Published December 2023
This Privacy Statement covers the websites, products, services and applications of CareAR Holdings (“CareAR” or “we”) that include a link to this Statement (collectively “Products”). This Privacy Statement also applies to CareAR’s marketing and advertising practices where and when it is referenced. It is meant to inform you about our collection and use of your personal data.
Personal Data We Collect
You may choose to give us personal data to register as a user, respond to a survey, or otherwise allow us to communicate with you, process your orders, provide you with Products, or for employment consideration. Data we collect depends on the context of your interactions with CareAR, the choices you make, including your privacy settings, and the Products and features you choose. The CareAR Data Processing Addendum (including the Standard Contractual Clauses) applies to any personal data we process in connection with the provision of services, products or subscriptions. The personal data we collect can include the following:
Name and Contact Data. Your first and last name, email address, postal address, phone number, profile photo and other similar contact data in order to communicate with you, process orders or provide you with Products. We may also collect your employer name, if you are procuring Products on behalf of an organization.
Credentials. Passwords, password hints and similar security information used for authentication and account access.
Demographic Data. Data about you such as your country of residence and preferred language.
Payment Data. Data necessary to confirm that your payment has been processed by our third-party payment processor.
Geolocation Data. We may collect data about your location, which can be either precise or imprecise. Precise location data can be obtained through Global Navigation Satellite System data, as well as through nearby cell towers and Wi-Fi hotspots when you enable location-based products or features. Imprecise location data includes, for example, a location derived from your device or data that indicates where you are located with less precision, such as an internet protocol (IP) address or a city or postal code.
Product-Related Data. During use of CareAR Products on a mobile device, we may receive and record data from your mobile device and network connection including the device model identifier, operating system identification, network signaling, IP Address, date and time the Product is used, profile photo, performance of the Product, feature use, and GPS coordinates (at user’s discretion). When you install a mobile CareAR application, you will be asked to grant access to your mobile device’s notifications, camera, microphone. Your permission for the Product to access these features is needed for the Product to function properly. When you grant such permission, we may collect information about your usage of these features. We will also ask you to grant access to your contacts to facilitate your use of the Product and only then we will use that information to enable you and your contact to use the Service.
Image and Video Data. CareAR Products are not intended for the capture or collection of video representations of individual human subjects. However, our Products cannot prevent users from capturing video images of human subjects along with other video data they capture. CareAR does not monitor captured data to identify images of humans and cannot associate any image of a human with a specific individual. Accordingly, any video data that includes human images can only be processed and used in the manner we process and use non-personal video data. If we are asked to delete a human image captured by our Product, compliance with that request will likely require us to delete the entire file of data captured data with the human image or a substantial portion thereof.
Social Media Data. On our web site, we may provide social media features that enable you to share information with your social networks. Your use of these features may result in the collection or sharing of information about you by the social networking site. Please review the privacy policies and settings of social networks you use to understand their practices.
Job Applications/CVs/Resumes. Professional, education and employment-related information on job applications/CVs/resumes which you provide to us if you submit a job application to CareAR either directly or indirectly, which may include sensitive personal data. CareAR uses this information in order to evaluate your application and perform related employment activities.
Feedback and Product Reviews. Information you provide to us and the content of messages you send to us, such as feedback and product reviews you write, blog posts or questions and information you provide for customer support. When you contact us via our website, a CareAR application or a Help Desk, such as for customer support, phone conversations or chat sessions with our representatives may be monitored and recorded. Your feedback, posts and reviews will be used to seek improvements in our Products.
Website Browsing and Commercial Information. Information about your visits to our websites and your browsing patterns, including inferences drawn from this information. This may include information related to your prior purchases and online buying preferences or data about your device, including IP address, browser type, and regional and language settings. This is more fully described under the section entitled “Cookies, Web Beacons and Privacy Choices” below. We collect this information to determine such things as the number of visitors to various parts of our websites, to personalize your experience on our sites, and tailor our interactions with you.
