XFERALL, LLC PRIVACY POLICY

XFERALL, LLC. (“we” or “our”) is committed to protecting the privacy and security of personal information and patient health information collected through our online service or mobile application. This Privacy Policy describes how we collect, store, use and distribute information through our software, website, mobile application, and related services (together, the “Services”).

1. Consent.
By using the Services, you consent to the collection and use of your Protected Health Information (as defined under the Health Information Portability and Accountability Act of 1996 and its implementing regulations, “HIPAA”) and certain Personal Information as described in this Privacy Policy. Except as set forth in this Privacy Policy, your Protected Health Information and/or Personal Information will not be used for any other purpose without your consent. We acknowledge that we are a Business Associate under HIPAA and will not use or disclose Protected Health Information collected through your use of the Services for any purpose that would violate HIPAA. We also do not actively collect Personal Information for the purpose of sale of such information in a way that specifically identifies you as an individual (i.e. we don’t sell customer lists).

2. Collection of Information.
We may collect the following information about you, your patient(s), and your organization (“User Data”):

Personal Information
When you register to use the Services, we may require you to provide certain personally identifiable information, such as your name, company/organization name, and email address. We will also collect your browser user-agent string, your IP address, and your geolocation coordinates. Collectively, this information is referred to as your Personal Information. If you represent an entity who will be purchasing the Services, we may require you to provide financial and billing information, including but not limited to billing name and address, credit card number, federal and state Employer Identification Numbers, etc. (“Billing Information”).

Protected Health Information
In order to facilitate appropriate patient transfers through the Services, we may ask you to enter certain information about the patient including but not limited to the patient’s age, sex, diagnosis, condition level, insurance information, prior treatment, status, care level, special conditions, and if required, all or part of the patient’s name. The information that we collect will be tailored to the patient’s condition and the type of transfer requested.

Analytics Information
As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include standard information regarding your mobile device, browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. Collectively, this information is referred to as “Analytics Information.”

Data, Diagnostic & Login Information
You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Some of this Data may be stored and maintained on our servers. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).

3. Use of Information.
We may use the information we collect from you in the following ways:

Personal Information
We use this information to manage your account, to provide the Services, to maintain our transferring facilities list, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, to address issues like malicious use of the Services, and to generate aggregated transfer reports. We may also use Personal Information for limited marketing purposes, specifically, to contact you to further discuss your interest in the Services or any additional services we may provide in the future, and to send you information about us or our partners.

Billing Information
We use financial information to manage your account, to provide the Services, and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on our behalf.

Protected Health Information
In order to appropriately provide the Services, we will use and disclose Protected Health Information about your patient(s) for the purpose of coordinating the appropriate facility transfer. This information will be used solely for treatment, payment or health care operations purposes and will not be shared with third parties outside of these limited purposes. We reserve the right to use any de-identified information for purposes of data aggregation and to support our administrative, management, or other business functions.

Analytics Information
We use this information to provide you with the Services. Analytics Information may be used to support our administrative, management or other business purposes and may be used in aggregated format to generate reports for our clients. We may also use your Analytics Information in a de-identified, anonymous way in conjunction with an analytics service to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, to offer new or additional service lines and features, to monetize business intelligence, and to verify users have the authorization needed for the Services to process their requests.

Data, Diagnostic Information and Login Information
We use this information solely for the purpose of administering, supporting, and improving our Services to you. If we plan to use your Personal Information or Protected Health Information in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy.

4. Other Uses and Disclosures.
We have put in place contractual and other organizational safeguards with our partners and agents to ensure an appropriate level of protection of your Personal Information and Protected Health Information. In addition to those measures, we will not use or disclose your Personal Information or Protected Health Information to third parties without your authorization, except as specified in this Privacy Policy.

From time to time we may employ third parties to help us improve the Services. These third parties may have limited access to databases of user information or client information solely for the purpose of helping us to improve our website, mobile application, or other Services offerings and they will be subject to contractual restrictions prohibiting them from using such information in a manner contrary to law and as stated in this Privacy Policy. Such agents or third parties do not have any rights to use Personal Information or Protected Health Information beyond what is necessary to assist us.

5. Disclosure Exceptions.
We may disclose your Personal Information or Protected Health Information to third parties without your consent if required by law or otherwise permitted under HIPAA. Any disclosure of your Personal Information or Protected Health Information made under an exception will be effectuated in good faith and in accordance with law.
We may also disclose your Personal Information or Protected Health Information in connection with a merger, acquisition, corporate re-organization, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

6. Security.
The security of your Personal Information and Protected Health Information is very important to us. We use commercially reasonable efforts to store and maintain your Personal Information and Protected Health Information in a secure environment, including encryption of such information both in transit and at rest. Additionally, our databases and backups are encrypted and all connections (Client to server https, Client to server wss, server to database SSL) are encrypted to HIPAA standards. We also take technical, physical, administrative, and contractual security steps designed to protect Personal Information and Protected Health Information that you provide to us.

You are also responsible for helping to protect the security of your Personal Information and Protected Health Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services and for timely updating the Services in response to any security push notifications that we may send to you.

7. Sharing Information with Third Parties.
You may be able to share Personal Information and Protected Health Information with third parties through use of the Services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.

8. Retention.
We will keep your Personal Information and Protected Health Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, or account recovery. All retained Personal Information and Protected Health Information will remain subject to the terms of this Privacy Policy.

9. Access to Information.
You have the right to access the Personal Information and Protected Health Information we retain from you. Upon receipt of your written request, we will provide you with a copy of your Personal Information and/or Protected Health Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. This amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information, as appropriate. Having accurate Personal Information about you enables us to give you the best possible service.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to:

ATTN: PRIVACY INQUIRY | ADMIN
XFERALL, LLC
111 Congress Avenue, Suite 400
Austin, TX 78701

10. Amendment of this Privacy Policy.
We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 10 days from their posting on our website or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information and Protected Health Information that we collect from you. The date on which the latest update was made is indicated at the bottom of this Policy. We recommend that you revisit this Policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

11. Contact Us.
If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us:

Via email at: privacy@xferall.com

Via mail at:
ATTN: PRIVACY INQUIRY | ADMIN
XFERALL, LLC
111 Congress Avenue, Suite 400
Austin, TX 78701

If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures. You also have the right to file a complaint with respect to our use and disclosure of Protected Health Information to your local Regional Office of the United States Department of Health and Human Services – Office for Civil Rights.

Last Updated: October, 2022

YOUR USE OF XFERALL’S SERVICES MEANS THAT YOU ARE ACCEPTING THE PRACTICES SET FORTH IN THIS PRIVACY POLICY. WE RESERVE THE RIGHT TO MAKE CHANGES TO OUR PRIVACY POLICY BY POSTING THE NEW VERSION WITH A NEW EFFECTIVE DATE. YOUR CONTINUED USE OF OUR SERVICES INDICATES YOUR AGREEMENT TO THE CHANGES.