DentalPlans.com, Inc. and its subsidiaries and corporate affiliates (collectively, “DentalPlans.com,” “our,” “us,” or “we”) operate websites, provide products and services through mobile and other applications, and develop software. We refer to these as “site(s),” “service(s),” or “our sites and services.”
1. Personal Information We Collect
Personal information is information that can be used to identify, locate, or contact an individual, and includes other information that may be associated with personal information. When you interact with our sites and services, depending on the site or service, we may ask for the following personal information directly from you:
- Contact Information allows us to communicate with you and generally includes your name, addresses, email addresses, social media website user account names, and/or telephone numbers.
- Payment Information needed to process payments such as your credit or debit card number, expiration date, and card verification number.
- Personal Profile or Service Information helps us with the administration and personalization of your personal profiles or services, such as areas of interest, information from social media interactions (such as Facebook, Twitter, or Google+), preferences, physical characteristics (such as height, weight), photographs and, biographical, health information and/or demographic information (such as gender).
- Transaction Information about how you interact with and use our sites and services, email, other communications, and applications; and how you interact with merchants, business partners, and service providers.
- Geographic Location Information but only if your mobile or other device transmits location data and/or your IP address, and you have activated a location-enabled site or service.
- Job-Search-Related Information for recruitment purposes and may include educational and employment background, driver’s license number and social security number.
- Medical Information for functionality of certain services to connect you with your healthcare provider, and may include your medical history, present symptoms, future conditions or treatments, savings plan, insurance carrier and plan, and any other medical and health information you or your healthcare provider choose to share with us.
- Appointment Information to schedule an appointment or consultation using one of our online appointment or consultation services and includes the requested appointment information, which may be linked with health or legal related information that you choose to share with us.
- Access to Your Data if you are our customer and use certain services, interactive tools or authorize us to retrieve information from another database, user, or other third party on your behalf, such as integrating a practice management system with your services, then you may elect to download certain installed tools, which may collect and transmit information from your computer system solely relating to the use of the installed tools and for the purpose of providing you with relevant services.
- Your Submissions help us with administration of our sites and services and includes any information you voluntarily provide, generally through free form text boxes, forums, uploading a document or authorizing us to retrieve and import information from another user or third party on your behalf.
In each of the above instances, you will know what personal information we collect through our sites and services because you voluntarily and directly provide it.
2. How We Use Personal Information:
We may use information collected from you in one or more of the following ways:
- to enable site features such as geographically specific pricing or logging, and retrieving and providing analysis of data you choose to enter into the site,
- to send you important notices, such as communications about changes to your account, and our sites’ and services’ terms, conditions, or policies,
- to process payments and to send you emails, invoices, receipts, notices of delinquency, alerting you if we need different or updated payment card information or other communications in connection with processing and collecting payments,
- to solicit input and feedback to improve our sites and services and customize your user experience,
- to enable you to communicate with other site or service users via private messaging or other service specific communication channels,
- to contact you via email, telephone, text or chat in a manner required by law,
- to meet contractual obligations,
- to send you reminders, technical notices, updates, security alerts, support and administrative messages, and service bulletins,
- to inform you about new products or promotional offers, or other opportunities which we feel will be of interest to you, and to provide advertisements to you through our sites, U.S. mail, email messages, text messages, applications, or other methods of communication,
- to manage our sites’ and services’ administration, forum management, or fulfillment,
- to provide customer service and technical support,
- to administer surveys, sweepstakes, giveaways, contests, or similar promotions or events sponsored by us or our partners,
- for internal purposes such as auditing, data analysis, and research to improve our products, services, and communications,
- to allow you to apply for a job or sign up for special offers from third parties through our sites,
- to help you contact or schedule an appointment with a healthcare provider listed in one of our directories and remind you of upcoming or follow-up appointments,
- to perform services in conjunction with interactive tools, such as integrating practice management systems, making a referral, sending a prescription to a pharmacy, or sending a test to a clinical laboratory, and
- to use anonymized personal information to run (or authorize third parties to run) statistical research on individual or aggregate trends.
