Topbox

Topbox Privacy Policy

At Topbox, we take great efforts to ensure that your personal information is safe and is used properly.

This policy is intended to inform you (collectively “Consumers” or “Users”) about Topbox’s collection, use and disclosure of information that we receive through the services that we provide to our Clients and through our corporate websites, topbox.io, topboxanalytics.com and topbox.ai (“Websites”). We process your Personal Data (as defined below) subject to the terms of this policy. By using the Topbox Websites, you consent to the data practices described in this statement.

It is important to note that Topbox’s Websites and Services are operated via servers situated in the United States. If you are located outside of the United States, please be aware that any information which you or your agents supply to Topbox, including Personal Data, may be transferred to, processed, and used in the United States. By accessing and/or using Topbox’s Website and Services (as defined below), you irrevocably and unconditionally consent to the transfer, processing, and use of such information in accordance with this Privacy Policy.

Personal Data

Personal Data refers to data that personally identifies an individual such as name, physical address, email address, phone number. We may collect Personal Data from Users in a number of ways, including but not limited to, when Users visit our Websites, register on the Websites, subscribe to our content, fill out a form, and in connection with other activities, services, features or resources we make available on our Websites. Additionally, when you or someone on your behalf contacts our Clients, we may receive certain Personal Data that may be used by Topbox to provide our Services to you.

Information about your computer hardware and software may be automatically collected by Topbox. This information can include: your IP address, browser type, type of computer, internet service provider, domain names, access times and referring website addresses. This information is used for the operation of our Websites and Services, to maintain their quality, for B2B marketing, and to provide general statistics regarding use of the Topbox Websites and Services.

Topbox’s Role as a Service Provider

Topbox’s analytics software is used by our Clients to improve their customers’ experiences and improve their business operations (the “Services”). Topbox provides the Services via a hosted platform and through employees and contractors that are located in the United States. Topbox acts as a processor of data received from our Clients. Clients are responsible for managing the data that they deliver for processing using the Services. Our Clients determine the categories of Personal Data that are provided to Topbox. Topbox does not know the categories of Personal Data to be processed or the purpose of the processing unless such information is provided by its Clients or prospective clients.

Topbox relies upon our Clients to obtain any consent from consumers that may be required to authorize Topbox’s privacy practices regarding Topbox’s collection and use of the Personal Data and Protected Health Information (“PHI”) received from our Clients. Topbox is not responsible for the policies or practices of our Clients or prospective clients with respect to the Personal Data those entities collect or provide to Topbox.

Third Party Websites

Topbox encourages you to review the privacy statements of websites you choose to link to from Topbox so that you can understand how those websites collect, use and share your information. Topbox is not responsible for the privacy practices, statements or content on websites outside of the Topbox websites.

Use of Cookies

The Topbox websites may use "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Topbox Services or Websites you visit.

Topbox does not currently acknowledge or take action based on Do No Track headers.

Use and Disclosure of Protected Data

We share a commitment with Covered Entities to protect the privacy and confidentiality of PHI that we obtain subject to the terms of a Business Associate Agreement (“BAA”). PHI includes all individually identifiable health information that can be used to identify an individual and was created, used or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.

Topbox may receive PHI within the data provided by our Clients to the extent such use of PHI is permitted or required by the BAAs and not prohibited by law. We may use PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BAAs and would not violate the Privacy Rule.

In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BAAs with respect to PHI, including the implementation of reasonable and appropriate safeguards.

We may also disclose your Protected Data as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government or public authorities request.

Safeguards

We use appropriate safeguards to prevent the use or disclosure of Personal Data and PHI (collectively, “Protected Data”) other than as provided for in our BAAs. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic information that we create, receive, maintain, or transmit on behalf of our customers. Such safeguards include:

• Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;

• Providing appropriate training for our staff to assure that our staff complies with our security policies;

• Making use of appropriate encryption when transmitting Protected Data;

• Utilizing appropriate storage, backup, disposal and reuse procedures to protect Protected Data;

• Utilizing appropriate authentication and access controls to safeguard Protected Data;

• Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and

• Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the Protected Data we hold on behalf of our customers is available when needed.

