Privacy Policy

Last revision: January 16, 2023

ReachLink understands how important the privacy of personal information is to our users. This Site Privacy Policy tells you what information we collect about you when you use the ReachLink services, tools, websites and mobile applications (collectively, the “Services”). The Site Privacy Policy also explains how we protect your information and the choices you have about how your personal information is used. We urge you to read this Site Privacy Policy carefully.

Remember that your use of ReachLink's Services is at all times subject to the Terms of Use, which incorporates this Site Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

THE SITE WILL BE COLLECTING AND TRANSMITTING PERSONAL, MEDICAL AND/OR HEALTH-RELATED INFORMATION ABOUT YOU. BY USING THE SITE, YOU AGREE THAT WE CAN COLLECT AND USE YOUR PERSONAL AND OTHER INFORMATION AS DESCRIBED IN THIS SITE PRIVACY POLICY AND NOTICES OF PRIVACY PRACTICES. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE SITE.

Definitions

“Personal Information” in this Site Privacy Policy means information about you that is personally identifiable to you, such as your contact information (e.g., name, address, email address, or telephone number), personally identifiable health or medical information (“Health Information”), and any other non-public information that is associated with such information.

“De-Identified Information” means information that is neither used nor intended to be used to personally identify an individual.

Personal Information Collected About You

ReachLink is committed to ensuring that your privacy is protected when using the Web Site and has put in place suitable physical, electronic and managerial safeguards to secure the information that it collects through the Web Site. Specifically, we may collect Personal Information about you such as:

● Your name, age, email address, telephone number, username, password, and other registration information.

● Health Information that you provide us, which may include information or records relating to your medical or health history, health status and other health related information.

● Health information about you prepared or obtained by the clinicians who provide clinical services through the Site such as medical and therapy records, treatment and examination notes, and other health related information.

● Information about the computer or mobile device you are using, such as what Internet browser you use, the kind of computer or mobile device you use, and other information about how you use the Site.

● Other information you input into the Site or related services.

We may collect Personal Information about you in the following ways:

● When you register for or update an existing profile on our Services;

● When you use certain interactive tools and features of the Services;

● When you sign-up for communications from ReachLink; or

● When you participate in an online survey.

With Whom Do We Share Your Personal Information?

ReachLink does not share the Personal Information that you disclose to us via the Web Site except (i) to our service providers, consultants and agents who require such information to provide services to ReachLink; (ii) as required by law; (iii) to protect the rights and interests of ReachLink, its Website users and/or other individuals; (iv) to share certain information about your usage of the Services with an insurer or your employer (“Sponsor”) (if applicable); (v) in special cases, such as in response to a physical threat to you or others including a reasonable determination of imminent risk of suicide and/or (vi) in the event of a corporate change in control resulting from, for example, merger, acquisition or transfer of all or substantially all of ReachLink's assets.

Use of your Personal Information by ReachLink includes:

● To provide Services to you.

● To create De-identified Information.

● To market and promote the Site and the Services to you.

● To notify you of Site updates, appointments, reminders and other communications to which you have agreed to receive.

● To improve the quality of healthcare Services provided.

● For any other purpose for which you give us authorization.

How Do We Secure and Retain Your Information?

We have put in place technical, physical, and administrative safeguards that comply with federal and state regulations to protect the Personal Information and protected health information (“PHI”) that we collect. Among other protections described below, when you enter Personal Information (including health information in various tools through our Services), we encrypt the transmission of that information using TLS (Transport Layer Security) technology. In addition, ReachLink restricts access to your Personal Information to employees who need the information to provide you with Services. ReachLink does not use or disclose your Personal Information or PHI except and to the extent permitted by applicable law.

Collecting and Using Non-Personally Identifiable Information

You should also be aware that when you visit our website, we collect certain non-personally-identifiable and aggregate information about you. This data helps us to analyze and improve the usefulness of the information we provide at this website. We might collect the following information:

● Web browser information. Web browsers collect and store information about the type of device and operating system you are using to access our website, as well as your device’s MAC address for facilitating network communications. Accessing this information helps us to establish a secure and consistent connection to you during your visits to our website.

● “Cookie” technology. A “cookie” is an element of data that a website can send to your browser when you link to that website. It is not a computer program and has no ability to read data residing on your computer or instruct it to perform any step or function. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. The cookie does not extract other personal information about you, such as your name or address.

