Privacy Policy
HIPAA Business Associate Privacy Policy
Botco.ai takes privacy very seriously. We share a commitment with Covered Entities which are our clients and customers to protect the privacy and confidentiality of Protected Health Information (PHI) that we obtain subject to the terms of a Business Associate Agreement.
This policy is provided to help you better understand how we use, disclose, and protect PHI in accordance with the terms of Business Associate Agreements.
Definitions
Business Associate Agreement (BA Agreement): A formal written contract between Botco.ai and a Covered Entity that requires Botco.ai to comply with specific requirements related to PHI.
Covered Entity: A health plan, healthcare provider, or healthcare clearinghouse that must comply with the HIPAA Privacy Rule.
Protected Health Information (PHI): PHI includes all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.
We collect your name; email address; contact information, including your mailing address; phone number; title; and information about the organization with which you are affiliated. We also collect any information you choose to include in your messages or telephone calls or fax responses when interacting with us through our Sites, including via online forums, inquiry forms, and our support portal.
Use and Disclosure of PHI
We may use PHI for our management, administration, data aggregation, and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to them, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the Privacy Rule.
In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.
We may also use PHI to report violations of law to appropriate federal and state authorities.
Safeguards
We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity. Such safeguards include:
- Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
- Providing appropriate training for our staff to assure that our staff complies with our security policies;
- Making use of appropriate encryption when transmitting PHI over the Internet;
- Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
- Utilizing appropriate authentication and access controls to safeguard PHI;
- Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents;
- Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.
Mitigation of Harm
In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:
- Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity;
- Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.
Access to PHI
As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.
Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.
Botco.ai Privacy Policy
This Privacy Policy describes how we collect, use and disclose your personally identifiable information when you interact with the Services provided by Botco.ai, Inc. (“Botco.ai”). Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in the Botco.ai Terms of Service.
Please note that your use of the Services on third party websites and services, and the information that you share during your use of such third party websites and services, may be subject to such third party’s privacy policy. Botco.ai is not responsible for any use by the third party of any information you provide to such third party, and we encourage you to read the third party’s privacy policy before providing any personally identifiable information.
Information Collection and Use
Upon interacting with the Services, you will have the option to register for an account and become a user of the Services. To register for an account, we will ask you to provide us with some personally identifiable information – information about you that can be used to contact or identify you, like your name and email address. When you use the Services, we will also collect information about the interactions you complete via the Services. We use your email address and interaction history mainly to develop, offer and deliver our Services, to respond to your inquiries, to fulfill legal and regulatory requirements, to conduct market research, project planning, troubleshooting, detecting and protecting against errors, fraud or other criminal activity, and to enforce our Terms of Service. We also use such information to contact you with Botco.ai newsletters, marketing or promotional materials and other information that may be of interest to you. The email address you provide to Botco.ai will be associated with all your Botco.ai interactions. When your account is accessed using your email address all of your interactions through the Service will be visible in your account history.
We may collect non-personally identifiable information, that is information that cannot identify a particular person such as a zip code or city or state of residence, without an association to a name or address, as well as information transmitted during routine internet communications, a user’s Internet Service Provider, and a computer’s operating system. We collect non-personally identifiable information and provide aggregated, non-personally identifiable information about Botco.ai Users (defined below) to third parties for audit, marketing research and other purposes. Since aggregated data is not associated with any particular person, these third parties will not have access to any personally identifiable information about you.
Like many online services, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies for two purposes. First, we utilize persistent cookies to save your login information for future logins to the Services. Second, we utilize session ID cookies to enable certain features of the Services, to better understand how you interact with the Services and to monitor aggregate usage by Botco.ai Users and web traffic routing on the Services. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and Service and then close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all functionality of the Services.
