Information We Collect and Sources of the Information
Naveris may collect, store, and use personal information when it is voluntarily submitted to us by you (emails, Website review, submission of forms, correspondence, notes of telephone calls) or from activity with our Websites or Services. You may provide this information to us or it may come from your doctors or other healthcare providers when a test is ordered for you. Naveris collects data that is considered protected health information (PHI) under HIPAA and personally identifiable information (PII) as defined by state privacy laws. Further details provided below.
For compliance with the California Consumer Privacy Act (CCPA) (for California residents) and for transparency purposes, Naveris is advising you of the following categories of information that we collect:
- Category A: Personal identifiers (such as name, address, telephone number, email address, account name and medical record identifiers)
- Category B: Personal information categories listed in the CCPA (signature, name, health insurance information, financial information for payment purposes, medical information
- Category C: For employment and vendors, professional or employment-related history, performance evaluations, education, work history, credit information, bank account numbers or other financial information for payment and background checks
- Category D: Protected classification characteristics under California or federal law: age, race, marital status, medical condition, gender, military status, and genetic information
Internet or other similar network activity may be automatically collected about you and your computing device when you use, browse, and interact with our Services. Our Websites and Services collect this information in a variety of ways, including when you view a webpage, click on a link, access our mobile application, or enter data in an online form.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
How We Use Your Personal Information
Naveris will only use your personal information for the purpose for which it was collected. We may use your personal information to contact you, to provide the information to your doctors, to obtain payment for our services, to respond to your inquiries and requests and to respond to inquiries and requests from your doctors. We only collect the personal data that we need to perform our healthcare services and to obtain payment for our Services. We obtain the minimum amount necessary for our business purposes.
We may also use your personal information to provide you with customer support and to maintain and improve our Services. We may combine your information with other information about you that is available to us, including information from other sources, such as from your doctors, in order to maintain an accurate medical record of patients who receive our testing services.
De-identified, pseudonymized and anonymized data may be used for scientific research purposes related to the purpose for which we originally obtained your data. That research purpose is for the improvement and development of our products. Research data is non-personally identifiable information, so no PHI or PII (defined more specifically below) are used for research purposes.
Sharing Your Personal Information
We may occasionally hire third-party service providers to provide limited services on our behalf, such as our billing vendor. Naveris will give these service providers only the personal information they require to perform the contracted-for services, and we require such providers to agree to contractual terms to maintain the confidentiality of the information they receive.
In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose as described above (for more detail about the Categories see Information We Collect and Sources of the Information above):
- Category A: Personal identifiers
- Category B: California consumer records
- Category D: Protected classification characteristics
This information was disclosed with your consent or in providing our Services for your healthcare treatment.
We may need to access or disclose your personal information to comply with the law or legal process and to exercise our legal rights or defend against legal claims. We may share personal information and any additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, or as otherwise required by law, such as for public safety purposes. We do not use personal data for profiling or other automated decision purposes.
Selling of Personal Information
Naveris does not sell or rent your personal information for any purpose. No personal information has been sold or rented in the preceding 12 months.
For California Residents: Your Rights and Choices under CCPA
The CCPA provides California consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive your written request and verify your identity, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if any of the below exceptions exist which allow us to keep personal information. An exception applies if Naveris or service providers need to::
- Complete the transaction for which we collected the personal information, provide a good or Service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Call us at 833-628-3747
- Email us at email@example.com
You may only make a consumer request for access or data portability twice within a 12-month period. Your written request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. However, making a written request does not require you to create an account with us.
Response Timing and Format
We endeavor to respond to written requests within 45 days of their receipt. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the date of your request . The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or Services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or Services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Security of Your Personal Information
Naveris will take reasonable and appropriate precautions to protect PHI and PII from loss, misuse and unauthorized access, disclosure, alteration and destruction. It is important to remember, however, that no system can provide 100% security at all times. Accordingly, we cannot guarantee the privacy and security of information stored on or transmitted using our Services.
