Featured Content

    FinThrive_EXEC_Insurance Discovery-Four Ways to Uncover Hidden Revenue-svg

    Four Simple Steps to Uncover Hidden Revenue 
    You could be missing out on millions in annual revenue. Learn how to recover every earned dollar.
     

    Featured Content

      FinThrive_EXEC_Revenue Management Automation Guide-svg

      Your Guide to an Autonomous Revenue Cycle
      Plot a course toward forward-thinking innovation that improves efficiency, the patient experience and your bottom line.
       

      Read

      Watch & Listen

      Attend

      Featured Content

        FinThrive_EXEC_SDOH Data Guide-svg

        Advance Health Equity Through Data
        Learn actionable strategies to turn robust data into powerful patient and member experiences.
         

        FinThrive Privacy Notice for Virginia Residents 

        Last Updated: December 29, 2022

        Download printable PDF of this policy

        This Privacy Notice for Virginia Residents (“Notice”) supplements the information contained in the Company’s general Privacy Policy (available on our website) and applies solely to those consumers who reside in the State of Virginia (“consumers” or “you”). 

        This Notice is intended to provide specific information to consumers in Virginia and to describe your rights related to your personal information. We adopt this Notice to comply with the Virginia Consumer Data Protection Act (CDPA) and any terms defined in the CDPA have the same meaning when used in this Notice. 

        This Notice does not include personal information collected by FinThrive as part of an employee-employer relationship, including applicants and candidates for employment with FinThrive, or personal information collected from individuals acting in a commercial context (e.g. as a representative of a FinThrive customer, prospective customer, vendor or supplier). 

        Information We Collect

        The Company collects information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer (personal information). The Company collects and uses personal information generally for our business purposes, to provide the services for which you have inquired, and to be in legal compliance.

        Category Examples Collected Disclosed for Business Purpose To whom we disclosed personal information
        A. Identifiers A name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, phone number YES YES Service Providers
        (For example, consultants, website developers, IT providers, auditors)
        B. Protected classification characteristics under federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO NO Not Applicable
        C. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO NO Not Applicable
        D. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO NO Not Applicable
        E. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES YES Service Providers
        (For example, consultants, website developers, IT providers, auditors)
        F. Geolocation data. Physical location or movements. YES YES Service Providers
        (For example, consultants, website developers, IT providers)
        G. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO NO Not Applicable
        H. Professional or employment-related information. Current or past job history or performance evaluations. NO NO Not Applicable
        I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO NO Not Applicable
        J. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO NO Not Applicable
        K. Sensitive Personal Information Racial or ethnic origin, religious or philosophical beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status NO NO Not Applicable
          Genetic or biometric data for the purpose of uniquely identifying a natural person. NO NO Not Applicable
          Personal data collected from a known child NO NO Not Applicable
          Precise geolocation data NO NO Not Applicable
        Category:  A. Identifiers

        Examples: A name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, phone number
        Collected: YES
        Disclosed for Business Purpose: YES
        To whom we disclosed personal information: Service Providers (For example, consultants, website developers, IT providers, auditors)

        Category:  B. Protected classification characteristics under federal law.

        Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: C. Commercial information.

        Examples: Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: D. Biometric information.

        Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: E. Internet or other similar network activity.

        Examples: Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
        Collected: YES
        Disclosed for Business Purpose: YES
        To whom we disclosed personal information: Service Providers (For example, consultants, website developers, IT providers, auditors)

        Category: F. Geolocation data.

        Examples: Physical location or movements.
        Collected: YES
        Disclosed for Business Purpose: YES
        To whom we disclosed personal information: Service Providers (For example, consultants, website developers, IT providers)

        Category: G. Sensory data.

        Examples: Audio, electronic, visual, thermal, olfactory, or similar information.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: H. Professional or employment-related information.

        Examples: Current or past job history or performance evaluations.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

        Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: J. Inferences drawn from other personal information.

        Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Category: K. Sensitive Personal Information

        Examples: Racial or ethnic origin, religious or philosophical beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Examples: Genetic or biometric data for the purpose of uniquely identifying a natural person.
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Examples: Personal data collected from a known child
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Examples: Precise geolocation data
        Collected: NO
        Disclosed for Business Purpose: NO
        To whom we disclosed personal information: Not Applicable

        Personal information does not include: 

        • Publicly available information from government records.
        • Deidentified or aggregated consumer information that cannot be reasonably linked back to an individual.
        • Information excluded from the CDPA’s scope, like:
          • Protected Health Information (PHI) covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or information treated in the same manner as PHI that is maintained by a Covered Entity or Business Associate.
          • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or the Driver’s Privacy Protection Act of 1994 (DPPA). 