In addition to the uses described above, we may use personal information that we collect for other purposes that are disclosed to you at the time we collect the information, or with your consent.
3. Sharing Personal Information
We may share personal information about you with third parties in the following circumstances:
- We may engage third parties to perform services on our behalf, including maintenance services, hosting, data storage, security, analytics and data analysis, payment processing, assisting in marketing efforts, email and text message distribution, customer service, providing certain interactive tools, and conducting surveys and sweepstakes.
- When you communicate with us by email, submit an online form through the site, request a quote or information, purchase a product or service, or otherwise submit a request through the Site, the personal information you provide may be shared with third parties to process or respond to your request, provide you with the products or services you requested or complete a transaction.
- We may share your contact data, savings plan, insurance data, and medical data with healthcare providers in order to provide you with customer service or whom you choose to schedule through the services.
- Your personal information, and the contents of all of your online communications on or through our sites and services may be accessed and monitored as necessary to operate our sites and perform our services, and may be disclosed:
- to satisfy any applicable laws or regulations,
- to defend ourselves in litigation or a regulatory action,
- when we have a good faith belief that we are required to disclose the information in response to legal process (for example, a subpoena, court order, or search warrant),
- where we believe our sites and services are being used in the commission of a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and risk management, and
- when we have a good faith belief that there is an emergency that poses a threat to the health and/or safety of you, another person, or the public generally.
- In the event of a merger, acquisition, debt financing, restructure, sale of DentalPlans.com assets by or with another company, or a similar corporate transaction takes place, we may need to disclose and transfer all information about you, including personal information, to the successor company.
- We may share information about you with DentalPlans.com’s subsidiaries and affiliates and companies acquired by or merged with DentalPlans.com and its affiliates, including without limitation, to enable such acquired or merged companies to advertise to you products and services in which you may be interested.
- We may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
4. Other Information We Automatically Collect and Cookies
We, or our third party service providers, may also collect and store certain technical information when you use our sites and services. For example, our servers receive and automatically collect information about your computer and browser, including, for instance, your IP address, browser type, domain name from which you accessed the site or service, device size, and other software or hardware information. If you access our sites and services from a mobile or other device, we may collect a unique device identifier assigned to that device (UDID), type of device, general GPS location, or other transactional information for that device in order to serve content to it and to improve your experience in using the sites or services.
In addition, we, or our third party service providers, may collect other non-personal information about you and how you use our sites, including but not limited to, the date and time you visit the sites, the areas or pages of the sites that you visit, the amount of time you spend viewing the sites, the number of times you return to the sites, visits to sites outside our network, preferred language, and other click-stream data. We and our third party service providers may use non-personal information for any purpose, including, to make the sites and services more useful for users. Non-personal information may be shared with partners who referred you to our site(s), who may use the data for their business purposes, including to optimize for other users who they refer to our site(s). Non-personal information may also be shared with partners who help us deliver ads to you on websites not controlled by us, for instance, when we put a pixel on a conversion page on our site and a marketing partner uses that to optimize what traffic they send to us, or using another example, when we create a re-targeting list through DFP Small Business by Google or placing a partners’ pixel on our sites, and then delivering targeted ads across the Internet.
Do Not Track
We do not currently actively respond to “Do Not Track” browser signals or mechanisms that indicate a request to disable online tracking of individual users who use our sites and services.
In general, we use these technologies to remember you when you return to our sites, to understand and analyze trends, to monitor usage and administer the sites, to learn about user behavior on the sites and gather demographic information about our user base as a whole, to customize content or offers on our sites and through our services, and to conduct research to improve our sites, content, and services.
5. User Generated Content, Online Communities and Forums, Profiles, Surveys, Reviews and Ratings
6. Accessing and Updating Personal Information
We encourage you to keep your personal information updated and accurate. We provide you reasonable access to your personal information and the ability to review, correct, or delete it. You have several choices; for instance:
- You may correct or update your account information at any time by logging on to your account.