When you use the Services, whether as you have registered for an account or are a non-registered user just browsing (any of these, a Botco.ai User), our servers automatically record information that your browser sends whenever you visit a website (Log Data). This Log Data may include information such as your computer’s Internet Protocol (IP) address, browser type or the webpage you were visiting before you used our Services, pages of our Services that you visit, the time spent on those pages, the information you search for via our Services, access times and dates, and other statistics. We use this information to monitor and analyze the use of the Services and for the Services’ technical administration, to increase our Services’ functionality and user-friendliness, and to better tailor our Services to our visitors’ needs. We also use this information to verify that Botco.ai Users meet the criteria required to process their requests.
Sharing of Personally Identifiable Information
Except in providing the Services, when we otherwise have your permission, or under the circumstances below, we do not share your Personal Information with non-affiliated third parties.
Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include personally identifiable information and we may otherwise disclose non-identifying information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your personally identifiable information.
Service Providers. We may employ third-party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Services’ features) or to assist us in analyzing how our Services are used. These third parties have access to your personally identifiable information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Business Partners. We may also provide your personally identifiable information to the operators of the third-party services and websites through which our Services may be accessed. We will share your personally identifiable information with such third parties for the limited purpose of enabling and completing transactions you enter into via the Services.
Compliance with Laws and Law Enforcement. Botco.ai cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to the government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal processes (including but not limited to subpoenas), to protect the property and rights of Botco.ai or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable activity.
Business Transfers. Botco.ai may sell, transfer or otherwise share some or all of its assets, including your personally identifiable information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Changing or Deleting Your Information
You may review, update, correct or delete the information you provide us by contacting us. If you would like us to remove your information from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the record.
No Adware
Other than ads that are on third-party websites in which the Services are accessible, Botco.ai does not place advertisements on the Services.
International Transfer
Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, Botco.ai transfers personally identifiable information to the United States and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Children
The Services are not directed to children. We do not knowingly collect personally identifiable information from children. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. If we become aware that a member is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
Security
We take precautions — including technical, administrative and physical measures — to safeguard your information. We use technical safeguards such as firewalls and data encryption. Your account information including email address is located on a secured server behind a firewall. We authorize access to personally identifiable information, including email addresses, only for those employees, contractors and agents who need to know that information in order to operate, develop or improve our Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. We also enforce physical access controls to our buildings and files.
Changes
We reserve the right, in its sole discretion, to modify, discontinue, or terminate the Services or to modify this Privacy Policy at any time. If we modify this Privacy Policy, we will notify you of such changes by posting them on the Services or providing you with notice of the modification. We will also indicate when such terms are effective below. By continuing to access or use the Services after we have posted a modification or have provided you with notice of a modification, you are indicating that you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease using the Services.
Personal data processing statutory notice
Botco.ai, Inc. (hereinafter “Botco.ai”), as data controller, in accordance with article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”), is providing the following information about the processing of the personal data which you, as the data subject, have provided us:
- interactions with Chatbots built using the Botco.ai service
Purposes and legal basis of processing
In addition, the data which you have provided may also include some personal data defined by the Code and the GDPR as “special category data”. Sensitive/special category data shall be processed according to the purposes shown further on and only with your consent.
Purpose regarding contractual performance. Your personal data shall be processed for the purpose of performing obligations arising out of the contract for the purchase, for allowing Botco.ai to host and deploy Chatbots to deliver the interactions in an optimal manner and, specifically, for:
- responding to your requests;
- notification of information regarding changes to terms and conditions, etc.);
Legal and safety purposes. Your personal data shall also be processed for the following purposes:
- legal, regulatory, domestic and EU compliance and that arising out of orders issued by authorities within the scope of their legal authority;
- establishing, exercising and/or defending a Botco.ai legal claim before the courts;
- Business and statistics-related purposes. Your personal data shall also be processed for purposes relating or relevant to Botco.ai business operations
- Botco.ai in-house staff, appointed as data processing agents and/or data processor;
- to the persons or companies providing services or advisory or consulting services to Botco.ai for protecting its claims (e.g. chartered accountants, lawyers, tax consultants, auditors and consultants within auditing or due diligence operations, etc.);
- persons and entities that are authorized to access your data, both recognized by law and secondary legislation
The list of persons and entities to which your data have been disclosed is available at the company at the following addresses: [email protected]. or Botco.ai headquarters at 6125 E Indian School Road, Suite 1001, Scottsdale, AZ U.S.A., to the attention of the Data Protection Officer.