However, despite our efforts, no security controls are 100% effective and Topbox cannot ensure or warrant the security of your Protected Data.

Mitigation of Harm

In the event of a use or disclosure of Protected Data that may not be consistent with the requirements of our BAAs, we will mitigate, to the extent practicable, any harmful effect resulting from such use or disclosure. Such mitigation will include:

• Reporting any security incident of which we become aware to the Covered Entity; and

• Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.

Access to Protected Health Information

As provided in our BAAs, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BAA and HIPAA regulations.

Correcting, Updating or Deleting Your Personal Data

Topbox has no direct relationship with the Consumers whose Personal Data it processes on behalf of our Clients. If you would like to access, correct, amend, or delete your user information submitted through a Client, please contact that Client directly. If the Client requests Topbox to remove the data, we will respond to their request within a reasonable timeframe.

If you would like to access, correct, amend or delete any of your personally identifiable information collected or held by Topbox, contact us using one of the methods listed in this policy. We will respond to such requests within a reasonable timeframe.

Please note that in certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.

EU-US & Swiss-US Privacy Shield Information

Topbox complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union and Switzerland to the United States, respectively. Topbox has certified to the US. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Topbox is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Topbox commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Topbox at:

Topbox Privacy Office
12000 Trailridge Drive
Potomac, Maryland 20854
privacy@topbox.io

Topbox provides recourse to you if you believe that Topbox has failed to comply with the Privacy Shield Principles regarding your Personal Data. You can contact us with details of your complaint at privacy@topbox.io. If you do not receive a response from us within 45 days or if you feel that our response to your complaint is unsatisfactory you can refer your complaint to a free, independent dispute resolution mechanism: BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. Please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Under certain conditions, you may invoke binding arbitration for complaints before the Privacy Shield Panel that have not been resolved by any other dispute resolution procedures. More information can be found here: https://www.privacyshield.gov/article?id=ANNEX-I-introduction

As a Privacy Shield Organization, Topbox is responsible for the processing of Personal Data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. These third-party agents are contractually obligated to maintain the confidentiality of your Personal Data consistent with the terms of this Privacy Policy and provide at least the same level of protection as required by the Privacy Shield Principles, as well as comply with applicable data protection laws. Where Topbox has knowledge that an agent is using or disclosing Personal Data in a manner contrary to this Privacy Policy or the Privacy Shield Principles, Topbox will take reasonable steps to prevent or stop the use or disclosure. In cases of onward transfer to third parties of Personal Data of EU individuals received pursuant to the EU-US Privacy Shield Framework, Topbox is potentially liable, unless Topbox proves that it is not responsible for the event giving rise to the damage.

Children Under 13

Topbox does not knowingly collect Personal Data from website visitors who are under the age of 13. If you believe your child has provided Personal Data, please contact us at privacy@topbox.io.

Sharing Your Personal Data

We do not sell, trade, or rent Personal Data to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us deliver the Services, operate our business and our Websites, or administer activities on our behalf, such as sending out newsletters or surveys to Topbox clients and prospects.

Opt-Out & Unsubscribe

We respect your privacy and give you an opportunity to opt-out of receiving announcements of marketing information. Users may opt-out of receiving marketing communications from Topbox at any time by contacting us at unsubscribe@topbox.io.

Changes to this Policy

Topbox will occasionally update this Privacy Policy. When we do, we will revise the updated date at the bottom of this page. Topbox encourages you to periodically review this Policy to be informed of how Topbox is protecting your information. It is your responsibility to review this privacy policy periodically and become aware of modifications.

Your Acceptance of These Terms

By using this Website, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Website. Your continued use of the Website following the posting of changes to this policy will be deemed your acceptance of those changes.

Contact Information

Topbox welcomes your questions or comments regarding this Privacy Policy. If you believe that Topbox has not adhered to this Policy or have questions about the Policy, please contact Topbox at:

Topbox Inc.
12000 Trailridge Drive
Potomac, Maryland 20854
888-588-0183
privacy@topbox.io

Effective as of July 7, 2018