PRIVACY POLICY

This privacy policy (the “Policy”) describes how VVC Holding Corp., (“virencehealth,” “Virence,” “we,” “us,” or “our”), and its subsidiaries and affiliated companies, including athenahealth, Inc., may collect, use, and share information about you that we obtain through www.virencehealth.com (the “Website”).

As of February 11, 2019, Virence and athenahealth, Inc. are under common ownership. For more information about how athenahealth, Inc. uses/processes your information, please visit the privacy policy on athenahealth.com. For requests related to exercising the rights afforded to California residents under the California Consumer Privacy Act (“CCPA”), please visit www.athenahealth.com/consumer-privacy-request.

This Policy discloses the privacy practices for www.virencehealth.com (“Website”). This privacy notice applies to information collected by this Website. This Policy will also apply to any offline location that makes this Policy available to you. It will notify you of what information is collected from you through the website, how it is used, and with whom it may be shared. It will also notify you of what choices are available to you regarding use of your data what choices are available to you regarding the use of your data and how you can correct any inaccuracies in the information.

I. WHAT INFORMATION DO WE COLLECT?

The following types of information may be collected on the Website:

  • We may collect information you provide us if you access, voluntarily enter into, or sign up for or request certain services from us on our Website. For example, if you are interested in learning more about us and the services and products we offer, we may ask for personal information, such as your name, email address, telephone number, and a free text field where you may input additional information. If you have an account with us, we may also collect your username or other information (e.g., Practice ID) you use to log into or access your account.
  • When you visit our Website, we may gather certain information about your visit and your device automatically. This information may, for example, reflect how you found, were directed to or used this Website. Similarly, we may collect your IP address, browser type and version, and other data about the equipment used to visit the Website, as well as the patterns of searching and browsing that preceded access to the Website, and the patterns of searching and browsing on the Website.
  • We have access to/collect information that you voluntarily give us via email or other direct contact from you.
  • We may also collect information from other sources, including but not limited to the following categories of sources: consumers or users of the Website, data brokers or resellers from which we purchase data to supplement the data we collect, social networks when you engage with our content, reference our Website, or grant us permission to access information from the social networks, partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities, and information that is publicly available.

Our processing of data received from our customers (“Customer Data”) is governed by the agreements we enter into with our customers, which may include Business Associate Agreements as applicable and required under the Health Insurance Portability and Accountability Act (“HIPAA”). Our customers may also have their own privacy practices and/or policies that govern their collection and use of your data. We are not responsible for how our customers treat the information we collect on their behalf, and we recommend you review their own privacy policies. For further information on your rights and choices regarding Customer Data, see the “Your Rights and Choices” section below.

The Website does not respond to web browsers’ Do Not Track signals. Thus, your selection of the “do not track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

II. HOW DO WE USE YOUR INFORMATION?

We may use information collected through tracking technologies, such as log files, cookies and web beacons, to improve the functionality of the Website. For example:

  • We may track the number of visitors using certain portions or features of the Website to make changes that may be necessary to improve the Website’s functionality and identify areas of interest to our visitors;
  • We may track the popularity of features on the Website to guide the development of new ones;
  • We may identify the types of devices our visitors use so that we can improve and optimize our systems and services;
  • We identify the type of visitors to the Website to determine whether such users are existing clients or prospective clients for marketing and sales purposes;
  • We may engage certain service providers to track and associate internet search and browsing behavior with our advertisements and to provide functionality on the Website; and
  • We may assess the ways in which users become aware of or access the Website in order to gauge the quality and methods of our advertising.
    By continuing to use our Website, including by remaining on the landing page, you consent to the use of cookies.
    We use the information for the purposes explained at the time of collection, as described in this Policy and our terms, and for our business purposes. For example:
  • If you provide us with your information in connection with your interest in our products or services (e.g., through webforms), we will use such information to reach out to you about our products or services.
  • If you provide us with your information, we may use it for our own marketing, promotional, and informational purposes, including solicitations, invitations, newsletters, awareness campaigns, and announcements.
  • When you provide information on our Website or have an account with us, we may use your information to reach out to you and ask if you would like to participate in studies or respond to questions about how the services we offer do or do not meet your needs or can be improved (“Usability Activities”).We will not retain your information, whether obtained through tracking technologies or provided by you longer than necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. Wherever your information may be held by us, we take reasonable and appropriate steps to protect the information that you share with us from loss, theft, misuse, and unauthorized access, destruction, and disclosure. In addition, we enter into agreements with our service providers which require that care and precautions be taken to prevent loss, misuse, or disclosure of your information. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

    Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For further information on your rights and choices regarding Customer Data, see the “Your Rights and Choices” section below.