Data Integrity. We take reasonable steps to ensure that personal data about users is reliable for its intended use, accurate, complete, and current. Users are responsible for the accuracy of all personal data they provide to us. Personal data will be removed from our systems at de-registration/account closure.
Third Party Sources. We also obtain data from third-parties. These third-party sources vary over time, but they are sources deemed credible by us and may be publicly available or available on a commercial basis. They can include:
- Data brokers from which we purchase demographic data to supplement the data we collect;
- Designated entities within your business or enterprise (such as a member of your IT department) in the course of providing Products to you;
- Partners with whom we offer branded Products or engage in joint marketing activities. If you purchase CareAR Products from a CareAR partner we may receive certain information about your purchase from that partner;
- Fraud prevention agencies or credit reporting agencies in connection with credit determinations; and
- Publicly available sources such as open government databases or other data in the public domain.
How We Use Personal Data
We collect and process personal data with your consent, as required by law, or as necessary to fulfill the legitimate interests or business purposes of CareAR, including to: (i) provide you with Products; (ii) manage, administer and operate our business; (iii) meet our contractual and legal obligations; (iv) carry out direct marketing; (v) prevent fraud; and (vi) protect the security of our systems and our customers.
CareAR uses personal data to:
- respond to your questions and communicate with you;
- provide customer support;
- share news, updates, or helpful tips about CareAR Products;
- enable online shopping;
- inform you of special promotions and other advertising;
- allow you to sign up for online services;
- create and facilitate reseller partnerships;
- receive and evaluate job applications;
- customize, analyze, and improve our Products and technologies, communications and relationships with you;
- deliver Products requested by you;
- deliver updates to this Privacy Statement and to the Terms of Service for our Products and Solutions;
- notify you about administrative matters that pertain to your CareAR Products; and
- in the event of a merger or acquisition of CareAR or a substantial portion of its assets, disclose or transfer personal data to the surviving or acquiring party, respectively.
Personal data that is submitted in a business capacity may be merged with available business database directories.
How We Share Personal Data
We share your personal data as necessary for CareAR’s business purposes, to complete a transaction or provide a product or service you have requested or authorized. For example, credit card payments initiated through our websites are processed by third parties with whom the payment information you provide is transmitted. We do not retain any such information. The payment processor may share your information with consumer reporting agencies for fraud prevention and credit risk reduction , as required by law.
We share personal data among CareAR affiliates and subsidiaries to efficiently manage the operation of our business. We also share personal data with vendors or agents working on our behalf for the purposes described in this Statement or in our contracts with you. For example, companies we’ve hired to provide customer service support or assist in maintaining or servicing business accounts or products via our systems and services may need access to personal data to provide those functions. In addition, we may share information with third parties for the joint offering of a product or service.
In such cases, these companies are required by contract to, at minimum, abide by the terms of our data privacy and security requirements that bring about compliance with applicable law and they are not allowed to use personal data they receive from us for any other purpose. We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets.
Finally, we will transfer or disclose personal data when we have a good faith belief that doing so is necessary to:
- Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
- Protect our customers, for example to prevent attempts to defraud users of our products, or to help prevent the loss of life or serious injury of anyone; or
- Operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
We do not sell your personal data to third parties.
Where We Process and Store Personal Data
Personal data collected by CareAR may be transferred to, stored and processed in your region, the United States, or any other country in which CareAR or its subsidiaries, affiliates, sub-contractors, agents or partners maintain facilities. Our subsidiaries, affiliates, sub-contractors, agents and partners are required by contract to safeguard any personal data they receive from us and are prohibited from using the personal data for any purpose other than to provide the Products as instructed by CareAR. We also take steps to provide adequate protection for any transfers of your personal data in accordance with applicable law.
