Privacy Notice for Connecticut Residents
Savista’s Privacy Notice for Connecticut Residents
Last Updated: June 15, 2023
This Privacy Notice for Connecticut Residents (“Notice”) supplements the information contained in Savista’s Privacy Policy and applies solely to all visitors, users, and others who reside in the State of Connecticut (“consumers” or “you”).
This Notice is intended to describe our online and offline information practices as they relate to your personal information and also to describe your rights related to your personal information. We adopt this Notice to comply with the Connecticut Privacy Act (CTDPA) and any terms defined in the CTDPA have the same meaning when used in this Notice.
This Notice does not include personal information collected by Savista as part of an employee-employer relationship, including applicants and candidates for employment with Savista, personal information collected from individuals acting in a commercial context (e.g. as a representative of a Savista customer, prospective customer, vendor or supplier), or personal information or health records governed by HIPAA, the federal Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. § 1320d et seq.).
Information We Collect
Savista collects information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (personal information). The Company collects and uses personal information generally for our business purposes, to provide the services for which you have inquired, and to be in legal compliance.
| Category | Examples | Collected | Sold or Shared | Disclosed for Business Purpose | To whom we disclosed personal information |
|---|---|---|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, phone number. | YES | YES | YES | Services providers that support our business such as website developers, infrastructure providers, auditors and consultants
Marketing partner to manage and deliver advertising and understand your preferences. We may share information that does not directly identify you (e.g., your IP address, or other information associated with your online browsing activities) for our advertising and marketing efforts |
| B. Protected classification characteristics under Connecticut or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO | N/A | N/A | Representatives of Connecticut residents
Government agencies Outside organizations in connection with human resource activities and workforce management Outside companies in connection with routine or required reporting |
| C. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO | N/A | N/A | N/A |
| D. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A | N/A | N/A |
| E. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES | NO | NO | N/A |
| F. Geolocation data. | Physical location or movements. | YES | NO | YES | Outside organizations in connection with providing services, completing transactions, supporting our everyday operations, or business management and development
Representatives of Virginia residents Government agencies Outside companies in connection with routine or required reporting |
| G. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | N/A | N/A | N/A |
| H. Professional or employment-related information. | Current or past job history or performance evaluations. | NO | N/A | N/A | N/A |
| I. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO | N/A | N/A | N/A |
| J. Inferences drawn from other personal information. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO | N/A | N/A | N/A |
| K. Sensitive Personal Information | Racial or ethnic origin, religious or philosophical beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status. | NO | N/A | N/A | N/A |
| Genetic or biometric data for the purpose of uniquely identifying a natural person. | NO | N/A | N/A | N/A | |
| Personal data collected from a known child. | NO | N/A | N/A | N/A | |
| Precise geolocation data. | NO | N/A | N/A | N/A |
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information that cannot be reasonably linked back to an individual.
- Information excluded from the CTDPA’s scope, like:
- Protected Health Information (PHI) covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or information treated in the same manner as PHI that is maintained by a Covered Entity or Business Associate.
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or the Driver’s Privacy Protection Act of 1994.
Use of personal information
We may use or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our website, products, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your website experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our website, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our website, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CTDPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Savista’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Savista is among the assets transferred.
Savista does not collect your sensitive personal information and will not process your personal information without your consent.
Savista will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Disclosure of personal information
Savista may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We may share your personal information with the following categories of third parties:
- Service providers
- Relevant third parties in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Savista’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Savista is among the assets transferred.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
Sales of Personal Information
The Company does not and will not sell your personal information or process your personal information for targeted advertising as defined by CTDPA.
Your Rights and Choices
The CTDPA provides consumers (Connecticut residents) with specific rights regarding their personal information. This section describes your CTDPA rights and explains how to exercise those rights.
Your Right to Know and Access Specific Pieces of Personal Information
You have the right to request that Savista disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we disclosed your personal information for a business purpose.
Your Right to Correct Inaccurate Personal Information
You have the right to request that Savista correct inaccurate personal information that we maintain about you. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, Deletion, and Correction Rights), we will use commercially reasonable efforts to correct (and direct our service providers to correct) your inaccurate personal information in our records.
Your Right to Delete Personal Information
You have the right to request that Savista delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If we cannot delete your information, we will provide you a reason for our denial and you may appeal our decision.
Your Right to Opt-Out of the Processing of Personal Information
Savista does not process personal data for the purposes of targeted advertising, the sale of your data or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. However, if you are 16 years of age or older, you have the right to “opt-out” at any time.
We do not collect the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request via our webform or by calling us toll-free at 1-833-770-3100.
Only you may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
- Making a verifiable consumer request does not require you to create an account with us.
- We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
- For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable, and instructions for how you can appeal the decision.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
The Company does not process personal information for the purposes of targeted advertising or profiling in the furtherance of decisions that produce legal or similarly significant effects concerning you. The Company also does not sell personal information described in this Notice.
However, if you are 16 years of age or older, you have the right to “opt-out” at any time. We will maintain your preference on file.
We do not sell or collect the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
Non-Discrimination
We will not discriminate against you for exercising any of your CTDPA rights. Unless permitted by the CTDPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Appeal Process
If we notify you that we are unable to act on your request, you may appeal the decision within 30 days of receipt of our decision by submitting your appeal request via our webform or by calling us toll-free at 1-833-770-3100. Please include any relevant information as to why you believe our decision should be reconsidered. We will evaluate all requests for appeals and provide a written response within 60 days.
Notice of Sale of De-Identified Information
Savista reserves the right to sell or disclose deidentified information derived from patient information which is not subject to the CTDPA. Any such information is de-identified in accordance with Section 164.514(b)(1) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method. Once de-identified, Savista makes no attempt to re-identify such data.
Changes to Our Privacy Notice
Savista reserves the right to amend this privacy Notice at our discretion and at any time. When we make changes to this privacy notice, we will post the updated notice on the website and update the notice’s effective date.
Contact Information
If you have any questions or comments about this notice, the ways in which Savista collects and uses your information described in this notice, your choices and rights regarding such use, or wish to exercise your rights under Connecticut law, please do not hesitate to contact us at complianceoffice@savistarcm.com.