Privacy Policy
VAULT Technologies, LLC (“VAULT”) is a software-as-a-service (SaaS) provider committed to safeguarding the privacy and security of sensitive information processed through our platform on behalf of our clients. This Privacy Policy outlines how personal and health-related data is collected, used, and shared within the scope of our services, in accordance with client instructions, applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). By using our platform, clients, their authorized users, and other users agree to the terms outlined in this policy.
1. Data Collection and Use
VAULT collects and processes data exclusively on behalf of our clients to facilitate the operation and delivery of our SaaS platform. On behalf of our client, our systems collect personal and health-related data necessary to provide, maintain, and improve our client’s services. This may include sensitive health information when relevant for service delivery, which is handled with additional safeguards. The data collected enables our clients to deliver services effectively, enhance functionality, and improve client and patient experiences. VAULT processes all personal health information (PHI) solely as per client instructions and does not use PHI for independent purposes. Additionally, we and/or our client may use aggregated, non-identifiable data for analytical purposes to improve service quality and/or accessibility and/or to develop new features. All personal health information (PHI) is processed solely as per client instructions and in compliance with HIPAA regulations.
2. Types of Data Processed
The specific types of data processed by VAULT depend on the services provided to the client. Data categories may include:
1. Data Collection and Use
VAULT collects and processes data exclusively on behalf of our clients to facilitate the operation and delivery of our SaaS platform. On behalf of our client, our systems collect personal and health-related data necessary to provide, maintain, and improve our client’s services. This may include sensitive health information when relevant for service delivery, which is handled with additional safeguards. The data collected enables our clients to deliver services effectively, enhance functionality, and improve client and patient experiences. VAULT processes all personal health information (PHI) solely as per client instructions and does not use PHI for independent purposes. Additionally, we and/or our client may use aggregated, non-identifiable data for analytical purposes to improve service quality and/or accessibility and/or to develop new features. All personal health information (PHI) is processed solely as per client instructions and in compliance with HIPAA regulations.
2. Types of Data Processed
The specific types of data processed by VAULT depend on the services provided to the client. Data categories may include:
- Contact Information: Names, email addresses, phone numbers, and postal addresses provided during account registration or service inquiries.
- System Usage Data: Information related to service access and platform usage, such as login times, IP addresses, and device details, used to monitor system performance and ensure security.
- Patient Health Information (PHI): When applicable, medical histories, treatment data, and other sensitive health information processed in compliance with HIPAA, strictly to facilitate delivery and payment of healthcare services.
- Client-Specific Information: Any additional data input into the platform by the client and its patients, which VAULT processes solely at the client’s direction.
3. Data Sharing and Disclosure
VAULT does not sell personal or health data under any circumstances. Data may be shared with trusted third-party service providers (e.g., cloud storage, payment processing) that assist in delivering our services. These providers are contractually obligated to adhere to strict confidentiality and data security standards, including HIPAA compliance when handling PHI. All third-party data sharing is conducted in accordance with the terms of the Data Processing Agreement (DPA), ensuring compliance with HIPAA and GDPR standards.
VAULT only discloses PHI to third parties as instructed by the client. Additionally, disclosures may occur if required by law, regulatory obligations, or for the protection of legal interests.
4. Security of Personal and Health Information
VAULT employs comprehensive technical, organizational, and administrative safeguards to ensure the security of personal data and PHI. VAULT employs industry-standard security measures, including encryption, access controls, and regular security audits, to protect against unauthorized access, alteration, or loss. VAULT complies with all HIPAA Security Rule standards, implementing both physical and technical safeguards to ensure PHI remains secure. Additionally, clients are contractually obligated to ensure that their authorized users comply with security and privacy laws and practices. We continually review and enhance our security practices to align with evolving threats and regulatory standards, ensuring the highest level of data protection.
