Privacy policies

This Privacy Policy is issued on behalf of Xyla Health, LLC. (“we”, “us” or “our”), a part of the Acacium Group.

This Privacy Policy details what personal data is collected, used, stored and safeguarded, provides certain information that is legally required and lists your rights in relation to your Personal Information. 

This Privacy Policy relates to Personal Information that identifies “you” in the circumstances set out below. This Privacy Policy does not apply to information collected by third parties that are not part of our Services. Please read this Privacy Policy to understand our privacy practices and email us if you have questions. 

What information do we collect?

Xyla Health, LLC. may collect Personal Information that is considered Protected Health Information (“PHI”) as defined and regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA).  We comply with all applicable HIPAA regulations Xyla Health HIPAA Notice This information is collected to provide you with personalized and effective healthcare services.

We collect information that can identify an individual or relates to an identifiable individual (“Personal Information”) to provide services to you, our clients, and candidates and to operate our business. The type of Personal Information we collect depends on the situation. We collect Personal Information by different methods depending on whether the individual is a patient, candidate, client, supplier, vendor, or website user.

The following provides examples of the type of information that we collect in a variety of contexts and how we use that information.

ContextTypes of Information
(Examples)
Primary Purpose for Collection
and Use
Account RegistrationWe collect your name and contact information when you create an account. We also collect information relating to the actions that you perform while logged into your account.To administer your account and communicate with you about your account.
Client InformationWe collect the name and work contact information of our clients and their employees with whom we may interact.To manage our business relationships and conduct normal business administration.
Cookies and First-Party Tracking        We use cookies and similar technologies when you interact with our websites and applications. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. For information, please see the “Cookies” section below.We use cookies for a number of reasons, such as: to serve you with relevant advertisingto learn more about the way you interact with our contenthelp us improve your experience when visiting our websitesto remember your preferencesto identify errors and resolve themto analyze how well our websites are performing
Cookies and Third-Party TrackingWe may place tracking technology on our website that collects analytics, records how you interact with our website, or allows us to participate in behaviour-based advertising. This means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can report analytics to us or provide advertising about products and services tailored to your interests. That third party might also collect information over time and across different websites to serve advertisements on our website or other websites. For information, please see the “Cookies” section below.To deliver advertisements and content relevant to your interests.
Email InterconnectivityIf you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.To understand how you interact with our communications to you.
Inquiries, Comments, and FeedbackIf you contact us, we collect your name and contact information, as well as any other content that you send to us.To respond to or follow-up on your comments, reviews, inquiries and other requests.
Mailing ListWhen you sign up for one of our mailing lists we collect your name, email address or postal address, as well as other relevant information.To send you newsletters, special offers or other marketing communications we think will be of interest to you or for which you have requested information.
Mobile Devices / Mobile ApplicationsWe collect information from your mobile device such as unique identifying information broadcast from your device when you visit our website or use our mobile apps. This information includes usage data, such as the date and time the application on your device accesses our servers and what information and files have been downloaded to the application based on your device number.To understand how you interact with our mobile apps to better improve them.
Protected Health Information (PHI)Any of the below pieces of information accompanied by health data is considered PHI. Name; Address; Dates related to an individual (birthdate, admission date, discharge date, death date); phone numbers; social security number; Medical record number; Biometric identifiers; Device identifiers, Physical or mental disabilities, family or individual health history, health records, blood type, DNA code, prescriptionsThis information is vital for analyzing and providing individuals with disease and health risk outcomes.
Personal Information (PI)Name, age, place of birth, date of birth, gender, weight, height, eye color, hair color, fingerprint, Health IDs, Social Insurance Numbers (SIN), Social Security Numbers (SSN), PIN numbers, debit and credit card numbers, Race, color, national or ethnic origin,
WebsiteWe use cookies and similar technologies to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.To understand how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful.
Web LogsWe collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.To monitor activities and trends and understand which of our services is most popular.

How do we collect your information?

