ChannelBound, LLC dba ACAPrime (“ACAPrime”, or the “Company”, “We”, “Us”, “Our”) is committed to secure and trustworthy Internet commerce and the individual’s right to privacy. This Privacy Statement describes ACAPrime information practices. ACAPrime provides services through owned domains including: ACAPRime.com, ACATime.com, ACATimeKeeper.com, ACATimeTracker.com, and AssureTrack.com.
Disclosure of Information
We do not share, sell, rent or lease your personally identifiable information to third parties for their promotional purposes or as otherwise outlined in the policy. We may disclose your personally identifiable information to certain third party vendors (e.g., data storage facilities, payment processors, email service providers) used by ACAPrime to assist us in providing the ACAPrime services, to the extent necessary to enable such vendors to provide such assistance. These third parties are prohibited from using your personally identifiable information for any other purposes.
- We may send email offers to selected groups of ACAPrime users on behalf of our company and on behalf of other businesses in whose products and services you may have an interest; but we will not disclose any of your personally identifiable information to any such businesses. We will also include in each such email instructions as to how you can permanently opt-out of receiving any such future emails. In addition, you may contact us at info@ACAPrime.com to request that your information no longer be used.
- We also reserve the right to disclose your personally identifiable information if we reasonably believe we are required to do so by law, regulation or other government authority and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our website.
Use of Information
We and our third party affiliates may use your contact information and unique identifier (such as a user name and password) to provide access to ACAPrime services available on our website and to contact you when reasonably necessary. We may also use any information you have provided as reasonably necessary to administer or provide customer support for the website and the ACAPrime service. We use the information submitted by you to send you correspondence and other information that may interest you and to respond to your correspondence. If, for any reason, you would like to be removed from our email list, you can send us an email info@ACAPrime.com or follow the unsubscribe information contained in each of the emails you receive.
Based upon the personally identifiable information you provide us, we and / or our third party affiliates may send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, to manage your account, and to help us improve our customer support and service to you overall. We will communicate with you by email or telephone, in accordance with your wishes. We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account. If you wish to subscribe to our monthly newsletter, we will use your name and email address to send the newsletter to you. Our newsletters contain important information such as updates and enhancements to our services. Out of respect for your privacy, we provide you a way to unsubscribe through the unsubscribe instructions contained in the emails you receive or by contacting us at info@ACAPrime.com
Finally, if you use the ACAPrime service, we will store the data you upload onto our servers. All your data is encrypted and / or password protected at rest. ACAPrime may access your account, to respond to service or technical problems or as stated in this Agreement. You, not ACAPrime, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness and copyright of all data transferred to ACAPrime. Furthermore, ACAPrime shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any data.
Updating Your Information and Transferring Data
Non-sensitive information may be sent over email. IMPORTANT: Any Sensitive Data, including Protected Health Information (PHI), should be sent in encrypted form, uploaded only using SSL security, or only transferred in a secure way. If you have questions on how transfer PHI or any other sensitive data, please contact us.
If you use a blog or testimonial on this site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. For testimonials, we do obtain the customer’s consent prior to posting their name and photograph along with their testimonial. We are not responsible for the personally identifiable information you choose to submit in these forums. If you want to remove your personally identifiable information that is being displayed on our website under public pages, please contact us at info@ACAPrime.com .
As is true of most web sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you.
The security of your personal information and our Customers’ information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, please contact us.
Personal and Business Information is used for payment processing, customer relationship management (CRM), data storage, payment gateways, billing services, subscription management, and other business services. ACAPrime uses the following companies for the aforementioned business services. Provided below are links to their respective privacy policies:
Chargify – subscription management and payment processing
Stripe – payment gateway
Revion – Database Hosting
Google / Gmail
Dropbox – File Storage
Links to Third Party Websites
Our Policy Toward Children
ACAPrime is committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. The Site is not directed to children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal or contact information without their consent, he or she should contact us. If we become aware that a child under 13 has provided us with personal information, we will delete such information from our files immediately.