- You may change your email preferences at any time.
- To access, change, or remove your protected health information, please see the HIPAA section below.
- If you have additional questions about your options, you may contact us at firstname.lastname@example.org.
Protecting your privacy and security is important and we also take reasonable steps to verify your identity before granting access to your data.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).
7. Email and Other Communications
Our sites and services may allow us or other parties to communicate with you or other users through our in-product instant messaging services, service-branded emails, SMS and other electronic communication channels.
Automatic Messages. If your healthcare provider has signed up for our text messaging services, you may automatically receive appointment reminder messages and other health care messages, as defined by the Health Insurance Portability and Accountability Act of 1996, which are exempt from the Telephone Consumer Protection Act and sent at the request of your healthcare provider. Your healthcare provider has represented and warranted to us that they have received your consent to the use of an automatic dialing system to the deliver appointment reminder messages and other informational health-related messages to the phone number you provided. The number of appointment reminders and other healthcare messages sent to you will depend on the number of messages sent from your healthcare provider. Please see more information about the Health Insurance Portability and Accountability Act of 1996 below. If you have questions about the health care messages sent on behalf of your healthcare provider, you should contact your healthcare provider directly.
Rates. Standard message and data rates may apply to any messages sent by us or you. Please contact your wireless provider with any questions regarding text messaging or data rates and plans.
Security. You acknowledge and agree that the text messages are provided via wireless systems which use radios (and other means) to transmit communications over complex networks. We do not guarantee that your use of the text messaging service will be private or secure, and we are not liable to you for any lack of privacy or security you may experience. You are fully responsible for taking precautions and providing security measures best suited for your situation and intended use of the text messaging service(s).
Help. You can reply “HELP” to any text message from us if you need assistance with the text messaging services.
Opting Out of Requested Communications
Requested communications include, for instance, email newsletters or software updates that may be expressly requested by you or which you consented to receive. After you request such communications, you may “opt out” of receiving them by using one of the following methods:
- Select the email “opt out” or “unsubscribe” link, or follow the opt-out instructions included in each email communication.
- To unsubscribe from text messages delivered to mobile devices, reply to the message with the words “STOP” or “END” or contact the applicable site or company affiliate.
- Email us at email@example.com. Please provide your name, contact information, and specific relevant information that you no longer wish to receive.
- To re-opt in, reply “START”, unless otherwise provided by the text messaging terms and conditions applicable to the text message program.
Opting Out of Transactional or Relationship Communications
Communications that are sent by or on behalf of a user are indicated as being “From” that user. Communications that are sent by us are indicated as being from us or one of our account or support specialists assigned to assist you. Either type of communication may be “real time” communications or communications triggered automatically upon the occurrence of certain events or dates, such as appointment reminders. Email communications received from users and our administrative announcements are often transactional or relationship messages, such as appointment requests, reminders and cancellations. You may not be able to opt out of receiving certain messages although our services may provide a means to modify the frequency of receiving them.
Opting Out of General or Promotional Communications
General communications provide information about products, services, and/or support and may include special offers, new product information, or invitations to participate in market research. You may opt out of receiving these general communications by using one of the following methods:
- Select the email “opt out” or “unsubscribe” link, or follow the opt-out instructions included in each email communication.
- To unsubscribe from text messages delivered to mobile devices, reply to the message with the words “STOP” or “END” or contact the applicable site or company affiliate.
- Email us at firstname.lastname@example.org. Please provide your name, relevant contact information, and specific relevant information about your privacy preferences.
8. Protecting Personal and Protected Health Information
The security of our sites and services and the information they store, process and transmit is a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical and administrative safeguards, including: Transport Layer Security (TLS), firewalls, system alerts, and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage, and processing practices. We seek to use reasonable and appropriate administrative, physical, technical, and data security procedures and controls to safeguard your personal and protected health information against unauthorized access, disclosure, loss, misuse, and alteration. Under applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information (as such term is defined by HIPAA) residing on and processed by our sites and services.
