Updated January 9, 2020
“Cookies” means small files stored on your computer or mobile device.
“Data Processors” (or “Service Providers”) means any natural or legal person who processes data on behalf of the Data Controller. We may use the services of various Data Processors to process your data more effectively.
“Data Subject” (or “User”) means any living individual who is using our Website and who is the subject of Personal Data.
“GDPR” or “European Law” means the European General Data Protection Regulation 2016/679.
“Usage Data” means data that is generated or collected automatically by the use of our Website or from the Website infrastructure itself (such as the duration of a page visit).
“Website” means the www.arbormetrix.com Website operated by us and all of our web pages accessed through such Website.
Personal Data and other information we collect includes:
We also collect other information including Usage Data as follows:
Our products and services are not designed for use by children and we do not specifically market to children under the age of 13 years old or knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and know that a person under age 18 has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification or parental consent, we will take steps to remove that information from our servers.
We use the collected data for various purposes:
We will also retain your Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security of our Website or to improve our Website, or we are legally obligated to retain this data for longer periods.
We may share your Personal Data with the parties set out below:
Where we process personal health information on behalf of heath care providers as a Business Associate (and/or a Data Processor), we use and disclose Personal Data, including electronic personal health information (or “ePHI”), for the purposes of providing our services and for carrying out health information processing operations in accordance with the Business Associate agreements we hold with these health care providers.
ArborMetrix strictly prohibits the selling of Personal Data we obtain through our Website, except when mandated by our legal, regulatory or contractual obligations.
We will only transfer your Personal Data to trusted third parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.
We do not share Personal Data with our affiliates or third parties for their direct marketing use.
Please note that we may use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data about our clients. These reports do not contain any information that would enable the recipient to contact, locate or identify you. These reports do not contain any identifiable company information.
When you visit our Website, use our mobile applications or correspond with us via email, we collect certain information, including Personal Data, by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons.
Cookies are small text files that Websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud.
Pixel tags and web beacons are tiny graphic images placed on Website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.
You do not have to accept cookies and your consent can be withdrawn at any time (see How to Control Cookies, below).
In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to Personal Data. For example, we use the information we collect about all Website users to optimize our Website and to understand Website traffic patterns.
Cookies set by a Website owner (in this case, ArborMetrix) are called “first party cookies”. Cookies set by parties other than the Website owner are called “third-party cookies”. Third-party cookies enable us to provide third-party features or functionality through our Website (i.e. advertising, social media functions and analytics).
A third-party vendor used by ArborMetrix is Google Analytics. For information on how Google Analytics uses data, please visit “How Google uses information from sites or apps that use our services”, located here.
How to Control Cookies:
In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser.
Please follow the links below to access helpful information for the most popular browsers:
We do not support “do not track” signals (“DNT”). If you have DNT enabled on your web browser, we do not currently respond or take any action with respect to web browser DNT signals.
In addition, you can opt-out of being targeted by many third-party advertising companies by visiting:
If you are a California resident, the California Civil Code permits you to request information relating to the sharing of certain categories of your Personal Data with third parties. If you reside in California and have provided your Personal Data to ArborMetrix, you may request information about our disclosures of certain categories of Personal Data to third parties for direct marketing purposes. Such requests can be submitted to us by email to firstname.lastname@example.org, or using the contact details provided above.
Your marketing preferences:
We may send you marketing emails regarding our Services, upcoming promotions and other information that may be of interest to you, provided you have given your consent, if required by the applicable law. If you do not wish to receive such marketing emails from us, you may use the “unsubscribe” option at the bottom of our emails to opt-out.
If you need any assistance with opting-out, please contact us using the contact details provided above.
In certain circumstances, you may have the right to request access to your Personal Data, to object to or restrict the use of your Personal Data and/or to request that incomplete, incorrect, unnecessary or outdated Personal Data is deleted or updated.
If you would like to exercise your rights or have any questions about your choices, please contact us using the contact details provided below. If you send us a letter, please provide your name, address, email address and detailed information about the Personal Data you would like to update, modify or delete or any other changes you would like to make.
We may request further information to verify your identity as part of this process.
We may deny a request for access to Personal Data if we believe that releasing such information may endanger the life or physical safety of an individual or may otherwise cause substantial harm. We will report all such requests to the appropriate law enforcement agencies.
Information we process on behalf of Health Providers:
We will not update, modify or delete any information that we process on behalf of health care providers as a Business Associate (and/or a Data Processor). Such requests should be directed to the relevant health provider as Data Controller).
Any request to access Personal Data, including ePHI, processed by ArborMetrix on behalf of a health care provider must be directed to the relevant health care provider to whom you disclosed your Personal Data including protected health information. Under no circumstances shall ArborMetrix share any Personal Data that it has received from a health care provider for processing with anyone else unless required by applicable law.
If you are a European resident, in certain circumstances you have rights under the GDPR in relation to Personal Data we hold about you—specifically the right to:
To exercise your rights, please contact us using the contact details provided above. If you send us a letter, please provide your name, address, email address and detailed information about the Personal Data you would like to update, modify or delete or any other changes you would like to make, or right you would like to exercise.
We aim to respond to requests made by you within one month but may extend that period by two further months where necessary.
We will not charge a fee for you to exercise any of the rights listed above, but reserve our right to charge a reasonable fee, or to refuse to act on requests which are manifestly unfounded or excessive.
We have implemented an information security program that contains administrative, technical, network and physical controls that are designed to safeguard your Personal Data. For example, we use industry-standard encryption technology to secure sensitive Personal Data when it is being collected and transmitted over the internet as well as firewalls, site monitoring and intrusion detection software. Please note that you should also take steps to protect yourself, especially online.
ArborMetrix is headquartered in the United States of America. Your Personal Data will be accessed by or transferred to the United States or to our affiliates and data processors within the United States. By providing your Personal Data, you consent to this transfer. We will protect the privacy and security of your Personal Data, regardless of where it is processed or stored.
339 East Liberty, Suite 210
Ann Arbor, MI 48104
REVISION DATE: January 9, 2020