Effective: February 6, 2024
PERSONAL DATA WE COLLECT
YOUR RIGHTS REGARDING PERSONAL DATA
PROTECTING PERSONAL DATA
OTHER IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES
MODIFICATIONS AND UPDATES TO THIS PRIVACY NOTICE
APPLICABILITY OF THIS PRIVACY NOTICE
ADDITIONAL INFORMATION AND ASSISTANCE
Airrosti Rehab Centers, LLC (“Airrosti,” “we” or “us”) is committed to respecting the privacy rights of visitors to the websites operated by Airrosti, including without limitation www.airrosti.com (the “Site”), www.portal.airrosti.com (the “Patient Portal”), all subdomains, all social media accounts held or operated by Airrosti (collectively, the “Sites”), our apps that we may provide, the patient Airrosti Remote Recovery platform, and all clinical guidance, content, and services that we may offer from time to time (collectively, the “Services”) made available or provided from the Sites. The Patient Portal is an Internet application that enables a patient to have secure web-based access to personal medical information, as released by the treating health care provider, and allows a patient to view, among other things, past appointment information as well as schedule future appointments. This Privacy Notice explains our practices with respect to personal data we collect and process about you and is intended to comply with privacy laws applicable to Airrosti and the operation of the Site, the Patient Portal and the Services. If you have questions, comments, or concerns about this Privacy Notice or how we process your information, please see the bottom of this Privacy Notice for information about how to contact us.
Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.
2. PERSONAL DATA WE COLLECT
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.
a. Categories of Personal Data We Collect
The types of personal data we collect about you depends on your interactions with us and your use of the Services. In the past twelve (12) months, we collected the below categories of personal data from our users:
1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
2. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
3. Characteristics of protected classifications under California or federal law.
4. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
5. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
6. Geolocation data.
7. Audio, electronic, visual, thermal, olfactory, or similar information.
8. Professional or employment-related information.
9. Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
10. Personal data that is deemed “sensitive personal data,” such as, health information; sex life or sexual orientation; and account log-in details if you use our Patient Portal.
We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.
b. How We Use Your Personal Data
We collect and process your personal data for the following business and commercial purposes:
1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, and verifying customer information.
2. Managing your inquiries and communicating with you by email, mail, text message (SMS, MMS), telephone, video, push notification, and other methods of communication, to provide notifications about certain features of our Sites or the Services to measure consumer interest in our various services, and to inform you about various products and services offered on the Sites (including both our own products and the products of others). These offers may be based on information provided by you in your account settings, in surveys, from information that may indicate your preferences, as well as information available from external sources. These e-mail offers will come exclusively from Airrosti or its affiliates.
3. Providing, maintaining and improving our Services as well as to develop new products and services to be offered as part of the Services. For example, we may use personal data to analyze data, to improve our Services and to tune our outputs based on a particular individual’s patterns of usage of our Services.
4. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
6. Debugging to identify and repair errors that impair existing intended functionality.
7. Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
8. Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
9. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
10. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
c. How We Obtain Your Personal Data
We collect your personal data from the following categories of sources:
Information collected automatically includes the software and hardware attributes of the device you use to access the Services, unique device ID information, regional and language settings, performance data about the Services, network provider, and IP address (a number assigned to your device when you use the Internet). In addition, information is collected passively in the form of log files and third-party analytics (including Google Analytics) that record website activity. For example, log file entries and analytics data are generated every time you visit a particular page on our website, and track the dates and times that you use the Services, the pages you visit, the amount of time spent on specific pages, and other similar usage information, and general data (including the name of the web page from which you entered our website).
d. Who We Share Your Personal Data With
We share personal data with the following categories of third parties:
e. Personal Data We Disclose
We do not “sell” or “share” your personal data as defined by applicable privacy laws to third parties for money.
In the past twelve (12) months, we shared for a business purpose the following categories of personal data with our service providers for a business purpose:
3. YOUR RIGHTS REGARDING PERSONAL DATA
You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you.
Your rights vary depending on the laws that apply to you, but may include:
a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us, and notify us as soon as possible of any updates or corrections by sending an e-mail to our Privacy Officer at the contact address below.
Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.
b. Your California Privacy Rights
California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the Privacy Officer at the contact address below, and are free of charge. However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.
The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), provides our users who are California residents the following additional rights:
1. Right to Know: You have the right to request that we disclose certain information to you about the personal data we collected, used, disclosed, and sold about you in the past 12 months. This includes a request to know any or all of the following:
2. Data Portability: You have the right to request a copy of personal data we have collected and maintained about you in the past 12 months.
3. Right to Deletion: You have the right to request that we delete the personal data we collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal data, we may deny your request or may retain certain elements of your personal data if it is necessary for us or our service providers to:
4. Right to Correct: You have the right to correct inaccurate personal data about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate personal data about you.
5. Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:
6. Right to Restrict or Limit the Use of Sensitive Personal Data: You have the right to restrict the use and disclosure of sensitive personal data to certain purposes related to the offering of goods or services as listed in the CCPA.
To exercise your California privacy rights described above, please submit a verifiable request to us by contacting our Privacy Officer at the Contact Address below.
