HITRUST Privacy Notice

HITRUST cares about you and your privacy. This Notice provides you information on how we collect your information, how we use it, how we store it, and how and when we delete it.

Please be aware that this Notice applies only to information collected by HITRUST and its subsidiaries and affiliates, including but not limited to HITRUST Services Corp., HITRUST Alliance, Inc., and HITRUST Assessment Exchange LLC (collectively “we,” “our,” “us”). This does not apply to information collected by any third parties. While our websites or services may contain links to third-party websites or other information, we do not operate or control them and therefore do not control their privacy notices or policies. This policy applies to any personal data collected about you by HITRUST, either electronic, written, or oral.

Our Notice includes the following information:

  • The type of information covered by this Notice
  • The collection and use of your personal data
  • Means to manage your personal data and communication preferences
  • Sharing of your personal data by us
  • Protection and security of your personal data
  • Use of cookies
  • Changes to this Notice
  • Our Contact information

TYPE OF INFORMATION

This Notice applies to personal data collected by us. Personal data is any information that can be used to identify you directly or indirectly. This includes but is not limited to your name, address, phone number, email address, payment card information, and/or certain additional categories of information that identify you personally.

COLLECTION AND USE OF YOUR PERSONAL DATA

We collect information you provide directly to us, such as when you create or modify your account or user preferences, sign up for a newsletter, contact us, respond to a survey, use online content, use the HITRUST CSF or the HITRUST MyCSF, or otherwise communicate with us. This information may include your name, email address, phone number, postal address, survey responses, user content stored or entered into the forms found in our online platforms, and other information you choose to provide. We use this data to provide you services, products, and support. We also use your personal data to contact you about our news and updates.

We also allow our analytics provider or providers to collect usage information over the Internet to determine website traffic.

We and most of the third parties with which we may share your data, are located in the United States. If you are visiting our website or otherwise communicating with us from outside the United States of America, please be aware that your information may be transferred to, stored or processed in the United States and maintained on computers or servers located outside your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. By providing us your Personal Data, you understand that you are choosing to transfer that information to the United States.

MEANS TO MANAGE YOUR PERSONAL DATA AND COMMUNICATION PREFERENCES

If you do not want to receive information about our products or services, please update your account preferences and/or utilize the “unsubscribe” mechanism within the communications that you receive from us.

If you need to change any of your information or have it deleted, please contact us at info@HITRUSTAlliance.net.

SHARING OF YOUR PERSONAL DATA BY US

Also, please note that we may store and process your Personal Data in systems located outside of your home country. However, regardless of where storage and processing may occur, we take appropriate steps to ensure that your information is protected, consistent with the principles set forth under this Notice.

WHO HAS ACCESS TO THE PERSONAL DATA?

We will not sell, rent, or lease mailing lists of customer names or email addresses to others, and we will not make your Personal Data available to any unaffiliated parties, except our approved agents and contractors, or as otherwise described in this Privacy Notice. We may share your information as needed among our affiliates and subsidiaries, who are subject to this Notice.

We will share your information as required by law, in a matter of public safety or policy, as needed in connection with the transfer of our business assets (for example, if we are acquired by another company), or if we believe in good faith that sharing the data is necessary to protect our rights or property.

Without your consent, we will not disclose any Personal Data except as necessary to service the account, to enforce the terms of use, to meet our obligations to content and technology providers, or as required by law.

PROTECTION AND SECURITY OF YOUR PERSONAL DATA

The security of your information is important to us. We take precautions to protect your information by implementing safeguards to protect the information we collect. However, you should keep in mind that no website, internet transmission, or software product is ever completely secure or error-free.

PLEASE NOTE: The safety and security of your information also depends on you. We urge you to take steps to keep your personal information safe, such as choosing strong passwords and never sharing your password with anyone else. If you create or receive a password in connection with our services or website, please notify us promptly if you believe your password security has been breached and remember to log off the service before you leave your computer or mobile device.

You may communicate with us through email. Because normal email is not encrypted, the possibility exists that unauthorized individuals may intercept email messages. We and our subsidiaries and affiliates are not responsible for privacy of email messages except those stored in our system.

USE OF COOKIES

A cookie is a small text file that a website saves on your computer or mobile device when you visit its site. It enables the website to remember your actions and preferences over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies also help us understand which sections of our websites are the most popular as they help show which pages are being visited and for how long. This helps us adapt our websites to provide more relevant and accessible information. Cookies can be deleted or blocked by changing browser settings.

Advantages of cookies are:

  • Remembering the details as provided by the user
  • Remembering user preferences
  • Helping improve the site

BLOCKING/RESTRICTING COOKIES

To manage or delete cookies on your browser or on a mobile device, please visit the official webpage of the browser or device manufacturer and the documentation provided by them and follow their instructions.

Please note, however, that disabling cookies might affect your online experience and/or prevent you from taking full advantage of our site and some of its functionality.

DO NOT TRACK

California and Delaware law require us to indicate whether we honor “Do Not Track” settings in your browser concerning targeted advertising. At this time, there is no worldwide uniform or consistent industry standard or definition for responding to, processing, or communicating Do Not Track signals. Thus, like many other websites and online services, we do not currently respond to any Do Not Track browser requests.

SPECIFIC RIGHTS FOR CALIFORNIA RESIDENTS

Under California law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, email and mailing address, and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes and (b) the name and address of all such third parties. To request the above information, please email us at info@HITRUSTAlliance.net with a reference to California Disclosure Information. Please note that we are required to verify that the request is from you and are only required to respond to each customer twice per calendar year.

CHANGES TO THIS NOTICE

Because we are committed to your privacy and laws and technologies change, this Notice may change from time to time. Updates will be posted here. This Notices was last updated July 24, 2019.

OUR CONTACT INFORMATION

We hope that this information is useful to you and reflects our commitment to your privacy. Please contact us via email at info@HITRUSTAlliance.net, via phone at 469-269-1100, or via regular mail at 6175 Main St, Suite 420, Frisco, Texas 75034 if you have any questions or concerns.

We thank you for your trust in us.