This Privacy Policy is issued on behalf of Xyla Health, LLC. (“we”, “us” or “our”), a part of the Acacium Group.
This Privacy Policy details what personal data is collected, used, stored and safeguarded, provides certain information that is legally required and lists your rights in relation to your Personal Information.
This Privacy Policy relates to Personal Information that identifies “you” in the circumstances set out below. This Privacy Policy does not apply to information collected by third parties that are not part of our Services. Please read this Privacy Policy to understand our privacy practices and email us if you have questions.
What information do we collect?
Xyla Health, LLC. may collect Personal Information that is considered Protected Health Information (“PHI”) as defined and regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA). We comply with all applicable HIPAA regulations Xyla Health HIPAA Notice This information is collected to provide you with personalized and effective healthcare services.
We collect information that can identify an individual or relates to an identifiable individual (“Personal Information”) to provide services to you, our clients, and candidates and to operate our business. The type of Personal Information we collect depends on the situation. We collect Personal Information by different methods depending on whether the individual is a patient, candidate, client, supplier, vendor, or website user.
The following provides examples of the type of information that we collect in a variety of contexts and how we use that information.
Context | Types of Information (Examples) | Primary Purpose for Collection and Use |
Account Registration | We collect your name and contact information when you create an account. We also collect information relating to the actions that you perform while logged into your account. | To administer your account and communicate with you about your account. |
Client Information | We collect the name and work contact information of our clients and their employees with whom we may interact. | To manage our business relationships and conduct normal business administration. |
Cookies and First-Party Tracking | We use cookies and similar technologies when you interact with our websites and applications. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed. For information, please see the “Cookies” section below. | We use cookies for a number of reasons, such as: to serve you with relevant advertisingto learn more about the way you interact with our contenthelp us improve your experience when visiting our websitesto remember your preferencesto identify errors and resolve themto analyze how well our websites are performing |
Cookies and Third-Party Tracking | We may place tracking technology on our website that collects analytics, records how you interact with our website, or allows us to participate in behaviour-based advertising. This means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can report analytics to us or provide advertising about products and services tailored to your interests. That third party might also collect information over time and across different websites to serve advertisements on our website or other websites. For information, please see the “Cookies” section below. | To deliver advertisements and content relevant to your interests. |
Email Interconnectivity | If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. | To understand how you interact with our communications to you. |
Inquiries, Comments, and Feedback | If you contact us, we collect your name and contact information, as well as any other content that you send to us. | To respond to or follow-up on your comments, reviews, inquiries and other requests. |
Mailing List | When you sign up for one of our mailing lists we collect your name, email address or postal address, as well as other relevant information. | To send you newsletters, special offers or other marketing communications we think will be of interest to you or for which you have requested information. |
Mobile Devices / Mobile Applications | We collect information from your mobile device such as unique identifying information broadcast from your device when you visit our website or use our mobile apps. This information includes usage data, such as the date and time the application on your device accesses our servers and what information and files have been downloaded to the application based on your device number. | To understand how you interact with our mobile apps to better improve them. |
Protected Health Information (PHI) | Any of the below pieces of information accompanied by health data is considered PHI. Name; Address; Dates related to an individual (birthdate, admission date, discharge date, death date); phone numbers; social security number; Medical record number; Biometric identifiers; Device identifiers, Physical or mental disabilities, family or individual health history, health records, blood type, DNA code, prescriptions | This information is vital for analyzing and providing individuals with disease and health risk outcomes. |
Personal Information (PI) | Name, age, place of birth, date of birth, gender, weight, height, eye color, hair color, fingerprint, Health IDs, Social Insurance Numbers (SIN), Social Security Numbers (SSN), PIN numbers, debit and credit card numbers, Race, color, national or ethnic origin, | |
Website | We use cookies and similar technologies to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. | To understand how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. |
Web Logs | We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. | To monitor activities and trends and understand which of our services is most popular. |
How do we collect your information?
How do we use your information?
Xyla Health, LLC. uses the Personal Information it collects in several ways. We collect, process, or disclose your Personal Information for our legitimate business purposes, including:
Xyla Health, LLC. sends informational emails, articles, white papers, proposals, engagement letters, and information regarding our services. To the extent we maintain and use personal information in a deidentified form, we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations.
Why might we share your information with third parties?
In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:
International Transfers
As a multi-national company, we transmit information between and among our affiliates. We also maintain relationships with service providers who are based in foreign countries. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat Personal Information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your Personal Information to us you agree to the transfer, storage and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below.
How do we safeguard your information?
