Updated January 9, 2020
This Privacy Policy explains the online information practices of ArborMetrix, Inc. (“ArborMetrix”, “we” or “us”) and your choices regarding Personal Data that you submit to us or we collect:
This Privacy Policy describes how your Personal Data (defined below) is collected, processed, and shared. We also describe how your information will be secured, and your rights regarding this information. Finally, we outline how you can reach us to update your information, remove your information from our systems, or inquire about any of our privacy policies.
We may update or modify this Privacy Policy at any time at our discretion in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make changes that affect how we use your Personal Data that we have previously gathered, we will provide you with information about those changes and obtain your consent either through posting on our Website or an email to your registered email address.
It is important that you read this Privacy Policy together with any other notice or statement we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your information. This Privacy Policy supplements other notices and statements that we may provide and is not intended to override them.
THIS PRIVACY POLICY DOES NOT APPLY TO YOUR PROTECTED HEALTH INFORMATION. “Protected Health Information” is information that is protected by the U.S. Health Insurance Portability and Accountability Act of 1996 and related laws and regulations (“HIPAA”). We may receive your Protected Health Information (including “ePHI” or electronic personal health information) when we, for example, perform services on behalf of health care providers in the course of our business. Protected Health Information is not handled in accordance with this Privacy Policy and is governed by HIPAA together with any Notice of Privacy Practices for Protected Health Information of your health care provider.
We are not responsible for any information collected by social networks on which we maintain a social media presence. These include, but are not limited to, Facebook, Google, Twitter, and LinkedIn. Each social network has its own privacy policy and it should be read before creating an account on the network. We are not responsible for any marketing or retargeting performed by a social network after you have visited our pages.
The following terms as used in this Privacy Policy have the meanings set forth in this Section:
“Cookies” means small files stored on your computer or mobile device.
“Data Controller” means the natural or legal person who (alone or jointly) determines the purposes for which and the manner in which any Personal Data is, will be, or may be processed. For purposes of this Privacy Policy, we are a Data Controller of your Personal Data.
“Data Processors” (or “Service Providers”) means any natural or legal person who processes data on behalf of the Data Controller. We may use the services of various Data Processors to process your data more effectively.
“Data Subject” (or “User”) means any living individual who is using our Website and who is the subject of Personal Data.
“GDPR” or “European Law” means the European General Data Protection Regulation 2016/679.
“Personal Data” means data about a living individual who can be identified from the data we collect or from other information or data likely to come into our possession. For purposes of our Privacy Policy, “Personal Data” includes “Personally Identifiable Information” or “PII” as described in US privacy and information security laws.
“Usage Data” means data that is generated or collected automatically by the use of our Website or from the Website infrastructure itself (such as the duration of a page visit).
“Website” means the www.arbormetrix.com Website operated by us and all of our web pages accessed through such Website.
Personal Data and other information we collect includes:
We also collect other information including Usage Data as follows:
Our products and services are not designed for use by children and we do not specifically market to children under the age of 13 years old or knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and know that a person under age 18 has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification or parental consent, we will take steps to remove that information from our servers.
We use the collected data for various purposes:
If you are based in Europe, we will only process your Personal Data for a purpose described in this Privacy Policy if: (1) (2) the processing is necessary for the performance of a contract we are about to enter into or have entered into with you; (3) we are required by law to do so; or (4) the processing is necessary for the purposes of our legitimate commercial interests (except where such interests are overridden by your rights and interests).
We retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example if we are required to retain your data to comply with applicable law), resolve disputes and enforce our legal agreements and policies.
We will also retain your Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security of our Website or to improve our Website, or we are legally obligated to retain this data for longer periods.
We may share your Personal Data with the parties set out below:
Where we process personal health information on behalf of heath care providers as a Business Associate (and/or a Data Processor), we use and disclose Personal Data, including electronic personal health information (or “ePHI”), for the purposes of providing our services and for carrying out health information processing operations in accordance with the Business Associate agreements we hold with these health care providers.
ArborMetrix strictly prohibits the selling of Personal Data we obtain through our Website, except when mandated by our legal, regulatory or contractual obligations.
We will only transfer your Personal Data to trusted third parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
We do not share Personal Data with our affiliates or third parties for their direct marketing use.
Please note that we may use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data about our clients. These reports do not contain any information that would enable the recipient to contact, locate or identify you. These reports do not contain any identifiable company information.
Our Use of Cookies:
When you visit our Website, use our mobile applications or correspond with us via email, we collect certain information, including Personal Data, by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons.
Cookies are small text files that Websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud.
Pixel tags and web beacons are tiny graphic images placed on Website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.
You do not have to accept cookies and your consent can be withdrawn at any time (see How to Control Cookies, below).
In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Data. For example, we use the information we collect about all Website users to optimize our Website and to understand Website traffic patterns.