  • We collect information about you in a variety of ways depending on how you interact with us and our websites, mobile applications, and services, including:
  • We collect and use your personal information from third parties and integration partners to assist customers when you permit these third parties to send you surveys or assessments, share your information with us, or when you have made that information publicly available online.
  • We may also collect additional Personal Information or Protected Health Information related to Your health if You are responding to an assessment or survey, including, but not limited to, the following categories: Physical activity and movement data; Medications and prescriptions; Cognitive assessment data; Health conditions or diseases; Insurance information and Eating habits and nutrition. Please refer to our HIPAA Notice for more information on how your Health information may be used and disclosed.
  • Directly from you when provide it to us, such as in your resume and cover letter, or an application form, through the interactions between us including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our website, by post, through social media or face-to-face (such as in a Recruitment fair or an initial interview).
  • Automatically through the use of cookies, server logs, and other similar technologies when you interact with our website, mobile applications, and emails.
  • From other sources, including, for example, our affiliates, business partners, service providers, and other third parties, or from publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.

How do we use your information?

Xyla Health, LLC. uses the Personal Information it collects in several ways. We collect, process, or disclose your Personal Information for our legitimate business purposes, including:

  • To provide our services to patients, clients, candidates, or web users or fulfill our contractual obligations.
  • Analyze assessment use and responses.
  • To provide You with information, recommendations, and personalization.
  • To maintain our business relationships.
  • To market events, promotions, competitions, webinars, reports, our services, news, or relevant industry updates. Depending on your jurisdiction, we may be required to give you an option to “opt-in,” and we will always provide you with an option to “opt-out” with each marketing communication.
  • As required by law or regulation.
  • For our business purposes, such as data analysis, audits, fraud monitoring, and prevention.
  • To develop new products, services, and offerings, or to enhance, improve or modify our products and services.
  • To respond to your inquiries, verify your information, or to share information with you.
  • To send you important administrative information.
  • For other business purposes, including:
    • Audits
    • Internal communication regarding candidates and clients
    • Determining the effectiveness of our promotional activities
    • Administering our services
    • Managing our contractual relationships
    • Data analysis for thought leadership materials (any published product will refer only to larger aggregations of individuals and will not identify you personally or include any results attributable to you. We will obtain your consent if we wish to identify you in thought leadership materials).
    • Research, publication, development, benchmarking, validation, trend analysis to develop and market new services.

Xyla Health, LLC. sends informational emails, articles, white papers, proposals, engagement letters, and information regarding our services. To the extent we maintain and use personal information in a deidentified form, we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations.

Why might we share your information with third parties?

In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:

  • Affiliates and Acquisitions. We may share your Personal Information with our affiliates in the Acacium Group for the purposes outlined in this Privacy Policy. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
  • Clients. We may share your Personal Information with a specific Client if you have requested that we do so to make an application.
  • Service Providers.  We may share your information with third-party service providers, including some service providers who are based in foreign countries. Among other things, service providers may help us to administer our website, conduct surveys, provide technical support, conduct research and analysis, and otherwise support our business operations. All our third-party service providers and other entities in the Acacium Group are required to take appropriate security measures to protect your Personal Information. We do not allow our third-party service providers to use your Personal Information for their own purposes. We only permit them to process your Personal Information for specified purposes and in accordance with our instructions.
  • Legal Process. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, to comply with relevant laws, or to respond to requests from public and government authorities. We may also share your information to enforce our terms and conditions, to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or act regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, and to protect our operations or those of any of our affiliates.
  • Other Disclosures with Your Consent. We may disclose your information to other third parties when we have your consent or direction to do so.

International Transfers

As a multi-national company, we transmit information between and among our affiliates. We also maintain relationships with service providers who are based in foreign countries. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat Personal Information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your Personal Information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.

How do we safeguard your information?

The privacy and security of PI/PHI is a top priority. We take the issue of privacy very seriously and we are working hard to ensure your trust in Xyla and the services we provide. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

If we are required by law to inform you of a breach to your Personal Information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

How long do we keep your information for?

We will retain your personal information for as long as required to provide services or complete the transaction also after you no longer wish to be registered with us, or if you have been appointed into a role with a client.

We retain your personal information so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations that may apply in a particular jurisdiction.

Cookies

You can set your browser to refuse some or all cookies, or to indicate when a cookie is being sent to your computer. However, this may prevent our websites or services from working properly. You can also set your browser to delete cookies every time you finish browsing. For more information about how to manage browser cookies, please follow the instructions provided by your browser.