Our privacy guidelines are communicated to CareAR employees on an annual basis as part of our mandatory training program. We take steps to ensure that the data we collect under this Privacy Statement is processed according to the provisions of this Statement and the requirements of applicable law wherever the data is located. Sometimes we transfer personal data from the European Economic Area and Switzerland to other countries. When we do, we use a variety of legal mechanisms, including Standard Contractual Clauses, to help ensure any required rights and protections apply to your data.
Clicking on videos on CareAR.com may (1) take you to a third party’s site to play the video, or (2) play the video on CareAR.com and this functionality may be supported by a third party’s site or technology (e.g.,YouTube, YouTube API, or another third party site). In any such case, by playing the video you may become subject to the third party’s terms and conditions, including, but not limited to, its terms of service and policies on privacy and collection and use of your information. https://www.youtube.com/t/terms
Protection of EU/Swiss Personal Data Transferred to the U.S.
CareAR provides reasonable and adequate security and protection for EU/Swiss data subjects and their personal data that is transferred to it in the U.S. Care AR relies on Standard Contractual Clauses to document its commitments and protection of such personal data.
Transparency Report. In the interest of transparency in the wake of the EU Court’s decision in Schrems II to data subjects whose personal data is transferred from the EU/Switzerland to CareAR in the U.S. CareAR acknowledges the Court’s reference to two specific authorities upon which it based its decision: §7022 of the Foreign Intelligence Surveillance Act (“FISA”) and Executive Order 12333 (“EO 12333”). Pursuant to these authorities, the U.S. government may, in certain circumstances, obtain secret subpoenas or warrants, the targets of which may include non-U.S. data subjects., To the best of its knowledge, CareAR Holdings has never received or responded to any national surveillance subpoena or warrant under FISA or EO 12333. Based on this history, the fact that the type of personal data that CareAR processes is not typical of that sought by US surveillance agencies, and CareAR’s use of the Standard Contractual Clauses and the protections described therein, EU and Swiss data subjects and our customers may have reasonable assurance that (1) CareAR is unlikely to receive a FISA or EO 12333 subpoena or warrant targeting the personal data of an EU or Swiss citizen that is transferred to CareAR in the U.S., and (2) the personal data transferred to CareAR in the U.S. and the rights of EU and Swiss citizens are adequately protected consistent with the requirements of GDPR and the Swiss FADP.
Period of Storage
CareAR retains personal data for as long as necessary to provide the Products and transactions you have requested or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Actual retention periods can vary. The criteria used to determine the retention periods include: (i) how long personal data is needed to provide our products or operate our business; (ii) whether the personal data is of a sensitive type; and (iii) whether CareAR is subject to a legal, contractual or similar obligation to retain the data.
Your Privacy Rights
You have choices about the data we collect. When you are asked to provide personal data, you may decline. However if you choose not to provide data that is necessary to provide a Product or feature, you may not be able to use that Product or feature.
- If the processing of personal data is based on your consent, you have a right to withdraw consent at any time for future processing;
- Where applicable, you have a right to request from us, (i) access to and receipt of personal data, (ii) transfer of personal data, and (iii) rectification or deletion of your personal data;
- You may also have a right to object to or restrict the processing of your personal data;
- You have the right to object to direct marketing from us. You may unsubscribe (1) via the ”opt-out ” or “unsubscribe” link provided in the marketing communication you receive and access our communication Preference Center at any time); (2) by sending an email request to CareARPrivacy@carear.com with “Marketing Unsubscribe” in the subject line along with the details of your request in the email; or (3) by sending a hard copy request to Global Data Privacy Team, CareAR Holdings, 201 Merritt 7, Norwalk, CT 06851-1056; Attn: Compliance Department – Privacy (Marketing Unsubscribe) along with the details of your request; and
- You have a right to file a complaint with a regulator or data protection authority.
You may contact CareAR to check the accuracy of your personal data or to request that your information be updated or deleted by writing to CareARPrivacy@carear.com. Please indicate "Access" in the subject line and let us know the details of your request in the body of the message. CareAR reserves the right to confirm your identity and to modify the scope and number of requests. In certain cases, your request may be denied on the basis of a legitimate exception or where we are legally prevented from honoring such request.