In some cases, we do associate the information we collect using cookies and other technology with your Personal Data. This Privacy Policy applies to the information we collect using cookies when we associate it with your Personal Data
Third-Party Cookies:
Cookies set by a Website owner (in this case, ArborMetrix) are called “first party cookies”. Cookies set by parties other than the Website owner are called “third-party cookies”. Third-party cookies enable us to provide third-party features or functionality through our Website (i.e. advertising, social media functions and analytics).
ArborMetrix has relationships with third-party advertising companies to place advertisements on our Website and to perform tracking and reporting functions for our Website. These third-party advertising companies may place cookies on your device when you visit our Website so they can display targeted advertisements to you. This Privacy Policy does not cover the collection methods or use of the information collected by these vendors.
A third-party vendor used by ArborMetrix is Google Analytics. For information on how Google Analytics uses data, please visit “How Google uses information from sites or apps that use our services”, located here.
How to Control Cookies:
In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser.
Please follow the links below to access helpful information for the most popular browsers:
We do not support “do not track” signals (“DNT”). If you have DNT enabled on your web browser, we do not currently respond or take any action with respect to web browser DNT signals.
In some cases, we do associate the information we collect using cookies and other technology with your Personal Data. This Privacy Policy applies to the information when we associate it with your Personal Data.
In addition, you can opt-out of being targeted by many third-party advertising companies by visiting:
If you are a California resident, the California Civil Code permits you to request information relating to the sharing of certain categories of your Personal Data with third parties. If you reside in California and have provided your Personal Data to ArborMetrix, you may request information about our disclosures of certain categories of Personal Data to third parties for direct marketing purposes. Such requests can be submitted to us by email to info@arbormetrix.com, or using the contact details provided above.
Your marketing preferences:
We may send you marketing emails regarding our Services, upcoming promotions and other information that may be of interest to you, provided you have given your consent, if required by the applicable law. If you do not wish to receive such marketing emails from us, you may use the “unsubscribe” option at the bottom of our emails to opt-out.
If you need any assistance with opting-out, please contact us using the contact details provided above.
Your rights:
In certain circumstances, you may have the right to request access to your Personal Data, to object to or restrict the use of your Personal Data and/or to request that incomplete, incorrect, unnecessary or outdated Personal Data is deleted or updated.
If you would like to exercise your rights or have any questions about your choices, please contact us using the contact details provided below. If you send us a letter, please provide your name, address, email address and detailed information about the Personal Data you would like to update, modify or delete or any other changes you would like to make.
We may request further information to verify your identity as part of this process.
We may deny a request for access to Personal Data if we believe that releasing such information may endanger the life or physical safety of an individual or may otherwise cause substantial harm. We will report all such requests to the appropriate law enforcement agencies.
Information we process on behalf of Health Providers:
We will not update, modify or delete any information that we process on behalf of health care providers as a Business Associate (and/or a Data Processor). Such requests should be directed to the relevant health provider as Data Controller).
Any request to access Personal Data, including ePHI, processed by ArborMetrix on behalf of a health care provider must be directed to the relevant health care provider to whom you disclosed your Personal Data including protected health information. Under no circumstances shall ArborMetrix share any Personal Data that it has received from a health care provider for processing with anyone else unless required by applicable law.
If you are a European resident, in certain circumstances you have rights under the GDPR in relation to Personal Data we hold about you—specifically the right to:
To exercise your rights, please contact us using the contact details provided above. If you send us a letter, please provide your name, address, email address and detailed information about the Personal Data you would like to update, modify or delete or any other changes you would like to make, or right you would like to exercise.
We aim to respond to requests made by you within one month but may extend that period by two further months where necessary.
We will not charge a fee for you to exercise any of the rights listed above, but reserve our right to charge a reasonable fee, or to refuse to act on requests which are manifestly unfounded or excessive.
Where you believe that we have not complied with our obligation under this Privacy Policy or European data protection law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK’s Information Commissioner’s Office.
We have implemented an information security program that contains administrative, technical, network and physical controls that are designed to safeguard your Personal Data. For example, we use industry-standard encryption technology to secure sensitive Personal Data when it is being collected and transmitted over the internet as well as firewalls, site monitoring and intrusion detection software. Please note that you should also take steps to protect yourself, especially online.
ArborMetrix is headquartered in the United States of America. Your Personal Data will be accessed by or transferred to the United States or to our affiliates and data processors within the United States. By providing your Personal Data, you consent to this transfer. We will protect the privacy and security of your Personal Data, regardless of where it is processed or stored.
Our Website may include links to third-party Websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party Websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every Website you visit.
If there are any questions regarding this privacy policy, you may contact us using the information below:
ArborMetrix, Inc.
339 East Liberty, Suite 210
Ann Arbor, MI 48104
734-661-7944
REVISION DATE: January 9, 2020