If you have any questions about this Statement, please email us at email@example.com, or you may contact us at the following:
1311 W. 96th Street Suite 170
Indianapolis, IN 46260
Statement regarding HIPAA, Business Associate Agreement, and Privacy Practices
If you are a Covered Entity that is subject to HIPAA, ACAPrime will enter into a Business Associate Agreement (see below) with you upon your signing up of our service(s). Covered Entities are required to enter into a Business Associate Agreement with Business Associates that include the following assurances.
ACAPrime works to ensure that its customers are HIPAA compliant while using our service. ACAPrime works to ensure that Protected Health Information (PHI) and Electronic Protected Health Information (ePHI) is kept private, confidential, and secure. As your Business Associate, ACAPrime will use information and data supplied by you to our services only for the purposes for which it was contracted by the Covered Entity. ACAPrime will safeguard the information and data from misuse, and will assist the Covered Entity HIPAA compliance efforts as necessary. ACAPrime will use appropriate safeguards to prevent use or disclosure of the PHI or ePHI other than as provided for by the Business Associate Agreement. ACAPrime will not use or disclose PHI or ePHI other than as allowed or required by the Business Associate Agreement or as required by law. ACAPrime will report to you any use or disclosure of the PHI not provided for by the Business Associate Agreement of which it becomes aware. ACAPrime will mitigate, to the extent possible, any detrimental effect that is known regarding use or disclosure of PHI or ePHI by ACAPrime in violation of the Business Associate Agreement. ACAPrime will ensure that any agent, including subcontractors, to whom it provides PHI or ePHI received from you, agrees to abide by the same conditions and requirements that apply in the Business Associate Agreement with you. ACAPrime’s security practices include generally accepted security protocols, including: usernames, passwords, SSL, and encryption for data storage, access, control, and transfer. ACAPrime will make our practices, policies and procedures, relating to the use and disclosure of PHI or ePHI received from you available to the Secretary of Health and Human Services for purposes of determining compliance with HIPAA.
BUSINESS ASSOCIATE AGREEMENT for HIPAA and HITECH COMPLIANCE
If you are a Covered Entity that is subject to HIPAA, ACAPrime will enter into this Business Associate Agreement with you upon your signing up of our service(s).
- Covered Entity is a covered entity under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), including the HIPAA Rules (as defined below), and the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 (the “HITECH Act”).
- Covered Entity and ACAPrime.com have entered into the ACAPrime.com Services Agreement pursuant to which ACAPrime.com will provide certain services to Covered Entity (the “Services Agreement” or “Master Services Agreement”) and, pursuant to the Services Agreement, ACAPrime.com may receive, maintain and have access to Electronic Protected Health Information (as defined below) in fulfilling its responsibilities under that Agreement.
- As a service provider to Covered Entity as described above, ACAPrime.com may be considered a “Business Associate” of Covered Entity as defined in the HIPAA Rules. The HIPAA Rules include the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule” at 45 CFR Part 160 and Part 164, Subparts A and E), the Standards for Security of Electronic Protected Health Information (the “Security Rule” at 45 CFR Parts 160 and 164, Subpart C), Breach Notification for Unsecured Protected Health Information (the “Breach Notification Rule” at 45 CFR Parts 160 and 164), and the Enforcement Rules at 45 CFR Part 160, Subparts C-E, as each of the foregoing may be amended or supplemented.
- ACAPrime.com and Covered Entity are both committed to complying with the HIPAA Rules, and acknowledge that each has certain obligations to maintain the privacy and security of PHI.
THEREFORE, the parties, in consideration of the mutual agreements herein contained and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, agree to the following terms and conditions covering how each party’s obligations to maintain the privacy and security of PHI will be satisfied.
Capitalized terms used, but not otherwise defined, in this BAA have the meanings ascribed to them in HIPAA, including in the HIPAA Rules, and the HITECH Act, as in effect or as amended from time to time.