We have implemented physical, administrative, and technical safeguards to protect the confidentiality, integrity and availability of personal data residing on, processed by or transmitted by our servers. These safeguards include, among other things, facility and data access control, password protection, encryption of data at rest and in transit, security monitoring tools and protocols and the appointment of a Security Officer and a Privacy Officer who oversee and manage privacy and security.
Protected Health Information (PHI) and Personally Identifiable information (PII)
When generating laboratory results, receiving health information, or transmitting information to a healthcare provider, Naveris is subject to laws and regulations governing the use and disclosure of PHI, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). When collecting and storing PII, we are subject to various state privacy laws that protect PII.
PHI (personal data related to past, present or future health conditions, treatments and payments and is protected by HIPAA) will only be used or disclosed for treatment and other authorized purposes as stated in our Notice of Privacy Practices under HIPAA. PII (information that identifies you or can be linked to other information to identify you) will only be used for the purpose for which it was collected.
Certain elements of our Services and/or html email correspondence may use session cookies, persistent cookies or web beacons to anonymously track unique visitors, save website preferences, and to allow us to recognize visits from the same computer and browser. You have the option to reject some or all Website cookies on your computer and still use the Services. If you choose to reject all cookies, your access to the Website may be limited.
Aggregate Data Collection
Naveris tracks visits to our Services using visitor logs and tracking-codes to compile anonymous aggregate statistics. This aggregate information is collected service-wide, and includes anonymous website, application, and device statistics. When you browse our websites and access our applications, our system automatically collects information such as your web request, Internet Protocol (IP) address, browser type, browser language, domain names, referring and exit pages, Uniform Resource Locator (URL), platform type, location, unique device identifier, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request and one or more cookies that may uniquely identify your browser.
When you access our Services through a mobile device, we may receive or collect and store a unique identification numbers associated with your device or our mobile application (including, for example a Unique ID for Advertisers (IDFA), Google Ad ID, or Windows Advertising ID), mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and, depending on your mobile device settings, your geographical location data or similar information regarding the location of your mobile device.
Naveris uses certain third-party services and analytics providers to: (1) send you customized notifications if you have provided us your email address, (2) analyze trends, (3) administer the Services, (4) improve the design of our Services, and (5) otherwise enhance, monitor, and troubleshoot the Services we provide.
Naveris does not directly display advertisements in our applications or services.
Naveris may provide links to websites operated by third parties that are not covered by this Policy. Naveris does not maintain these sites and is not responsible for the privacy practices of sites it does not operate. We encourage you to review the privacy policies posted on those websites.
Information Access, Updates and Choice
You may choose to provide information to Naveris by completing the contact form, sending us an email, engaging with our client service team or otherwise contacting us. If you are a Naveris Portal user, you may have an opportunity to elect to receive certain communications from us. Naveris email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails, newsletters, and postal mail correspondence.
You may “opt out” of receiving communications from us related to our products and services and/or to request the removal of your contact information from our database by writing to us at the email address set forth below. However, Naveris cannot withdraw any previous disclosures made with your authorization, and we reserve the right to retain and disclose your information as permitted or required by law or regulation. You may also request access to your personal data by writing to us using the contact information below.
Do Not Track
We do not currently employ a mechanism to act upon “Do Not Track” instructions but are in the process of investigating such mechanisms.
Naveris Services are directed toward adults. We do not knowingly collect any personal information from children under the age of 13. If you are under 13, you must have permission from your parent or legal guardian before accessing or using our Services. If we become aware that we have collected any personal information from children under 13, we will promptly remove such information from our Services.
Contact Us for Questions
You can contact Naveris using our Website contact page or sending an email to one of the addresses below. We address questions and complaints about privacy and the collection or use of personal information in a timely manner. Please include your contact information and a detailed description of your request or privacy concern.
Attention: Privacy Officer
22 Strathmore Road
Natick, MA, 01760
Privacy Officer email: firstname.lastname@example.org
When we receive your correspondence, we are likely to request evidence of your identity, to ensure that your personal data and information connected with it is not provided to anyone other than to you.
If you feel that your complaint has not been addressed, you can also contact:
For HIPAA in the US: Office of Civil Rights at the Department of Health and Human Services website: www.hhs.gov/hipaa
Effective Date: May 27, 2021