This Privacy Policy (the “Policy”) describes how Suvi Health, Inc. and its affiliates (“Suvi Health,” “we,” “us,” or “our”) collect, use, and disclose personal information in connection with our public-facing websites, our marketing activities, and our care coordination platform and related services (together, the “Services”). This Policy is directed to individuals who interact with Suvi Health in a business or professional capacity. That includes visitors to our websites, prospective and current customers and partners, recipients of our marketing and business communications, clinical and administrative users who access the Services on behalf of a health system customer, and job applicants. If you are a patient or caregiver whose provider has enrolled you in a program that uses our Services, please see Section 1 below for how your information is handled.
Suvi Health provides its Services to hospitals, health systems, and other covered entities (each, a “Customer”). When we process protected health information (“PHI”) or other patient data on behalf of a Customer, we do so as a HIPAA Business Associate under a written Business Associate Agreement (“BAA”) with that Customer. We refer to information processed in that capacity as “Customer Data.” This Policy does not govern our handling of Customer Data. Our use and disclosure of Customer Data is governed by the applicable BAA and our underlying services agreement with the Customer, together with HIPAA and other applicable laws. If you are a patient or caregiver interacting with Suvi Health because your provider has enrolled you in a program that uses our Services, your information is handled as Customer Data under our BAA with your provider. To understand how your health information is collected, used, and shared, please refer to your provider’s Notice of Privacy Practices. You may exercise rights regarding that information directly with your provider, and we will support your provider in responding to your request as required under our agreements and applicable law. The remainder of this Policy describes how we handle personal information we collect directly from or about individuals who interact with Suvi Health in a business or professional capacity, as described in the Introduction.
When you engage with Suvi Health in a business or professional capacity, we collect information you choose to provide to us, including:
When you visit our websites or use the Services, we and our service providers may automatically collect certain information about your device and activity, including your IP address, device and browser type, operating system, language settings, approximate location derived from IP address, referring and exit pages, pages viewed, links clicked, and timestamps. We collect this information using cookies, pixels, software development kits, log files, and similar technologies.
Cookies and similar technologies
We may receive information about you from third parties, including our Customers (for example, when a Customer provisions clinical users of the Services), service providers that help us run our business, data providers that supply firmographic or professional data, security and fraud prevention vendors, and publicly available sources. Where you sign in using a third-party identity provider, we receive the account information that provider shares with us.
We use the personal information described above to:
We disclose personal information in the following circumstances:
You may opt out of Suvi Health marketing emails by following the unsubscribe link in any marketing message or by contacting us using the information below. Even if you opt out of marketing communications, we may still send you transactional or service-related messages.
Most browsers let you refuse or delete cookies through their settings. You can also use browser-based privacy controls, including those that recognize the Global Privacy Control signal, to limit tracking. Blocking cookies may affect your ability to use certain features of our websites.
If you have an account on the Services, you can review and update certain information directly through your account. Where you access the Services as a user provisioned by a Customer, your Customer controls your account and you should contact your Customer’s administrator for changes.
Depending on the state in which you reside, you may have certain rights regarding the personal information we maintain about you. These rights may include the right to confirm whether we are processing your personal information, the right to access and obtain a copy, the right to correct inaccurate information, the right to request deletion, the right to opt out of targeted advertising, profiling that produces legal or similarly significant effects, or the sale or sharing of personal information, and the right not to be discriminated against for exercising your rights. These rights are subject to exceptions under applicable law. To submit a request, please contact us using the information in the “How to Contact Us” section below. We will verify your request using information we already maintain about you, and we may ask for additional information to confirm your identity. If an authorized agent submits a request on your behalf, we will ask the agent to provide proof of authority. If your personal information has been submitted to the Services by or on behalf of a Customer, requests to exercise rights regarding that information should be directed to the Customer. We will support the Customer in responding to verified requests as required under our agreements and applicable law.
This section provides additional disclosures required by the California Consumer Privacy Act, as amended (the “CCPA”), for California residents. In the twelve months prior to the date of this Policy, we have collected the following categories of personal information and disclosed them to the categories of recipients indicated for our business purposes:
We collect these categories from the sources described in Section 2 and use them for the purposes described in Section 3. We do not knowingly collect or sell the personal information of California residents under the age of 16. We do not use or disclose sensitive personal information for purposes that would give rise to a right to limit under the CCPA. California residents may exercise the rights to know, access, correct, delete, and opt out of sale or sharing of personal information as described above. We will not discriminate against you for exercising your rights.
Residents of Colorado, as well as residents of other states that have enacted comprehensive privacy laws, may have rights similar to those described in Section 6, including the right to access, correct, and delete personal information, the right to data portability, and the right to opt out of targeted advertising, sale of personal information, and certain profiling. You may exercise these rights by contacting us as described below. If we deny your request, you may appeal our decision by replying to our response, and we will review the appeal within the timeframe required by applicable law.
We retain personal information for as long as we have a legitimate business need to do so, for example to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer need personal information, we delete or de-identify it, or if deletion is not immediately feasible (for example, because the information is stored in backup archives), we securely isolate it until deletion is possible. Retention of Customer Data is governed by the applicable agreement with the Customer.
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, disclosure, alteration, and destruction. Our security program is designed to meet the requirements applicable to a HIPAA Business Associate. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Please notify us promptly if you believe your account has been compromised.
Suvi Health is based in the United States, and we process personal information in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your country of residence.
Our websites and the commercial surfaces of the Services are not directed to children under 18, and we do not knowingly collect personal information from children through those surfaces. Where a Customer deploys the Services in a pediatric care setting, our processing of information about minors occurs under the Customer’s direction and the applicable BAA. If you believe we have collected personal information from a child in a manner that is not permitted by law, please contact us and we will take appropriate steps.
We may update this Policy from time to time. When we make changes, we will update the “Last Updated” date at the top of this Policy and post the revised Policy on our website. If the changes are material, we will provide additional notice as required by applicable law. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the updated terms.
If you have questions about this Policy or about how Suvi Health handles personal information, or if you would like to exercise your rights, please contact us:
Suvi Health, Inc.
Attn: Privacy
1580 N Logan St, Ste 660 PMB 557803
Denver, Colorado 80203
United States
Email: privacy@suvi.health