“Protected Health Information” or “PHI” has the same meaning as the term “protected health information” as defined in 45 CFR 164.103, and any amendments thereto, limited to the information Business Associate has access to, receives from, and maintains for or on behalf of Covered Entity. PHI includes Electronic Protected Health Information.
“Electronic Protected Health Information” or “EPHI” means the subset of PHI that is transmitted by electronic media or maintained in electronic media.
Business Associate acknowledges and agrees that all Protected Health Information is subject to this BAA.
- CONFIDENTIALITY REQUIREMENTS.
- Business Associate agrees:
- to use or disclose any Protected Health Information solely: (A) for meeting its obligations as set forth in the Services Agreement, or (B) as Required By Law.
- upon termination of this BAA, the Services Agreement, or upon request of Covered Entity, whichever occurs first, if feasible, to return or destroy all Protected Health Information received from Covered Entity that Business Associate still maintains in any form and retain no copies of such information, or if such return or destruction is not feasible, to extend the protections of this BAA to the information and limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible; and
iii. to ensure that its agents (including subcontractors) to whom it provides Protected Health Information agree to the same restrictions and conditions that apply to Business Associate with respect to such Information. In addition, Business Associate agrees to take reasonable steps to ensure that its employees’ actions or omissions do not cause Business
Associate to breach the terms of this BAA.
- Notwithstanding the prohibitions set forth in this BAA, Business Associate may use and disclose Protected Health Information if necessary, for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided that as to any such disclosure, the following requirements are met:
- the disclosure is Required By Law; or
- Business Associate obtains reasonable assurances from the person to whom the Information is disclosed that it will be held confidentially and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the Information has been breached.
- Business Associate will implement appropriate safeguards to prevent use or disclosure of Protected Health Information other than as permitted in this BAA. The Secretary of Health and Human Services will have the right to audit Business Associate’s records and practices related to use and disclosure of Protected Health Information to ensure Covered Entity’s compliance with the terms of the HIPAA Rules. Business Associate will report to Covered Entity any use or disclosure of Protected Health Information which is not in compliance with the terms of this BAA of which it becomes aware.
- OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE.
- Business Associate agrees to not use or disclose Protected Health Information other than as permitted or required by the Services Agreement or as Required By Law.
- Business Associate will implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of EPHI that Business Associate creates, receives, maintains or transmits on behalf of the Covered Entity. Said safeguards shall include, without limitation:
- encryption of EPHI stored or transmitted by Business Associate;
- implementation of secure access controls, including physical locks, firewalls, and secure passwords;
iii. adoption and implementation of contingency planning policies and procedures, including data backup and disaster recovery plans; and
- periodic security training for its employees.
- Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this BAA.
- Business Associate agrees to report to Covered Entity any use or disclosure of the Protected Health Information not provided for by this BAA of which it becomes aware.
- Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from Covered Entity, agrees to the same restrictions and conditions that apply through this BAA to Business Associate with respect to such information.
- Business Associate agrees to make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of Protected Health Information received from Covered Entity available to the Secretary for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule.
- Business Associate will promptly report to Covered Entity any unauthorized acquisition, access, use, or disclosure of Protected Health Information in violation of the HIPAA Rules or other applicable law, or in violation of the terms of this BAA. Such report will be made as soon as reasonably possible but in no event later than ten business days after discovery by Business Associate of such breach. Each report of a breach will include, to the extent possible, the following information: (i) a description of the facts pertaining to the breach, including without limitation, the date of the breach and the date of discovery of the breach, (ii) a description of the Protected Health Information involved in the breach, (iii) the names of the individuals who committed or were involved in the breach, (iv) the names of the unauthorized individuals or entities to whom Protected Health Information has been disclosed, (v) a description of the action taken or proposed by the Business Associate to mitigate the financial, reputational or other harm to the individual who is the subject of the breach, and (vi) provide such other information as Covered Entity may reasonably request including, without limitation, the information, data and documentation required by Covered Entity to timely comply with the HITECH Act and the regulations promulgated thereunder, including the Breach Notification Rule.
