following is a list of the resources and property that we and our Affiliates may use to collect your personal information, which may vary depending on the nature of your interactions with us and may not include all of the examples listed below (collectively, our “Environment”):
- the website that displays these Terms (the “Site”) as well as any and all additional websites, mini sites, online portals, web portals, mobile applications and electronic user interfaces owned or controlled by us that are incorporated into or connected to the Site. Certain parts of the Site are publicly available; however, in order to use certain other parts of this Site, you may be asked to first complete a registration form and set up a user account with log-in credentials. During registration, you may be asked to give contact details and other demographic information.
- any of our social media channels and messaging platforms that enable you to communicate with us via emails, texts, or direct messages.
- any of our phone systems and video conferencing systems that enable you to communicate with us via teleconference, video conference, or video session messaging.
- any of our surveys, forms, computer tablets, and other materials used to document or record any answers or feedback that you provide.
2.2 Outside of Our Environment. Our Site may provide buttons or hyperlinks that enable you to leave our Site and connect with platforms controlled by third parties, such as third party websites, social network venues, and mobile applications. Notably, our website links to the websites of our participating providers/member organizations. By clicking and using these buttons, hyperlinks, and interfaces, you may leave our Site, which may enable the applicable third party to collect or disclose your personal information. We do not control these third party platforms, and they are not part of our Environment. We encourage you to review the privacy policies of these third party platforms and exercise caution before providing your personal information to them.
3. OUR NOTICES TO YOU3.1 No Sale; No Sharing for Targeted Advertising. We do not sell your personal information, nor do we sell any of your sensitive personal information that we may collect. We do not distribute or provide your personal information (sensitive or otherwise) to any advertising network or other third party for purposes of targeted advertising.
3.2 Sensitive Personal Information. We may collect PHI or certain sensitive information depending upon the intended use of our Environment, the nature of our transactions and communications with you, and our Business Purposes (defined in Section 3.4). To the extent required by applicable law, us or our Affiliates will obtain your consent in relation to our use and disclosure of such information. If we collect your PHI or certain sensitive personal information, we may use or disclose it only: (a) as authorized by applicable law; or (b) as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, including the services that we perform for the Service Purposes (defined in Section 3.4).
3.3 Categories of Personal Information That We Collect. The following is a list of the categories of your personal information that we may collect for our Business Purposes, which may vary depending on the nature of your interactions with us and may not include all of the examples listed below:
- Identifiers – such as your real name, alias, postal address, telephone number, unique personal identifier, online identifier, username, email address, signature, account name, date of birth, or other similar identifiers.
- User Account – such as any information provided to us if you establish or create a user account, such as a unique username account and password that your create or your account preferences;
- Network Activity and Device Information – such as your Internet Protocol (IP) address, device, browser, internet or other electronic network activity information, including browsing history, search history, information regarding your interaction with an internet website, application, or advertisement, network routing information (where you came from), date/time stamps, clickstream information (when a webpage was visited and how much time was spent on the webpage), device information or identifier, browser type, referring/exit webpages, and number of visitors, views, and interactions.
- Geolocation Data – such as your general geographic location, which may be determined using your Internet Protocol (IP) address or cellular signals generated by your mobile device.
- Audio, Visual and Other Information – such as your physical characteristics or description, and your audio, electronic, visual, or similar information, including voices, sounds, photos and videos of you.
- Background Information – such as your education, preferred language, professional background, and biographical information.
- Characteristics of Protected Classes – such as your race, color, religion, sex (including pregnancy, sexual orientation, gender, gender identity or expression), age, disability, genetic information, national origin, and citizenship status.
- Health and Social Care Information – such as your medical information, health information, or any information related to your social care needs.
3.4 Our Purposes for Collecting Your Personal Information
- Service Purposes. We may collect, use or disclose your personal information for the following purposes (“Service Purposes”):
- Quality & Safety – undertaking activities to verify or maintain the quality or safety of a service or device that is owned or controlled by us, or to improve, upgrade, or enhance the service or device that is owned or controlled by us.
- Security – helping to ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate for these purposes.
- Services – performing services on our behalf, including maintaining or servicing accounts, providing customer service, processing or fulfilling your requested transactions, verifying customer information, providing analytic services, providing storage, or providing similar services on our behalf.
- Short-Term Use – short-term, transient use, including non-personalized advertising shown as part of your current interaction with us, provided that your personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction with us and our Affiliates.