● IP Address: When you subscribe to an Internet Service Provider (ISP), your computing device is assigned an IP Address. We track and store this address to help us manage security and monitor usage volume and patterns.

● Analytics Tools. We use tools such as Google Analytics to help analyze how users use the Site. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyze user and device related data and information on our behalf. Google Analytics uses Cookies to collect information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get to improve our Site and Services. Although Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit the Site, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Use and the Google Site Privacy Policy. You

may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.

We may collect “Non-Personal Information” – information that cannot be used to identify you – via Cookies, Web Beacons, ReachLink mobile device applications and from external sources, even if you have not registered with or provided any Personal Information to ReachLink. If you can be identified when this information is combined with other information, or as required by law, we will treat such information as Personal Information.

Updating/Removing Your Personal Information

If you do not want your Personal Information used by ReachLink as provided in this Site Privacy Policy, you should not register as a member or for any specific tool or application that collects Personal Information. You can correct, update or review Personal Information you have previously submitted by logging-in to ReachLink or a specific tool and making the desired change. You can also update any Personal Information you have submitted by contacting us at hello@reachlink.com. If you have registered and desire to delete any of your Personal Information you have provided to us from our systems please contact us at hello@reachlink.com. Upon your request, we will delete your Personal Information from ouractive databases subject to any restrictions on deletion as set forth in applicable laws. You should be aware that it is not technologically possible to remove each and every record of the information you have provided to the Services from our servers.

Cookies

Most browser software can be set to reject Cookies. Most browsers offer instructions on how to reset the browser to reject Cookies in the “Help” section of the toolbar. If you reject our Cookies, the Services may not work properly. Certain Ad Servers allow you to prevent them from collecting data through the use of Cookies. In order to do so, you must Opt-out of such data collection with each individual site. Currently, you can opt out of Cookies for several Ad Servers by visiting http://www.networkadvertising.org/choices/ or TRUSTe’s Preference Manager at http://preferences-mgr.truste.com/. These websites will also allow you to review the Ad Server’s privacy policies. You can find additional information and resources about how to opt out of advertising and related Cookies by visiting http://www.worldprivacyforum.org/2013/08/consumer-tips-top-ten-opt-outs/ and visiting www.allaboutcookies.org.

Disclosures to Third Party Web Sites

This Site Privacy Policy applies only to information we collect through the Site and in email, text and other electronic communications set through or in connection with the Site. Certain content, services and advertisements offered to you through the Services are served on or contain links to web sites hosted, controlled and operated by a company other than ReachLink (“Third Party Websites”). Any information you disclose to the other websites once you access these other websites are not subject to the privacy practices described in this Site Privacy Policy. ReachLink does not endorse and is not responsible for the privacy practices of these Third Party Websites. You should review the Site Privacy Policy posted on the other web site to understand how that Third Party Website collects and uses your Personal Information.

De-Identified Information.

We may use De-Identified Information created by us without restriction.

Children

We are committed to protecting the privacy of children. The Services are not designed or intended to attract anyone under the age of 18. The Services do not collect or solicit Personal Information from any person we actually know is under the age of 18.

General Data Protection Regulation (GDPR) and UK General Data Protection Regulation Notice

This section provides additional information about our Policy relevant to you if you are from the European Economic Area (the EEA), United Kingdom, and Switzerland (together “European Area Countries”). It supplements and should be read in conjunction with the rest of the Policy.

Under the European Area Countries’ privacy laws, we are the Controller with respect to your data.

When is my data used?

When it is in our legitimate interests or a Third Party’s legitimate interests (“legitimate interest” is a term defined by the General Data Protection Regulation (GDPR) and UK General Data Protection Regulation Notice). Our legitimate interests in this instance include managing the Platform and ReachLink’s business, safety and security of the infrastructure, prevention of fraud, research and development, and management of contracts and legal claims.

When it is needed for the provision of the Platform. In particular, for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of the Platform. We only rely on our or a Third Party’s legitimate interests to Process your data when these interests are not overridden by your rights and interests.

When it is necessary to do so to comply with any legal obligations imposed upon us, for example under applicable law.

In rare instances, when it is a medical emergency, we may use your data to protect your or another’s vital interests if consent is not a reasonable option.

When you have consented to the use of your data, for example for marketing purposes or through the use of cookies and web beacons.

What Lawful Basis for Sensitive Data is Used in the UK and EEA?