    III. SHARING YOUR INFORMATION

    We engage certain service providers and third parties to process information on our behalf for business purposes. Service providers and third parties are used, for example, to track and associate internet search and browsing behavior with our advertisements, to provide analytics, and to provide functionality on the Website. In addition, we may share Website usage and information with these service providers and third parties to manage our content, administer ads, provide insights to us related to marketing needs, for market research purposes, and to analyze our marketing efforts.

    We share information with vendors, consultants, agents, and partners for business and commercial purposes to help us provide or improve our services or our Website. Our vendors include, but are not limited to, analytics and technology companies. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information.

    We share information with our related entities including our parent and sister companies for business purposes such as customer support, marketing, and technical operations. We also may share information with affiliates for commercial purposes.

    We may work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other Website(s) and services.

    We may use tracking technologies such as cookies and web beacons, and other storage technologies to collect or receive information and use that information to provide measurement services, analytics, and to deliver relevant ads and/or other content to you (“Interest-based Advertising”). More specifically, these companies may use information about your activities across time and services for purposes of associating different devices you use, and to provide ads about goods and services of interest to you.

    We also share information with other entities in the following situations:

    • Where you have given us your consent to share or use information about you;
    • When we believe that we need to share information about you to provide a service that you have requested from us or from others;
    • Where we are required by law or other legal process to disclose information, and where required, in response to a lawful request by public authorities, including meeting national security or law enforcement standards; or
    • Where we believe that it is necessary to avoid liability or violations of the law;
    • To protect the rights, property, life, health, security and safety of us, the Website, or anyone else;
    • To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of all or any part of our business, provided that we inform the buyer it must use your information only for the purposes disclosed in this Policy;
    • At your request or direction, such as when you share information with a social network about your activities on the Website; or
    • To any other person with your consent to the disclosure.
      Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For further information on your rights and choices regarding Customer Data, see the “Your Rights and Choices” section below.

    IV. SOCIAL MEDIA AND TECHNOLOGY INTERACTIONS
    • We offer parts of our Website through websites, platforms, and services operated or controlled by separate entities. In addition, we integrate technologies operated or controlled by separate entities into parts of our Website. Some examples include:
    • Links. Our Website includes links that hyperlink to websites, platforms, and other services not operated or controlled by us.
    • Liking, Sharing, and Logging-In. We may embed a pixel or SDK on our Website that allows you to “like” or “share” content on, or log in to, your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration.
    • Brand Pages and Chatbots. We may offer our content through social media. Any information you provide to us when you engage with our content is treated in accordance with this Policy. Also, if you publicly reference our Website on social media (e.g., by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Website.

    Please note that when you interact with other entities, including when you leave our Website, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

    V. YOUR RIGHTS AND CHOICES
    • Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
    • Advertising. The companies we work with to provide you with targeted ads may be participants of the Digital Advertising Alliance (“DAA”) and/or the Network Advertising Initiative (“NAI”). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; (ii) for app targeted ads from DAA participants, https://www.aboutads.info/appchoices; and (iii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you but does not mean you will no longer receive any targeted content and/or ads.
    • Mobile Devices. You may also limit our use of information collected from or about your mobile device for purposes of serving targeted ads to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “Opt-out of Interest-Based Ads” (for Android devices).

    Please note that if you opt-out using any of these methods, the opt-out will only apply to the specific browser or device from which you opt-out. We are not responsible for the effectiveness of, or compliance with, any opt-out options or programs, or the accuracy of any other entities’ statements regarding their opt-out options or programs.

    VI. MINORS

    This Website is intended for a general audience and is not intended for minors under the age of eighteen. We do not wish to obtain any information from or about such minors through this Website. If you are under eighteen years old, do not use this Website. Our Website includes social media features, including “sharing” functions on Facebook and Twitter. Your interactions with these features are governed by the privacy policies of the companies providing these features, and we do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties.

    We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at consumerprivacyrequests@athenahealth.com. We will remove the data to the extent required by applicable laws.

    We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

    If you are a California resident under 18 years old, you can ask us to remove any content or information you have posted on the Website. To make a request, email us at the email address set out in “Contact Us” section with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    VII. INTERNATIONAL TRANSFER

    We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Website from outside of the U.S., please be aware that information collected through the Website may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Website or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Policy.

    VIII. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

    Effective Date: January 1, 2020

    Last Reviewed on: January 1, 2020

    This Privacy Notice for California Residents supplements the information contained in VVC Holding Corp.’s Website Privacy Policy included above and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this Notice.

    Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information“) from some its requirements.