If you have an account with us, you can exercise any of the above rights from your profile. If you don’t have a profile or if you are unable to access, control, or delete your information from within your profile, you can contact us through any of the above methods.
Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal data.
You may only make a verifiable consumer request for Right to Know or Data Portability twice within a 12-month period. The verifiable consumer request must:
We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.
Consumer Request by an Authorized Agent
If an authorized agent submits a consumer request on your behalf, the agent must send an email to our Privacy Officer at the contact address below with proof that you gave the agent appropriate permission as required under applicable law to submit the request on your behalf. We may also require, as permitted by applicable law, that you contact address below to confirm that the agent is permitted to submit the request on your behalf.
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require to create an account with us. However, if you do have an existing login, we will require you to log in to submit a request. We will only use personal data provided in a verifiable consumer request to verify the request’s identity or authority to make the request.
We will acknowledge receipt of the request within ten (10) days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
c. Your Nevada Privacy Rights
Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to the email address below and are free of charge.
d. Your Virginia and Utah Privacy Rights
If you are located in Virginia, and Utah, you have certain rights regarding your personal data. The section describes how we collect, use, and share your Personal Data under the Virginia Consumer Data Protection Act (“VCDPA”), and the Utah Consumer Privacy Act (“UCPA”) and your rights with respect to that personal data.
As a Virginia, or Utah resident, you have some or all of the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by law. You can ask to appeal any denial of your request in the same manner through which you may submit a request.
4. YOUR CHOICES
You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
a. Communications Opt-Out. Airrosti provides its account users with an easy means to decline receiving notifications, newsletters or offers by email. We recognize the importance of providing you with the choice to “opt-out.” You can control the number of notifications sent by email by logging into your user account and changing your account preferences. If you prefer, you also can “opt-out” of receiving any email notifications by contacting our Privacy Officer at the contact address below. All e-mail offers sent by Airrosti will inform you as to how you can “opt-out” or decline receiving further e-mail offers. Please note, that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).
b. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
5. DATA RETENTION
Your personal data will be retained for fulfillment of the intended purposes for which such personal data is collected. We may also establish minimum and maximum retention periods based upon the type of information collected (i.e. sensitivity), the intended purposes, and as otherwise may be legally required.
6. PROTECTING PERSONAL DATA
Airrosti maintains reasonable and appropriate physical, technical, and organizational safeguards to ensure the security, integrity and privacy of the personal data provided by you. As part of these safeguards, we take the following steps:
However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
7. OTHER IMPORTANT INFORMATION ABOUT PERSONAL DATA AND THE SERVICES.
a. Collection of Personal Data from Children. Airrosti does not knowingly solicit data from children or knowingly market to children. Airrosti is concerned about the safety of children and their use of the Internet. Therefore, in accordance with the U.S. Children’s Online Privacy Protection Act of 1998, we do not knowingly request or solicit personally identifiable information from anyone under the age of 13 without prior verifiable parental consent. In the event that we receive actual knowledge that we have collected such personal data without the required and verifiable parental consent, we will delete that information from our database as quickly as is reasonably practical. By using the Services, you represent that you are 18 years of age or older, or are 16 years of age or older and have valid parental consent to do so.
c. HIPAA. We are dedicated to maintaining the privacy and integrity of protected health information (“PHI”) that we receive as part of your usage of the Services, including the patient Airrosti Remote Recovery platform. PHI is personal data that we receive that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of healthcare to you, or (c) your past, present or future payment for the provision of healthcare, which is created, received, transmitted or maintained by Airrosti. This Privacy Notice describes how we protect your privacy as a visitor to or general user of our Site, our app and Services. You have additional rights under federal and state law with respect to the access to, use, and disclosure of personal data that constitutes PHI. For a more complete description of your rights with respect to PHI, please refer to our HIPAA Notice of Privacy Practices, which provides important information to you about how we may use and disclose your PHI.
d. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.
e. Do Not Track. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.
f. Storage of Personal Data. Please note that any personal data collected through the Services will be stored and processed in the United States. If you are using the Services from outside the United States, by your use of the Services you acknowledge that we will transfer your data to, and store your personal data in, the United States, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States
8. MODIFICATIONS AND UPDATES TO THIS PRIVACY NOTICE
This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.
9. APPLICABILITY OF THIS PRIVACY NOTICE
This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
10. ADDITIONAL INFORMATION AND ASSISTANCE
Our Privacy Officer is accountable for Airrosti’s compliance with this Privacy Notice and applicable federal and state privacy laws. If you have any questions about Airrosti’s purposes for the collection and retention of your personal data, please contact our Privacy Officer and provide sufficient detail to permit the Privacy Officer to answer your questions and contact you.
By Mail: Airrosti Rehab Centers, LLC
Attn: Privacy Officer
111 Tower Drive, Building 1
San Antonio, Texas 78232
By Telephone: (210) 249-4877
By Facsimile: (866) 298-4032
By Email: email@example.com
In order to make the Services, and this Privacy Notice, reasonably accessible to users with disabilities, we incorporate features and functionalities that meet WAI-ARIA (Accessible Rich Internet Applications) standards, such as screen readers.