             

        Use of Personal Information 

        We may use the personal information collected about you for the following purposes: 

        • To provide, administer and communicate with you about our technology solutions, services, events, surveys and promotions (including by sending you marketing communications).
        • To facilitate and personalize your experience with our Sites and to administer those Sites.
        • To process, evaluate and respond to your requests or inquiries.
        • To determine and manage the effectiveness of our advertising and marketing, for example by engaging in surveys or research.
        • To evaluate, grow and improve our business (including activities such as developing new products and services, enhancing current products or services, market research).
        • To carry out or obligations and enforce our rights arising from any contracts entered into between us and you 
        • To protect and secure our Sites, data, assets, network, and business operations, and to detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal
        • To comply with legal process, such as warrants, subpoenas, court orders, and lawful regulatory or law enforcement requests and to comply with legal, regulatory compliance, or contractual obligations
        • To conduct general business operations such as accounting, recordkeeping, compliance activities and audits
        • To defend the interests of the Company or employees in threatened or actual legal proceedings, investigations or inquiries. 
        • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by FinThrive is among the assets transferred.
        • As described to you when collecting your personal information or as otherwise set forth in the CDPA. 

        The Company does not collect your sensitive personal information and will not process your personal information without obtaining your consent.

        The Company will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. 

        Disclosure of Personal information 

        The Company may disclose your personal information to external parties for a business purpose, including those noted above. When we disclose personal information for a business purpose to a Service Provider or Contractor, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. 

        We also may disclose your personal information to other third parties when required by law or to meet a legal or compliance obligation. 

        We disclose your personal information to the following categories of external parties: 

        • Service providers who are providing a service for, or on behalf of, the Company such as information technology partners, contractors provided by staffing agencies, auditors, website developers.
        • Relevant third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)
        • As required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, meet a compliance obligation, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.

        Sale or Targeted Advertising 

        The Company does not sell personal information or process personal information for targeted advertising as defined by CDPA.

        Your Rights and Choices 

        The CDPA provides consumers (Virginia residents) with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights. 

        Your Right to Know and Access Specific Pieces of Personal Information
        You have the right to request that the Company confirm whether we are processing your personal information and to access such personal information. You also have the right to obtain a copy of the personal information that you previously provided to us (data portability right). Once we receive and confirm your authenticated consumer request (see Exercising Your Rights), we will process your request.

        Your Right to Delete Personal Information 
        You have the right to request that the Company delete any of your personal information that we collected from you or obtained about you and retained. Once we receive and confirm your authenticated consumer request (see Exercising Your Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless we are unable to do so. If that is the case, we will provide you with the reasons for our denial and you may appeal our decision as noted below.

        Your Right to Correct Inaccurate Personal Information 
        You have the right to request that the Company correct inaccurate personal information that we maintain about you. Once we receive and confirm your authenticated consumer request (see Exercising Your Rights), we will use commercially reasonable efforts to correct (and direct our service providers to correct) your inaccurate personal information in our records. 

        Your Right to Opt-Out of Certain Processing Activities
        The Company does not process personal information for the purposes of targeted advertising or profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you. The Company also does not sell personal information described in this Notice. 

        However, if you are 16 years of age or older, you have the right to “opt-out” at any time. We will maintain your preference on file. 

        We do not sell or collect the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. 

        Exercising Your Rights 
        To exercise your rights described above, please submit a request via email to privacy@finthrive.com or by calling us toll-free at 1-877-636-5442.

        Only you, or someone legally authorized to act on your behalf, may make a consumer request related to your personal information. You may also make a consumer request on behalf of your minor child. If you choose to designate an authorized agent to make a request on your behalf, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us such as through an email address we have on file.

        We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will use commercially reasonable efforts to authenticate your request. If we are unable to do so, we may not be able to act on your request and we may request that you provide additional information.

        Making a consumer request does not require you to create an account with us. 

        We will only use personal information provided in a consumer request to verify the requestor’s identity or authority to make the request. 

        Response timing and format 
        We endeavor to respond to an authenticated consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. 

        If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will explain the reasons we cannot comply with a request, if applicable, and instructions for how you can appeal the decision.

         For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

        We do not charge a fee to process or respond to your authenticated consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We also reserve the right to deny any consumer request deemed to be manifestly unfounded, excessive or repetitive.

        Appeal Process
        If we notify you that we are unable to act on your request, you may appeal the decision within 30 days of receipt of our decision by submitting your appeal request via email to privacy@finthrive.com or by calling us toll-free at 1-877-636-5442. Please include any relevant information as to why you believe our decision should be reconsidered. We will evaluate all requests for appeals and provide a written response within 60 days. 

        Your Right to No Retaliation
        You have the right to exercise your rights without retaliation. We will not discriminate against you for exercising any of your CDPA rights. Unless permitted by the law, we will not: 

        • Deny you goods or services. 
        • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
        • Provide you a different level or quality of goods or services. 
        •  Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

        If you feel that you have experienced retaliation, you are encouraged to call the Company’s Helpline at 1-844-680-0572. 

        Notice of Use of De-Identified Information 

        With appropriate authorizations, FinThrive may use, sell or disclose deidentified information derived from patient information which is not subject to the CDPA. Such information is de-identified in accordance with Section 164.514(b)(1) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method. Once de-identified, FinThrive makes no attempt to re-identify such data.

        Changes to Our Privacy Notice

        The Company reserves the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated notice on our Website and update the Notice’s effective date. 

        Contact Information

        If you have any questions or comments about this Notice, the ways in which the Company collects and uses your information described in this Notice, your choices and rights regarding such use, or wish to exercise your rights under Virginia law, please do not hesitate to contact us at privacy@finthrive.com

        Download printable PDF of this policy