- Business Associate agrees to comply with the administrative requirements imposed on it, in its capacity as a business associate, by HIPAA, HIPAA Regulations, HITECH, and the Breach Notification Regulations thereunder.
- OBLIGATIONS OF CUSTOMER AS COVERED ENTITY.
- Covered Entity will not request that Business Associate use or disclose PHI in any manner that would not be permissible under the HIPAA Rules if done by Covered Entity.
- Covered Entity will notify Business Associate in writing of any limitation in its notice of privacy practices adopted in accordance with the Privacy Rules, to the extent that such limitation may affect Business Associate’s use or disclosure of Protected Health Information.
- Covered Entity will provide Business Associate with written notice of any revocations, amendments or restrictions in Covered Entity’s use or disclosure of Protected Health Information if such changes affect Business Associate’s permitted or required uses and disclosure of Protected Health Information under this BAA or the Services Agreement.
- AVAILABILITY OF PROTECTED HEALTH INFORMATION.
- Covered Entity acknowledges and agrees that Business Associate, due to the nature of the technology utilized by Business Associate, has no access, direct or indirect, to the Protected Health Information supplied by Covered Entity to Business Associate.
- The parties agree that, due to the nature of the technology utilized by Business Associate, Business Associate cannot make Protected Health Information available (i) to the extent and in the manner required by Section 164.524 of the Privacy Rule, (ii) for amendment or incorporate any amendments to Protected Health Information in accordance with the requirements of Section 164.526 of the Privacy Rule, or (iii) for purposes of accounting of disclosures, as required by Section 164.528 of the Privacy Rule. Rather, Covered Entity will be solely responsible for compliance with each of the foregoing.
Termination of Covered Entity’s business relationship with Business Associate shall be under the terms set forth in the Services Agreement, incorporated herein by reference. Notwithstanding anything in this BAA or in the Services Agreement to the contrary, Covered Entity has the right to terminate this BAA immediately if Covered Entity determines that Business Associate has violated any of its material terms.
By reference, this BAA incorporates, but does not supersede or replace, the Services Agreement.
Except as expressly stated herein or in the Privacy Rule, the parties to this BAA do not intend to create any rights in any third parties. The obligations of Business Associate under this Section survive the expiration, termination, or cancellation of this BAA until such time as all Protected Health Information stored or copied by Business Associate has been returned to Covered Entity or destroyed.
This BAA may be amended or modified only in a writing signed by the parties. Neither party may assign its respective rights or obligations under this BAA without the prior written consent of the other party. None of the provisions of this BAA are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this BAA and the Services Agreement. This BAA will be governed by the laws of the State of Indiana. No change, waiver or discharge of any liability or obligation hereunder on any one or more occasions will be deemed a waiver of performance of any continuing or other obligation, or will prohibit enforcement of any obligation, on any other occasion. The parties agree that, in the event that the Services Agreement contains provisions relating to the use or disclosure of Protected Health Information which are more restrictive than the provisions of this BAA, the provisions of the more restrictive documentation will control. The provisions of this BAA are intended to establish the minimum requirements regarding Business Associate’s use and disclosure of Protected Health Information.
In the event that any provision of this BAA is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this BAA will remain in full force and effect. In addition, in the event a party believes in good faith that any provision of this BAA fails to comply with the then-current requirements of the Privacy Rule, such party will notify the other party in writing, For a period of up to 30 days, the parties will enter into good faith negotiations to amend the terms of this BAA, if necessary to bring it into compliance, to incorporate same. If, after such 30-day period, the BAA fails to comply with the Privacy Rule, then either party has the right to terminate it, together with the Services Agreement, upon written notice to the other party.