We use third-party service providers to manage credit card and payment processing. These service providers are not permitted to store, retain, or use billing information except for the sole purpose of credit card and payment processing on our behalf. When you enter payment information to be processed by our third party service providers, we encrypt the transmission of that information using transport layer security (TLS) technology and do not store it on our systems.
It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our services. We cannot assume responsibility or liability for unauthorized access to our servers and systems. When disclosing any personal or protected health information, you should remain mindful of the fact that it is potentially accessible to the public and, consequently, can be collected and used by others without your consent. Accordingly, you should consider carefully if you want to submit sensitive information that you would not want disclosed to the public and should recognize that your use of the Internet and our sites and services is solely at your risk. You are ultimately responsible for maintaining the secrecy for all your personal information, including your protected health information. Except as provided in a Business Associate Agreement between us and a healthcare provider network, we have no responsibility or liability to anyone for the security of your personal or protected health information transmitted via the Internet.
Steps You Can Take
- Install malware detection programs that regularly scan your system and incoming traffic for malicious code such as computer viruses, worms, Trojan Horses, and spyware. Because viruses and malware are continuously created and modified, regular malware protection software typically requires frequent updates.
- Use a firewall to prevent unauthorized access to your device.
- Because malware often targets vulnerabilities in existing operating systems, browsers, plug-ins, and other programs, software vendors frequently update their products with security patches to guard against known or commonly exploited vulnerabilities. Vendors often try to alert their users and recommend immediate installation of these security patches.
- Use a strong password using a combination of letters and numbers that are not easily guessed. Do not share your password with others.
- If you use a shared device, always close all active programs and log out before leaving it unattended.
- Avoid using a public wireless network, if possible. If you do use a public network, use the most restrictive wireless network settings on your device.
- If you use file-sharing programs, be sure to restrict all other folders or directories to “no share.”
- Be very cautious with any email requesting you to share personal information. On websites, look for the lock symbol on or near your browser’s address bar which signifies a secure website before supplying personal information.
- Exercise care in selecting what information you share, particularly personal or health information.
9. Linked Websites and Services
We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact.
Our sites and services may include collection, transmission, and storage of protected health information you submit for healthcare providers or that healthcare providers submit to us and is subject to special rules under the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”. Our use and disclosure of your protected health information or a healthcare providers data that you or the healthcare provider submits with certain sites and services, is governed by HIPAA.
Use and Disclosure of Your Protected Health Information
When you use certain services (for example, appointment request) all protected health information that you submit is used and disclosed by us as a Business Associate (as defined by HIPAA) according to the terms of a Business Associate Agreement between us and that healthcare provider. This means that we may only use and disclose your protected health information on behalf of, or to provide services to, the healthcare provider according to the Business Associate Agreement. There are three exceptions to this use and disclosure rule. We may use and disclose your protected health information (i) for our internal management and administration; (ii) to carry out our legal responsibilities; and (iii) to perform certain data aggregation services for the healthcare provider and other healthcare providers; provided that, any disclosures for our internal management and administration or to carry out our legal responsibilities are either required by law or made after we obtain reasonable assurances from the person to whom the protected health information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to that person.
Some of the services for a particular healthcare provider may be provided by our subcontractors. The subcontractor must comply with the same terms and conditions for the protected health information that apply to us as a Business Associate of the healthcare provider.
How to Access, Change, or Remove Your Protected Health Information
To comply with HIPAA, your healthcare provider must provide you with rights in certain circumstances with respect to your protected health information. Very generally described, these rights are a right to restrict the uses and disclosures of, a right of access to, a right to amend, and a right to receive an accounting of, the disclosures of your protected health information. These limited rights will be described in detail in the healthcare provider’s notice of privacy practices. If you wish to restrict the uses and disclosures of your protected health information, amend, or receive an accounting of the disclosures of your protected health information, then you must do so through your healthcare provider.