- Business Purposes. We may collect, use or disclose your personal information for our Service Purposes, our operational purposes, and the following additional purposes, provided that our use of your personal information is necessary and proportionate to achieve the purpose for which your personal information was collected or processed or for another purpose that is compatible with the context in which your personal information was collected (collectively, our “Business Purposes”):
- Communications – providing communications regarding our policies and procedures, terms of service, new services or programs, or other similar updates, and to respond to your specific requests for information, including concerning services which may be of interest to you; to facilitate your access and use of the Site or our services; to assist you to interact with and communicate with the Environment; to respond to your questions or communications regarding the Environment; and to otherwise process customer service functions.
- Debugging – debugging to identify and repair errors that impair existing intended functionality.
- Internal Research – undertaking internal research for technological development and demonstration.
- Contractual obligations – carrying out obligations and enforcing rights arising from any contracts entered into between you and us.
- Goods and Services – contacting you to provide information about goods and services for which you have requested additional information, or of which we believe may be of interest to you.
- Complying with Law. We may also use or disclose your personal information to the extent necessary for us to: (a) comply with federal, state or local laws; (b) comply with civil, criminal or regulatory inquiries, investigations, search warrants, subpoenas, summons, orders, injunctions and mandates issued by courts, judicial authorities, law enforcement authorities or governmental authorities, including federal, state or local authorities; and (c) cooperate with such authorities.
3.5 How We Collect Your Personal Information
- We may use our Environment to collect your personal information through a variety of methods, such as the following:
- automatically pulling data from your browser or device (such as your computer or smartphone) to track your activity or geolocation, by other tracking means, or by using cookies, tracking pixels, or other tracking technologies. Users will have the ability to allow/disable cookie tracking and disclosures pop up when submitting any data.
- receiving information you have provided to us via phone, text, email, electronic message, online form submission, or other communications.
- receiving information from third parties who have disclosed to us, the information you have made publicly available.
- communicating with you in person.
3.6 Sources of Your Personal Information. We may obtain your personal information from the following categories of sources:
- You – You may send us your personal information when you use our products, services or Environment, or when you subscribe for or receive services in connection with the Site, or when you communicate with us by email, phone or text message, such as in connection with your registration or experiences on the Site and when you complete forms on the Site or participate in surveys through us.
- Your Devices – We may pull your personal information from your devices and browsers through tracking methods and by placing cookies, as described below.
- Our Affiliates – Our Affiliates may collect your personal information for our Business Purposes.
3.7 Receivers of Your Personal Information. We may disclose your personal information to the following third-party receivers:
- Technology Suppliers and Contractors – third parties that: (a) supply and operate software-based tools and programs that we connect to our Site, such as plugins, widgets, and extensions; (b) supply and operate servers, databases, and online platforms that we connect to our Site, such as cloud-based applications and web portals; (c) provide software-as-a-service that we connect to our Site; and (d) provide other software-based services that we order, including the following:
- web hosting
- scheduling
- web content management
- web analytics
- hosting communication systems, such as text message, video conferencing and email marketing systems
- Contractors – third parties that provide, lease, or license products, services, data centers, or other facilities to us, such as customer support providers, event managers, information technology consultants, cyber security advisors, computer programmers, business advisors, auditors, accountants and attorneys.
- Corporate Affiliates – third parties that control us, that we control, or that are under common control with us, such as our parents, subsidiaries, and sister entities.
- Legal Authorities – legal authorities, such as courts, judicial authorities, law enforcement authorities or governmental authorities (including federal, state, or local authorities) in connection with any civil, criminal, or regulatory inquiry, investigation, search warrant, subpoena, summons, order, injunction or mandate issued by any such legal authority.
To the extent any third parties we provide information to are acting as a “business associate,” as such term is defined under HIPAA, we will require the party receiving the information agrees that their access and use of the information is subject to the terms of a business associate agreement if required by HIPAA. We may also share your personal information with third parties if you have consented to such disclosure or authorized us to disclose your information through the Environment.
3.8 How Long We Keep Your Personal Information. For each of the categories of personal information provided above, we may keep your personal information for a period lasting as long as is reasonably necessary for our purpose of collecting it or as otherwise required by applicable law. At the end of the period or when you delete your user account, whichever comes first, we may permanently destroy, erase, delete, encrypt or disable access to your personal information in a manner designed to ensure that it cannot be reconstructed or read. You will not be able to recover such personal information later.