    Information We Collect

    We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information“). Personal information does not include:

    • Publicly available information from government records.
    • Deidentified or aggregated consumer information.
    • Information excluded from the CCPA’s scope, like:
      • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

    In particular, our Website has collected the following categories of personal information from its consumers within the last twelve (12) months:

    CategoryExamplesCollected
    A. Identifiers.A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.YES
    B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
    Some personal information included in this category may overlap with other categories.
    YES
    C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).YES
    D. Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YES
    E. Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NO
    F. Internet or other similar network activity.Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.YES
    G. Geolocation data.Physical location or movements.YES
    H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.NO
    I. Professional or employment-related information.Current or past job history or performance evaluations.YES
    J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NO
    K. Inferences drawn from other personal information.Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.YES

    We obtain the categories of personal information listed above from the following categories of sources:

    • Directly from you. For example, from forms you complete or products and services you purchase.
    • Indirectly from you. For example, from observing your actions on our Website.

    For more information on the information we collect, including the sources we receive information from, review the What Information Do We Collect section, above.

    We do not generally sell information as the term “sell” is traditionally understood. To the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those disclosed in the How Do We Use Your Information and Social Media and Technology Integrations sections as a “sale,” we will comply with applicable law as to such activity. We disclose the following categories of personal information for commercial purposes: identifiers, demographic information, commercial information, internet activity, geolocation data and inferences. We use and partner with different types of entities to assist with our daily operations and manage our Website. Please review the

    Sharing Your Information

    section for more detail about the parties we have shared information with.

    Roles

    Our Website is intended to provide information to our business clients and job applicants. If you are a business client or job applicant, you understand and agree that information collected about you is solely within the context of (i) your role as an employee, job applicant, owner, director, officer, or contractor or (ii) us conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

    If you are a California resident and we, as a service provider, have processed personal information about you on behalf of our clients and you wish to exercise your CCPA rights, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your personal information. We will refer your request to that client and will support them to the extent required by California privacy law in responding to your request.

    Use of Personal Information

    We may use, or disclose the personal information we collect for one or more of the following purposes:

    • To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment. We may also save your information to facilitate new product orders.
    • To provide, support, personalize, and develop our Website, products, and services.
    • To create, maintain, customize, and secure your account with us.
    • To process your requests, purchases, transactions, and payments and prevent transactional fraud.
    • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
    • To personalize your Website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Website, third-party sites, and via email or text message (with your consent, where required by law).
    • To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business.
    • For testing, research, analysis, and product development, including to develop and improve our Website, products, and services.
    • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
    • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
    • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our [Website users/consumers] is among the assets transferred.
    • To send you advertising

    To fulfill any other business or commercial purposes at your direction or with your notice and/or consent.

    Your Rights and Choices

    The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

    Right to Know

    You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you, based upon your request:

    • The categories of personal information we collected about you.
    • The categories of sources for the personal information we collected about you.
    • Our business or commercial purpose for collecting or selling that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you (also called a data portability request).
    • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
      • sales, identifying the personal information categories that each category of recipient purchased; and
      • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

    We do not provide these access and data portability rights for B2B personal information.

    Right to Delete

    You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

    We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

    • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    • Debug products to identify and repair errors that impair existing intended functionality.
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    • Comply with a legal obligation.
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

    We do not provide these deletion rights for B2B personal information.

    Exercising Your Right to Know and Right to Delete

    To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

    Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

    You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:

    • First and last name, email address, date of birth and username (as applicable).
    • Description of your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

    We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

    Response Timing and Format

    We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

    Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

    Right to Opt-Out and Opt-In

    To the extent we sell your personal information as the term “sell” is defined under the CCPA, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). Consumers who opt-in to personal information sales may opt-out of future sales at any time.

    To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link “Do Not Sell My Personal Information“. You may also submit a request to opt-out by calling our toll-free number at 888-807-2076, or emailing us at consumerprivacyrequests@athenahealth.com.

    Once you make an opt-out request, you may change your mind and opt back into personal information sales at any time by emailing us at consumerprivacyrequests@athenahealth.com.

    Non-Discrimination

    We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

    • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

    Other California Privacy Rights

    California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes in particular: Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make such a request, please send an email to write us at: Chief Compliance Officer, athenahealth, Inc. 311 Arsenal Street, Watertown, MA 02472. We may require additional information from you to allow us to verify your identity and only required to respond to requests once during any calendar year.

    IX. UPDATES TO THIS PRIVACY POLICY

    We reserve the right to make updates and revisions to this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on the Website and update the effective date. Any changes will be effectively as of the “Updated” date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

    X. CONTACT INFORMATION

    If you have any questions or comments about this Policy, the ways in which athenahealth collects and uses your information described here, your choices and rights regarding such use, or you wish to exercise your rights under California law, please contact us at:

    If you have a disability and would like to access this Policy in an alternative format, please contact us at 888-807-2076.