Last Updated: 2/19/2019
By using the Site, or using any of our Services, you consent to this Policy, including the provisions governing how your personal information will be handled. Your use of our Sites or Services, and any dispute over privacy, is
subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. The Abella Terms of Service are incorporated by reference into this Policy.
Our Services are made available to end users of our Services (together, “Users”), by our clients who have licensed our Services (our “Clients”); our Clients control how Users use and access the Services. Our Clients are healthcare providers, such as dental practices, that use our Services as part of their account receivables, and they own the information collected in connection with the Services.
Users are designated by Clients and include: (1) administrators of our Clients who have administrative control over invoice information such as amount due (“Administrators”); and (2) end users who are patients of our Clients (“Patients”). Both types of Users are collectively referred to as “Users” or “you” unless necessary to distinguish between the types.
Collection of Information
We may collect information directly from Users and third parties such as our Clients, as well as automatically through your use of our Site or Services. The type of information that we collect from you depends on your particular interaction with our Services, but generally includes the below information.
Account Information. The information we collect about you depends on your use of our Site.
- Administrators: Our Clients may provide us with your information such as your name and email address so that we can send you a link to register with us. When you register, you may create security questions. In addition, when you email us, call us or otherwise contact us, we maintain records about our interactions and communications with you, including the nature of the request, name and contact information.
- Patients: Your healthcare provider may provide us with your information such as your name, mobile number, email address, invoice information, and account balance information (which may include the balance due), so that you can make a payment to your healthcare provider. We collect information, including personal information, directly from you, such as your payment information when you make a payment to your account. Please note that we do not store your credit card information.
Use of Your Information
Subject to the limitations in the section on ‘Protected Health Information’ where we serve as a HIPAA business associate, we use your information, including your personal information, for the following purposes:
- Providing and Improving Our Services. To provide and maintain our Services; to improve our Services; to develop new features, products, or services; to authenticate Users; to perform technical operations, such as updating software; and for other customer service and support purposes.
- For Marketing and Communication Purposes. To communicate with you about your account and use of our Services via email, including to respond to your inquiries; to provide you with news and newsletters and other information we think may interest you, including information about third party products and services; and for other informational, marketing, or promotional purposes. For example, we may inform you of other products or services available from Abella and its affiliates. Abella may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered. Please see the Your Choices section for more information about how to change your communications preferences. We may also send you notifications by text message if you have opted in to receive them.
- Protecting Rights and Interests. To protect the safety, rights, property, or security of Abella, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity that we consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Policy or our Terms of Service.
- Legal Compliance. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
- General Business Operations. Where necessary for the administration of our general business, accounting, recordkeeping, and legal functions. As part of our routine business administration, such as employee training, compliance auditing, and similar internal activities.
- Research and Analytics. To better understand how Users access and use our Services, and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop additional products, services and features.
Sharing of Your Information
Subject to the limitations in the section on ‘Protected Health Information’ where we serve as a HIPAA business associate, our Services are provided to Users on behalf of Clients, who have engaged us to provide the Services to their Users. As such, all User information may be shared with Clients or at the direction of Clients, such as invoice details and payment information.
In general, we may also disclose your information, including your personal information, as follows:
- Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries. However, if we do so, their use and disclosure of your personal information will be subject to this Policy.
- Service Providers. We may disclose the information we collect from you to third-party vendors, third-party service providers, contractors, or agents who perform functions on our behalf.
- Business Transfers. We may disclose your information to another entity in connection with an acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer, including during negotiations related to such transactions.
- Protecting Rights and Interests. We may disclose your information to protect the safety, rights, property, or security of Abella, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity which we, in our sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity, to use as evidence in litigation, and to enforce this Policy or our Terms of Service.
- Legal Compliance. We may disclose your information to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding such as in response to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a government official.
- With Your Consent. We may disclose your information as permitted with your written consent.
- Aggregate and De-Identified Information. We may disclose aggregate, anonymous, or de-identified information about Users for marketing, advertising, research, compliance, or other purposes.
Protected Health Information
We may collect your health information while acting as a “business associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), some of which may constitute “Protected Health Information.” A “business associate” includes an entity that provides services to a HIPAA covered entity that involves the use or disclosure of Protected Health Information. If your healthcare provider, such as your dentist, qualifies as a HIPAA covered entity, we qualify it as a business associate of the healthcare provider. “Protected Health Information” as defined under HIPAA, generally means information about you that identifies you and that relates to your physical or mental health or condition, the provision of healthcare to you, or payment for healthcare provided to you. To the extent we are acting as a business associate, we will only use and disclose your information as follows:
- To fulfill our service obligations to covered entities.
- For our proper management and administration.
- To carry out our legal responsibilities.
- To aggregate data for the operations of our covered entity Clients.
- To de-identify data.
- To seek authorization from you for additional uses and disclosures of Protected Health Information.
- As required by law.
Cookies. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you verify your identity on the Abella Site, a cookie helps Abella to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses. When you return to the same Abella Site, the information you previously provided can be retrieved, so you can easily use the Abella features that you customized. Disabling Cookies. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Abella Services or Sites you visit.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities of Users of our Services, help us manage content, and compile statistics about usage of our Services. We and our third-party service providers also may use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Do-Not-Track Signals. Our Site does not respond to do-not-track signals. For more information about do-not-track signals, please click here. You may, however, disable certain tracking as discussed in the Cookies and Other Tracking Mechanisms section above (e.g., by disabling cookies).
Third-Party Sites and Services
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. Abella is not responsible for the information practices of such third-party websites.
Abella has implemented precautions to protect the information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware that no data security measures can guarantee 100% security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized password activity.
We may send periodic promotional emails to you. You may opt out of such promotional communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt out of receiving emails about recommendations or other promotional information, we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.
We may retain certain information about you as required by law or as permitted by law for legitimate business purposes. For example, if you request that we delete your information, but we believe that you have violated our Terms of Service, we may retain information about you in order to attempt to resolve the issue before deleting it.
Children Under 13
Our Services are not designed for children under 13, and we do not intentionally collect information on our Site from those we actually know are under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.
Your California Privacy Rights
Under California’s “Shine the Light” law, California residents who provide us their personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use; such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. If you are a California resident and would like to make such a request, please submit your request in writing by emailing us at email@example.com using the subject line “California Privacy Information.” In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address from which you submitted your request. Our response to you will be limited to information on covered sharing and the relevant details required by the Shine the Light law.
Changes to this Policy
This Policy is current as of the Last Updated date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change, such as via email or prominent notice on the Site.
If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at firstname.lastname@example.org. We will forward any requests from Users regarding their personal information collected on behalf of Clients to the respective Clients.