3.9 Your Personal Information
If your personal information changes, or if you no longer desire to receive services from us, we will endeavor to correct, update, or remove your personal information, subject to requirements of any applicable law. To submit a request or notice to us under this Section 3.9, you may send your request or notice through our Contact Us page or by emailing us at the following address: privacy@forwardleadingipa.org.
4. COOKIES AND OTHER TRACKING TECHNOLOGIES
4.1 Cookies. A cookie is a small data file that our websites store on the browser of your device, such as your computer or smartphone. Your browser, such as Chrome, Firefox, Edge or Safari, stores cookies in the memory of your device. Our webservers or the webservers of our affiliates may receive and use these cookies when you return to our websites. You can learn more information about cookies at www.allaboutcookies.org.
4.1.2 Essential Cookies. In accordance with applicable law, we may use certain types of cookies (sometimes referred to as essential cookies or necessary cookies) without your prior consent to enable our websites to work properly, securely and efficiently for Service Purposes, including enabling our Site to perform the functions described in this Section below. We use these types of cookies: (a) for the performance of a contract to which you are a party; (b) to take steps at your request before entering into a contract; or (c) as necessary for us to process your personal information for purposes of our legitimate interests. For example, we may use these types of cookies for the following purposes:
- To save pieces of information you have entered during online transactions at our website, such as names, addresses, usernames, passwords, and other text you have entered in forms on our websites.
- To verify whether you are logged-in to an account on our websites for authentication and security purposes.
- To operate with adequate security, speed and electronic performance.
4.1.3 Nonessential Cookies. We may use other types of for our Business Purposes, including studying how you interact with our Site and spend time viewing particular content on our Site. For example, we may use these cookies to record your browsing history, such as the particular buttons you have clicked and the particular webpages you have visited. This helps us personalize your experience, improve our websites, enhance our products and services, and identify new products or services that may be in demand.
4.1.4 How to Change Cookie Settings. There are several ways for you to stop or limit our use of certain types of cookies. If there is a cookie settings hyperlink on our Site, you may use the hyperlink to disable certain types of cookies. Also, you may use your browser’s settings to disable, limit or delete certain cookies. Please keep in mind, however, that our Site may no longer work properly if you disable, limit or delete cookies.
5. EMAILS, TEXT MESSAGES, AND OTHER COMMUNICATIONS
When you provide us your email address, phone number, and contact information through our Contact Us page, registration processes, or other mechanisms in our Environment, you consent to FLIPA and its Affiliates communicating with you through email, text message, phone messages or other forms of communication regarding our available services, the Site, your personal information, and related topics. Standard message and data rates may apply. We may send you information regarding service offerings using email, mail, phone or text messages at the contact information you provide us, and may also subsequently ask you to voluntarily participate in satisfaction and other surveys to get your feedback on your experience with the Environment and our services. You may modify your preferred methods of communication or opt out of future communications from us by submitting your opt-out request to privacy@forwardleadingipa.org. Certain email messages, text messages, or other communications through social media channels may not be secure and could be intercepted by a third party. You understand if you initiate communications with us by unsecure email, text messages, or social media messaging apps that you are reaching out to us at your own risk.
6. MISCELLANEOUS
6.1 Deidentified Information. With respect to deidentified information derived from your personal information, we retain the right to collect, process, use, store, sell, share, disclose, and distribute the deidentified information in accordance with applicable laws. If we exercise this right, we will maintain and use the deidentified information and not to attempt to reidentify it, except that we may reidentify the information only to determine whether our deidentification processes satisfy the requirements of applicable laws.
6.2 Unsubscribing to Our Emails and Messages. Our Environment may enable you to subscribe to or signup for certain marketing communications, such as emails or text messages that provide our newsletters, updates, or marketing messages. Our Environment or the communications will enable you to unsubscribe to our emails and messages by changing a setting, clicking an unsubscribe link, texting “Stop,” or making another input. Even if you opt out or unsubscribe to receiving our marketing communications, we may continue to send you non-marketing communications, such as communications related to services or products that you have requested or are receiving from or through us, or our performance of contractual obligations that we owe to you.
6.3 Law Enforcement and Legal Claims. Nothing in this Policy will prevent or restrict us from:
- complying with federal, state, or local laws or complying with a court order or subpoena to provide information.
- complying with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
- cooperating with law enforcement or government agencies concerning conduct or activity that we, our affiliates or associates reasonably and in good faith believe may violate federal, state, or local law.
- in accordance with applicable law.
- exercising or defending legal claims.
End of Privacy Policy
© 2024 Finger Lakes IPA, Inc. d/b/a Forward Leading IPA (FLIPA)