Transfer of personal data outside the European Union
Your personal data may be transferred abroad to third-party companies belonging to or outside the European Union for the purposes stated above.
Whenever data is transferred to States outside the European Union, said States shall guarantee an adequate level of protection, based on a specific decision of the European Commission or, alternatively, the recipient shall have a contractual obligation to protect data by adopting an adequate and comparable level of protection to that provided under the GDPR.
Retention of personal data
Personal data shall be retained for a period of time not exceeding that necessary for the purposes for which they were collected and subsequently processed. Personal data shall be retained for the full duration of the contract which you have entered into and for a subsequent period:
- within the periods established under prevailing legislation;
- within the periods established under legislation, including secondary legislation, which requires data to be kept (for example tax returns);
- within the period necessary for protecting the rights of the data controller in the event of any disputes arising concerning performance;
- Personal data collected and processed for profiling shall be retained for a maximum period of ten (10) years, at the end of which they shall be automatically deleted and rendered permanently anonymous.
Data Controller and Data Processors
The Data Controller can be reached at: [email protected] or Botco.ai headquarters at 6125 E Indian School Road, Suite 1001, Scottsdale, AZ U.S.A., to the attention of the Data Controller.
Data Protection Officer
The Data Protection Officer can be reached at: [email protected] or Botco.ai’s headquarters at 6125 E Indian School Road, Suite 1001, Scottsdale, AZ U.S.A., to the attention of the Data Protection Officer.
Data subject rights
At any time, in accordance with articles 15 to 22 of the GDPR, you are entitled, also in relation to profiling, to:
- access your personal data;
- request your personal data to be corrected;
- revoke, at any time, consent to the use and disclosure of your personal data;
- request your personal data to be deleted;
- receive the personal data concerning you in a structured, commonly used and machine-readable format, as well as the right to send your data to another data controller;
- oppose the processing of personal data concerning you for marketing or profiling purposes;
- obtain restriction on the processing of personal data;
- lodge a complaint with a supervisory authority;
- receive a notification whenever there is a personal data breach;
- request information about:
- the purposes of processing;
- the categories of personal data;
- the recipients or categories of recipients to whom personal data have been or will be disclosed, specifically, whenever data have been sent to recipients in third countries or international organizations and the existence of adequate guarantees;
- the period personal data shall be retained;
- whenever data have not been collected from the data subject, all information regarding their origin.
You may exercise these rights and/or obtain further information about personal data processing, by sending a notification via e-mail to: [email protected] or Botco.ai’s headquarters at 6125 E Indian School Road, Suite 1001, Scottsdale, AZ U.S.A., to the attention of the Data Protection Officer.
Purposes and legal basis of processing
The personal data of a customer shall be processed for the following purposes:
- Purposes regarding the Program, for managing a customer’s participation in the Botco.ai Program and, specifically, for:
- fulfilling the interaction
- customer support purposes for said interaction
- Statistical purposes, in anonymous and aggregate form.
Transfer of personal data outside the European Union
A customer’s personal data may be transferred to third-party companies in States outside the European Union, for the purposes stated above.
Whenever data is transferred to States outside the European Union, said States shall guarantee an adequate level of protection, based on a specific decision of the European Commission or, alternatively, the recipient shall have a contractual obligation to protect data by adopting an adequate and comparable level of protection to that provided under the GDPR.
Effective: January 8th, 2019
Updated: November 17th, 2022
Copyright 2022 Botco.ai