Cabtera, Inc. ("Cabtera", "we", "us" and "our" throughout) recognizes the need for appropriate protections and management of information that you provide to us and we intend to create trust with you ("you" and "your" throughout), as either a visitor to one of our websites (each and collectively the "Site(s)") or as an eventual customer respecting our services offerings ("Services").
To that end, we have tried to describe in clear and brief terms:
During your Site visits or use of our Services, we access and collect the following Data generally:
In connection with collection of the above Data:
We will collect Known Data when you visit our Site(s) and either provide it to us or opt-in or consent to automated collection via third-party source. We will collect Known Data when you access and use our Services via registration and subsequent log-in. Such information may, and likely will, include your full name, e-mail address, billing and/or contact physical address, security question (and answer), credit card or other payment information, and a password.
We may, and likely will, also collect Anonymous Data using an analytics tool or service during your Site visits or use of Services, to help us analyze how you use the Sites and Services. The result of the analysis will be used to improve our Sites and Services, and may be shared with third parties as set forth below.
Use of analytics generally involves using "cookies", which are small text files placed on your computer to collect standard internet log information and visitor behavior in an anonymous form. Anonymous Data generated by the cookies about your use of the Sites or Services may, and likely will, include IP addresses, the URL from which you linked into our site, and your browser type and version.
Your IP address is collected purely and solely to determine geographic location of visits for metrics analysis as described below, and will not be disclosed so that any person or entity may locate you.
For metrics analysis, Anonymous Data may be transmitted to one or more third party service providers (e.g. but not limited to: Google/RocketFuel, etc.). The Data may then be processed to compile statistical reports on Site or Service activity. We may use reports from such analysis to evaluate aggregate visitor usage to optimize content or delivery of Services, or extend or serve ads or offers where applicable.
We will link, or seek to link, an IP address with a particular computer or user only for providing optimized Services to users (e.g. and without limitation for routing to the nearest data center to provide better access and performance, enabling an audit log of shared links use, and for data security). We will not associate any Data gathered from Site visits or use of Services with any PII from any source, unless you explicitly submit that information for that purpose (i.e. for later location and service back to you of such Data). We will not associate your IP address with any other Anonymous or Known Data, except to provide the contracted Services to you.
In addition to the collection and use described above, we will use, process and store Data only to provide a relevant and quality Site visit experience to you, and performance of quality Services to you.
For Cabtera to provide Services to you, your Data may be transferred between AWS and Cabtera's corporate proprietary systems co-located in the United States and Netherlands. We also use other trusted third party payment, transcription, co-location and/or hosting companies, and require that they demonstrate General Data Protection Regulation (GDPR) compliance, certification by a data security standards body, or sufficient demonstration of their security structures and practices that are in satisfaction of such guidelines and standards.
One exception to such limited use and sharing is that we must comply with the valid legal process of a court or law enforcement agency, including without limitation the Federal Bureau of Investigation. We will give notice of all court or law enforcement requests when legally and time-permitted. We shall have no liability for information provided to a court or law enforcement agency.
For us to use and process most Data, we must transfer it between our various locations and our corporate headquarters and office locations, which are noted on our Sites and in our Services Agreements. We represent that we use industry standard security measures appropriate to our size and operations, including without limitation: use of firewalls and VPNs; separation of corporate and datacenter networks, encryption of files in transit and at rest; password encryption, etc. In addition, medical information provided via a health care provider will be collected and processed according to Business Associate Agreements for HIPAA (Health Information Portability and Accountability Act) compliance, with terms materially compliant to the model form drafted by the U.S. Department of Health and Human Services, at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html.
Deletion of Personal Data
Cabtera application allows individual information to be searched across the entire system (based on permissions) and data to be easily deleted. Cabtera application allows for deletion of user data such as uploaded files and user details. Files are deleted permanently from our storage systems after users delete files from recycle bin. Deleted files cannot be recovered. Separately, Database and log file backups are retained for 90 days for auditing purposes. After 90 day retention period database and log files are permanently deleted. In addition, users can request permanent deletion of data by contacting email@example.com.
Access to Personal Data
Access to files and documents is retricted to authorised individual logins and only these individuals with permissions can access data. Extensive activity logging allows the review of who has accessed documents taking a log of the time and action such as sharing, downloading, uploading, deleting or modifying.
Right to move/copy Personal Data
Cabtera application allows users to download their audit history. Uploaded files can be downloaded as individual files or in bulk as zip files.
Healthcare Data and HIPAA Compliance
Medical information stored and retrieved in our systems by healthcare providers will be collected and processed according to Business Associate Agreements for HIPAA (Health Information Portability and Accountability Act) compliance. If you will be using your account to store and process healthcare information, please review our HIPAA Business Associate Agreement and proceed only if you agree with the Business Associate Agreement. The terms of our Business Associate Agreement are materially compliant to the model form drafted by the U.S. Department of Health and Human Services, at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html.
Publication/Effective Date: May 23, 2018