Communications Opt-Out

We may periodically send you messages, including newsletters, notifications of your account statuses, and marketing communications. All such material will have information on how to opt out of receiving those messages. However, specific messages (such as a secure message sent by a doctor or an account status update via the Portal) may be required as part of the services and will not have opt-out capabilities.

Additional Information for California Residents

If you are a California resident, the following privacy disclosures apply to you in addition to the rest of the Privacy Policy. For purposes of this section, “Personal Information” means information that identifies, relates to, describes, and is reasonably capable of being associated with, or could be linked, directly or indirectly, with a particular individual or household.

Categories of Information We Collect, Use, and Disclose

The chart below describes the categories of Personal Information we collect, disclose for a business purpose, and “share” for purposes of cross-context behavioral advertising (as those terms are defined by California law). Please note, in addition to the recipients identified below, we may disclose any of the categories of Personal Information we collect with government entities, as may be needed to comply with law or prevent illegal activity. We do not “sell” your Personal Information for money. As discussed elsewhere in the Privacy Policy, we use cookies and similar tracking technologies for purposes of targeted advertising.

Category of Personal InformationCategory of Recipients
Disclosures for a Business PurposeSharing for Cross-Context Behavioural Advertising
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers.Affiliates or subsidiariesInternet service providersOperating systems and platformsOther Service ProvidersProfessional services organizations, this may include auditors and law firms  Advertising networks  
Government Issued Identification – this may include social security number,driver’s license number, or state issued identification number, passport number.Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms 
Financial Information – this may include bank account number, credit card number, debit card number, and other financial information.Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms 
Health Related Information – this may include medical information, mental or physical condition or treatment, or health insurance information.Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms 
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical, or mental handicap, etc.Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms 
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Affiliates or subsidiariesService Providers Professional services organizations, this may include auditors and law firms 
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.Service Providers  Advertising networks  
Geolocation dataService Providers   
Audio, electronic, visual, thermal, olfactory, or similar informationService Providers   
Professional or employment-related informationAffiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms 
Inferences drawn from any of the information listed aboveAffiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firmsAdvertising networks  
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, insurance policy number.Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms 

California Sensitive Information Disclosure

We may collect the following categories of sensitive Personal Information (as defined under California law): social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; health-related information; information concerning sex life or sexual orientation.

Your California Privacy Rights

California residents have the following rights:

  • Access to Your Information. You may request access to your Personal Information, including a copy of the information we have about you.
  • Deletion of Your Information. You may request that we delete your Personal Information, subject to certain exceptions.
  • Correction of Your Information. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.
  • Opt Out of Sharing of Your Information for Purposes of Cross-Context Behavioural Advertising. We do not participate in cross-context behavioural advertising.

Please note, not all the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.

If you would like to exercise any of these rights, please send an email with the subject line, “California Privacy Rights” to Privacy.Team@acaciumgroup.com  or call us at (866) 877-1514.

To protect your information, we must be able to verify your identity before we can process your request to exercise any of the foregoing privacy rights. We may conduct the verification process by email or phone, and we may ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship with us.

California residents may designate an authorized agent to submit requests to exercise certain privacy rights on their behalf. If you are an authorized agent submitting a request on behalf of a California resident, you must provide us with a copy of the signed permission you have been given indicating that you are able to act on that person’s behalf.

“Do Not Track” disclosure.

We do not currently recognize the “Do Not Track” signal.

Contact Us

If you have any questions or concerns about this Privacy Policy or the information practices of our Services, please email us Privacy.Team@acaciumgroup.com  or call us at (866) 877-1514.

You may also write us at:

Xyla Health, LLC.

Attention: Privacy Office

9800 Metcalf Ave, Suite 400

Overland Park, KS 66212

If you need to access this Privacy Policy in an alternative format due to having a disability, please contact us at the appropriate address above.

Changes to Privacy Policy

Xyla Health, LLC. may change this Privacy Policy from time to time due to changes in relevant law or our business practices. When changes are made to this Privacy Policy, we will post the changes on this website, and they will become immediately effective when posted. You can check the “Last Updated” legend at the bottom of this page to see when this Privacy Policy was last revised.

Last updated and effective date: September 13, 2024