CareAR does not direct any part of its website or Products to children under 13 years old (or such age as a child is defined by local law if higher) and does not knowingly collect personal data from children or target its website or Products to children. If we learn we have collected or received personal data from a child under 13 years old without verification of parental consent, we will delete the information.
Security of Personal Data
CareAR is committed to protecting the security of your personal data and maintains strict access control over it. We utilize reasonable and appropriate physical, technical and administrative procedures to safeguard personal information we collect and process. Only authorized CareAR personnel, and those of our subsidiaries, affiliates, agents, and partners are allowed to handle information collected by CareAR.
CareAR websites store personal data in password-protected environments on servers that are subject to CareAR’s information security policies, standards, and procedures. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. When we transmit sensitive personal data such as a password over the Internet, we protect it through the use of encryption.
Our Agents and Partners Protect Personal Data
When you provide personal data to CareAR, it may be necessary to transfer personal data to our subsidiaries, affiliates, agents or partners, who then fulfill the orders or provide the Products. CareAR requires that its subsidiaries, affiliates, agents and partners handle personal data with the same concern for personal data privacy as CareAR.
Cookies, Web Beacons and Privacy Choices
What is a Cookie?
Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work efficiently, as well as to provide information to the owners of the site. Cookies are useful because they allow a website to recognize your device, letting you navigate between pages efficiently, remembering your preferences, and generally improving your experience.
The cookie information that CareAR collects helps us track the number of visitors to our websites over time and determine whether these were new or repeat visits.
What is a Web Beacon?
A web beacon is an electronic image that can be used to recognize a cookie on your computer or other device when you view a web page or email.
How Does CareAR Use Web Beacons?
CareAR and our third party advertising partners may use web beacons on our websites, in our emails, and in our advertisements on other websites to measure the effectiveness of our websites and our advertising. For example, web beacons may count the number of individuals who visit our websites from a particular advertisement or the number of individuals who open or act upon an email message.
Can I Block Cookies and Web Beacons?
Can I Control the Interest-Based Advertising that CareAR Websites Collect About Me?
Yes, CareAR provides tools to opt-out of data collection.
"Do Not Track" (DNT) is also a privacy preference you can set in your browser if you do not want online services — specifically ad networks — to collect and share certain kinds of information about your online activity from third party tracking services. CareAR responds to browser DNT signals and follows the W3C standard for responding to DNT signals. If you would like to set your browser to signal that you would not like to be tracked, please check your browser’s documentation for how to enable that signal. There are also good applications that block online tracking, such as Privacy Badger.
Links to Non-CareAR Websites.
Privacy Choices: How Does CareAR Use Interest-Based Advertising?
What Information Do CareAR Websites Collect for Interest-Based Advertising?
CareAR may send commercial email to you advertising our Products. You can also subscribe to various product and service-specific communications on our websites. If you receive commercial email from CareAR and wish to discontinue these mailings, you may unsubscribe using one of the methods described above under “Your Privacy Rights.” This unsubscribe option does not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, software updates, or other administrative and transactional notices, the primary purpose of which is not promotional in nature.
If you have any questions or concerns about our use of your personal information or this Privacy Statement, please contact us using the following details:
Global Data Privacy Team
201 Merritt 7
Norwalk, CT 06851-1056
Attn: Compliance Department – Privacy
CareAR reserves the right to make changes to this Statement. If we make changes, we will revise this Privacy Statement to reflect such changes and revise the effective date of the Statement.
Statement Effective Date: December 11, 2023.
What Was Revised in this Update?
This Privacy Statement replaces, in its entirety, CareAR’s previous Privacy Statement as of the Statement Effective Date.
CareAR Holdings is a Xerox software business, comprised of CareAR™, DocuShare, and XMPie® solutions, technologies, and services.