VAULT employs comprehensive technical, organizational, and administrative safeguards to ensure the security of personal data and PHI. VAULT employs industry-standard security measures, including encryption, access controls, and regular security audits, to protect against unauthorized access, alteration, or loss. VAULT complies with all HIPAA Security Rule standards, implementing both physical and technical safeguards to ensure PHI remains secure. Additionally, clients are contractually obligated to ensure that their authorized users comply with security and privacy laws and practices. We continually review and enhance our security practices to align with evolving threats and regulatory standards, ensuring the highest level of data protection.
5. Data Retention
Personal and health-related data is retained only for as long as necessary to fulfill the purposes defined by the client or as required by applicable laws. Upon termination of services or at the client’s request, VAULT securely deletes or anonymizes data. Any extended retention or specific destruction processes are handled based on contractual agreements and legal obligations. PHI is stored and managed in accordance with HIPAA’s retention requirements, and securely disposed of when no longer needed. Extended retention beyond termination will be governed by the terms of the SaaS Agreement and subject to applicable storage fees.
Personal and health-related data is retained only for as long as necessary to fulfill the purposes defined by the client or as required by applicable laws. Upon termination of services or at the client’s request, VAULT securely deletes or anonymizes data. Any extended retention or specific destruction processes are handled based on contractual agreements and legal obligations. PHI is stored and managed in accordance with HIPAA’s retention requirements, and securely disposed of when no longer needed. Extended retention beyond termination will be governed by the terms of the SaaS Agreement and subject to applicable storage fees.
6. Data Subject Rights
In accordance with applicable laws, including HIPAA, users and clients have rights regarding their personal and health data. These rights may include the right to access, correct, delete, or restrict processing of their data. Patients and clients may also request data portability or object to specific data processing activities. VAULT, as a Processor, does not act directly on these requests but will support the client (Controller) in fulfilling them. Users whose data is processed through VAULT’s platform should direct any requests related to their personal information or PHI to the client (the data controller). VAULT supports clients in facilitating data subject rights, including access, correction, restriction, or deletion of data, in compliance with applicable laws.
7. International Data Transfers
VAULT may operate globally. Any international transfers of PHI comply will be conducted at the request of the client and comply with HIPAA and any applicable local data protection regulations.
In accordance with applicable laws, including HIPAA, users and clients have rights regarding their personal and health data. These rights may include the right to access, correct, delete, or restrict processing of their data. Patients and clients may also request data portability or object to specific data processing activities. VAULT, as a Processor, does not act directly on these requests but will support the client (Controller) in fulfilling them. Users whose data is processed through VAULT’s platform should direct any requests related to their personal information or PHI to the client (the data controller). VAULT supports clients in facilitating data subject rights, including access, correction, restriction, or deletion of data, in compliance with applicable laws.
7. International Data Transfers
VAULT may operate globally. Any international transfers of PHI comply will be conducted at the request of the client and comply with HIPAA and any applicable local data protection regulations.
8. Cookies and Tracking Technologies
To enhance user experience and improve our services, VAULT may use cookies and similar tracking technologies on our website and platform. These tools track system usage and enable personalized settings. Users may disable cookies in their browser settings, though doing so may affect functionality.
To enhance user experience and improve our services, VAULT may use cookies and similar tracking technologies on our website and platform. These tools track system usage and enable personalized settings. Users may disable cookies in their browser settings, though doing so may affect functionality.
9. Updates to this Privacy Policy
VAULT reserves the right to update this Privacy Policy as necessary to reflect changes in services, practices, or legal requirements. Clients will be notified of significant updates through appropriate channels, and continued use of our platform constitutes acceptance of the updated terms.
VTI Privacy Policy 11‐2024
VAULT reserves the right to update this Privacy Policy as necessary to reflect changes in services, practices, or legal requirements. Clients will be notified of significant updates through appropriate channels, and continued use of our platform constitutes acceptance of the updated terms.
VTI Privacy Policy 11‐2024