About sensitive personal information:

ReachLink may also collect and Process certain categories of personal information, which may be considered “sensitive personal information” in the UK and EEA. The lawful bases for this Processing are (1) health and social care, (2) our establishment, exercise, or defense of a right or legal obligation, (3) substantial public interest, and (4) consent. Where consent is the legal basis, you have the right to withdraw your consent at any time. Sensitive personal information that we Process includes your racial or ethnic origin, religious or philosophical beliefs, and data concerning your health or about your sex life or sexual orientation.

When you begin to use our services and register your account, we ask you to provide answers to a questionnaire to customize the service, to match you with the right counselor, and to provide therapy and related services to you. In providing your responses to the questionnaire you may provide us with “sensitive personal Information” as described above. You may also continue to share such data with us as you receive services. This data allows us to continue providing services to you and customize our services for you. We may also use this information to improve our service and understand how you interact with the services.

How we obtain your personal information

ReachLink obtains the categories of personal information listed above from the following sources:

• Directly from you, such as information when you apply to be a counselor or that you submit during the Process of using and paying for our Services.
• Indirectly from you, such as through your actions on our website.
• From Third-Party business partners, such as social media sites, ad networks, and analytics providers.
• What are my rights and choices under European Area Countries laws?
• European Area Country residents have specific rights regarding their data. This section describes your rights if you are resident in the European Area Countries and explains how to exercise those rights.

Subject access request: you may be entitled to ask us for a copy of any data which we hold. We will normally send you a copy within one month of your request. However, that period may be extended by two further months where necessary, taking into account the complexity of the request or the difficulty in accessing the data that you request. There is usually no charge. In exceptional circumstances, we may charge a reasonable fee after discussing the fee with you.

Right to rectification: if the data we hold about you is inaccurate, you may request rectification. The data will be checked, and, where appropriate, inaccuracies will be rectified.

Right to erasure: in certain circumstances, you may be entitled to ask us to erase your data.

Right to data portability: in certain circumstances, you may wish to move, copy, or transfer the electronic data that we hold about you to another organization.

Right to object: you may object to your data being used for direct marketing. You may object to the continued use of your data in any circumstances where we rely upon consent as the legal basis for Processing it. Where we rely upon legitimate interests as the legal basis for Processing your data, you may object to us continuing to Process your data, but you must give us specific reasons for objecting. We will consider the reasons you provide, but if we consider that there are compelling legitimate grounds for us to continue to Process your data, we may continue to do so. In that event, we will let you know the reasons for our decision. In some instances, objecting to certain Processing may impact our ability to provide you with services.

Rights related to automated decision-making including profiling: we use limited data to operate the Platform and to carry out certain profiling activities to support and grow our business. When doing so, we rely upon our legitimate interests as the lawful basis for Processing your data, and you may exercise the above rights if you do not wish us to Process your data in this way.

To exercise the rights in relation to your data set out in this section, please contact us at hello@reachlink.com

Is my data transferred internationally?

As a part of our standard business practices, we may transfer your data to organizations based in countries that have not been granted an adequacy decision under the General Data Protection Regulation. Where data is transferred to such countries, we shall ensure that specific safeguards or derogations have been established.

These might include where the data transfer is necessary in order to fulfill a contract between us and yourself, where we have received your specific consent after having made you aware of any risks involved, or where contracts are in place between us and the Third-Parties involved that ensure the recipient organization has a suitable standard of data protection in place.

You can contact our Data Protection Officer with questions, about this policy, or about your data by writing to: hello@reachlink.com.

While we’ll always work with you to resolve any concerns you have about the use of your data, under GDPR you have the right to lodge a complaint with the supervisory authority in your country of residence if you have any concerns about our use of your personal information.

Changes To This Site Privacy Policy

ReachLink may change this Site Privacy Policy from time to time; when updates are made, the Site Privacy Policy version date (located at the bottom of this policy) will also be updated to reflect that revision occurred. We encourage you to periodically reread this policy to see if there have been any changes that may affect you. This statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

If you have questions or concerns about our Site Privacy Practices, or would like to report a violation, please contact us by sending an email to hello@reachlink.com.

ReachLink is the brand name used for products and services provided by one or more professional services entities, including ReachLink Telebehavioral Health Services PA that is managed by or affiliated with Florida ReachLink LLC, a management company.