Upon termination of our Business Associate Agreement with a particular healthcare provider, we generally must return or destroy all protected health information received on behalf of or created for that particular healthcare provider and then maintained in any form by us or a subcontractor. If you engaged in our sites and services with that healthcare provider, any protected health information that you submitted with our sites and services or otherwise maintained by us or a subcontractor in connection with our sites and services will be returned to the healthcare provider or destroyed by us or such subcontractor. This means that until the Business Associate Agreement is terminated with that healthcare provider, we or a subcontractor can use and disclose your protected health information as described in the “Use and Disclosure of Your Protected Health Information” section above.
11. Children’s and Minor’s Privacy
Our sites and services are intended for general audiences and are not targeted to children under 13. We do not knowingly collect personal information from children under the age of 13 or utilize plug-ins or ad networks that collect personal information through child-directed third party websites or online services. If you are under 13, please do not disclose or provide any information. If we learn that we have collected personal information from a child under 13, we will take steps to promptly delete the information. Should this policy change, we would comply with the Children’s Online Privacy Protection Act, which requires us to notify and obtain consent from a parent or guardian before we collect, use, and disclose the personal information of children who are under 13 years of age.
Unless our sites and services contain the “Privacy Rights for California Minors in the Digital World” supplemental terms, our sites and services do not collect age from users under 18. If you reside in California and are a minor (you are under 18 years of age) and you are using a site or service that collects your age as a registration requirement and you submit content, please follow the instructions on the supplemental terms to request removal of public content. If such supplemental terms are not available, you can request the removal of content or information you have posted by emailing email@example.com with “California Minor Content Removal Request” in the subject line and in the body of your message. Please specify in your request the site(s) or service(s) to which your request relates, including any URLs where the content or information is posted, and the specific content or information you posted for which you are requesting removal. Please note that this removal does not ensure complete or comprehensive removal of the content or information posted on our sites and services if the content you posted has been shared or reposted. We are only obligated to remove content that you post, where you posted it. There are certain circumstances in which we do not have to remove your content, including if any other state or federal law requires us to maintain the information, we anonymize the content by removing identifying characteristics, the content was stored, republished or reposted by a third party, you do not follow the instructions in this Section or we paid you or you were otherwise compensated for the content you posted. Without limiting the generality of the foregoing, our services may allow users above the age of 18 (such as healthcare providers, parents and guardians) to submit personal information about others, including minors. Such users assume full responsibility over their submission, use and transmission of such information.
12. International Users
We are headquartered in the United States. Our sites and services are hosted and administrated in the United States or hosted with cloud service providers who are headquartered in the United States and are intended for users in the United States. If you are located outside the United States, be aware that information you provide to us or that we obtain as a result of your use of our sites and services may be processed in, transferred to, and stored in the United States and will be subject to U.S. law. U.S. privacy and data protection laws may not be equivalent to the laws of your country of residence. By using our sites and services or providing us with your information, you consent to the collection, transfer, storage, and processing of information to and in the United States.
13. California Privacy Rights
We do not share personal information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure, typically by “opting in” to receive information from a third party that is participating in a sweepstakes or other promotion on one of our sites, for example. If you ask us to share your personal information with a third party for its marketing purposes, we will only share information in connection with that specific promotion since we do not share information with any third party (other than our service providers) on an ongoing basis. To prevent disclosure of your personal information for use in direct marketing by a third party, do not “opt in” to such use when you provide personal information on one of our sites.
Users residing in certain jurisdictions, like California, have a right to access personal information held by us about them and their right of access can be exercised in accordance with applicable law. California law requires certain businesses to respond to requests from California residents asking about the business’s practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the resident has exercised an option to opt-out of such information-sharing. We have such a policy in place.
California residents may request further information about our approach to this law by writing to us. When writing to us, you must put the statement “Your California Privacy Rights” in the body or subject line of your request, and include (i) the name of the site about which you are contacting us, (ii) any unique site identifier associated with you (like member number or forum handle), (iii) your name, and (iv) your contact information. Please submit requests by emailing us at firstname.lastname@example.org and allow 30 days for a response. We will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
14. Contacting Us
Last Updated: October 30, 2017.