The privacy and security of PI/PHI is a top priority. We take the issue of privacy very seriously and we are working hard to ensure your trust in Xyla and the services we provide. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
If we are required by law to inform you of a breach to your Personal Information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
How long do we keep your information for?
We will retain your personal information for as long as required to provide services or complete the transaction also after you no longer wish to be registered with us, or if you have been appointed into a role with a client.
We retain your personal information so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy or applicable laws and regulations that may apply in a particular jurisdiction.
Cookies
You can set your browser to refuse some or all cookies, or to indicate when a cookie is being sent to your computer. However, this may prevent our websites or services from working properly. You can also set your browser to delete cookies every time you finish browsing. For more information about how to manage browser cookies, please follow the instructions provided by your browser.
Communications Opt-Out
We may periodically send you messages, including newsletters, notifications of your account statuses, and marketing communications. All such material will have information on how to opt out of receiving those messages. However, specific messages (such as a secure message sent by a doctor or an account status update via the Portal) may be required as part of the services and will not have opt-out capabilities.
Additional Information for California Residents
If you are a California resident, the following privacy disclosures apply to you in addition to the rest of the Privacy Policy. For purposes of this section, “Personal Information” means information that identifies, relates to, describes, and is reasonably capable of being associated with, or could be linked, directly or indirectly, with a particular individual or household.
Categories of Information We Collect, Use, and Disclose
The chart below describes the categories of Personal Information we collect, disclose for a business purpose, and “share” for purposes of cross-context behavioral advertising (as those terms are defined by California law). Please note, in addition to the recipients identified below, we may disclose any of the categories of Personal Information we collect with government entities, as may be needed to comply with law or prevent illegal activity. We do not “sell” your Personal Information for money. As discussed elsewhere in the Privacy Policy, we use cookies and similar tracking technologies for purposes of targeted advertising.
Category of Personal Information | Category of Recipients | |
Disclosures for a Business Purpose | Sharing for Cross-Context Behavioural Advertising | |
Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers. | Affiliates or subsidiariesInternet service providersOperating systems and platformsOther Service ProvidersProfessional services organizations, this may include auditors and law firms | Advertising networks |
Government Issued Identification – this may include social security number,driver’s license number, or state issued identification number, passport number. | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms | |
Financial Information – this may include bank account number, credit card number, debit card number, and other financial information. | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms | |
Health Related Information – this may include medical information, mental or physical condition or treatment, or health insurance information. | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms | |
Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical, or mental handicap, etc. | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms | |
Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Affiliates or subsidiariesService Providers Professional services organizations, this may include auditors and law firms | |
Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement. | Service Providers | Advertising networks |
Geolocation data | Service Providers | |
Audio, electronic, visual, thermal, olfactory, or similar information | Service Providers | |
Professional or employment-related information | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms | |
Inferences drawn from any of the information listed above | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms | Advertising networks |
Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, insurance policy number. | Affiliates or subsidiariesService ProvidersProfessional services organizations, this may include auditors and law firms |
California Sensitive Information Disclosure
We may collect the following categories of sensitive Personal Information (as defined under California law): social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; health-related information; information concerning sex life or sexual orientation.
Your California Privacy Rights
California residents have the following rights:
Please note, not all the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.
If you would like to exercise any of these rights, please send an email with the subject line, “California Privacy Rights” to Privacy.Team@acaciumgroup.com or call us at (866) 877-1514.
To protect your information, we must be able to verify your identity before we can process your request to exercise any of the foregoing privacy rights. We may conduct the verification process by email or phone, and we may ask you to provide information such as your name, contact information, and any additional relevant information based on your relationship with us.
California residents may designate an authorized agent to submit requests to exercise certain privacy rights on their behalf. If you are an authorized agent submitting a request on behalf of a California resident, you must provide us with a copy of the signed permission you have been given indicating that you are able to act on that person’s behalf.
“Do Not Track” disclosure.
We do not currently recognize the “Do Not Track” signal.
Contact Us
If you have any questions or concerns about this Privacy Policy or the information practices of our Services, please email us Privacy.Team@acaciumgroup.com or call us at (866) 877-1514.
You may also write us at:
Xyla Health, LLC.
Attention: Privacy Office
9800 Metcalf Ave, Suite 400
Overland Park, KS 66212
If you need to access this Privacy Policy in an alternative format due to having a disability, please contact us at the appropriate address above.
Changes to Privacy Policy
Xyla Health, LLC. may change this Privacy Policy from time to time due to changes in relevant law or our business practices. When changes are made to this Privacy Policy, we will post the changes on this website, and they will become immediately effective when posted. You can check the “Last Updated” legend at the bottom of this page to see when this Privacy Policy was last revised.
Last updated and effective date: September 13, 2024