Xchart, Inc. (collectively "the company", “we”, and “us”) owns and operates Xchart.com. We deeply respect your privacy and that privacy is paramount to the service we provide.
Applicable website: This policy refers to and is applicable to the website available at xchart.com and related subdomains hereafter referred to collectively as the "Website".
Data Controller: Data Controller is the publisher, owner, and operator of the Website and is the Party responsible for the collection of information described herein. Data Controller shall be referred to either by Data Controller's name or "Data Controller," as listed above. If Data Controller or Data Controller's property shall be referred to through first-person pronouns, it shall be through the use of the following: us, we, our, ours, etc.
Parties: The parties to this policy are the company and you, as the user of this website. Hereinafter, the parties will individually be referred to as "Party" and collectively as "Parties."
Services: "Services" means any products or services that we make available for sale on the Website.
Personal Data: "Personal Data" means personal data and information that we obtain from you in connection with your use of the Website which is capable of identifying you in any manner.
HIPAA: means the Health Insurance Portability and Accountability Act of 1996 and the rules and the regulations thereunder, as amended.
Protected Health Information (PHI): Patient information and health details entered into the application by the user as required for producing the report.
Business Associate Agreement (BAA): An agreement, as defined by HIPAA governing the storage and handling of PHI.
Customer: The organization or individual using Services.
Reports: Any representation of PHI generated through use of Services. Whether printed on paper, or stored on a computer as a digital file.
In addition, some of the Services we offer include storing PHI in a database hosted by Google Cloud. Xchart, Inc. has executed a BAA with Google LLC to cover the use of Google Cloud Services. Before entering PHI that will be stored using Google Cloud Services, the Customer will be required to sign a BAA with Xchart, Inc. The Website will prompt you to do so, before any PHI is stored on your behalf.
Futhermore, how we store and handle PHI saved on our servers is described in a dedicated HIPAA compliance document.
Any Reports a Customer creates may contain PHI. It is entirely the Customer's responsibility to handle Reports in accordance with HIPAA guidelines. In addition, please ensure that access to the device that is running the Website is properly secured, and that it is using a browser, and operating system with up-to-date security patches.
The Party responsible for the processing of your personal data is as follows: Xchart, Inc. The Data Controller may be contacted as follows:
Xchart, Inc. 304 W. Pacific Ave. #210 Spokane, WA 99201
The Data Controller and operator of the Website are one and the same.
Please be advised the data processing activities take place in the United States, outside the European Economic Area. Data may also be transferred to companies within the United States, but will only be done so in a manner that complies with the EU's General Data Protection Regulation or GDPR. The location where the data processing activities take place is as follows:
Google Cloud US-Central Region in Council Bluffs, Iowa, USA
Depending on how you use our Website, you will be subject to different types of Personal Data collected and different manners of collection:
a. Registered users: You, as a user of the Website, will be asked to register in order to use the Website or to purchase the Services available for sale.
During the process of your registration, we will collect some of the following Personal Data from you through your voluntary disclosure: name, email address
Personal Data may be asked for in relation to:
b. Unregistered users: If you are a passive user of the Website and do not register for any purchases or other service, you may still be subject to certain passive data collection ("Passive Data Collection"). Such Passive Data Collection may include through cookies, as described below, IP address information, location information, and certain browser data, such as history and/or session information.
c. All users: The Passive Data Collection which applies to Unregistered users shall also apply to all other users and/or visitors of our Website.
d. Sales & Billing Information: In order to purchase any of the services on the Website, you will be asked to provide certain credit information, billing address information, and possibly additional specific information so that you may be properly charged for your purchases. This payment and billing information may be stored indefinitely. If so, it will be used exclusively to assist you with making future purchases with us.
e. Related Entities: We may share your Personal Data, including Personal Data that identifies you personally, with any of our parent companies, subsidiary companies, affiliates or other trusted related entities.
f. Email Marketing: You may be asked to provide certain Personal Data, such as your name and email address, for the purpose of receiving email marketing communications. This information will only be obtained through your voluntary disclosure and you will be asked to affirmatively opt-in to email marketing communications.
g. User Experience: From time to time we may request information from you to assist us in improving our Website, and the Services we sell, such as demographic information or your particular preferences.
h. Combined or Aggregated Information: We may combine or aggregate some of your Personal Data in order to better serve you and to better enhance and update our Website for your and other consumers' use.
i. Other Information: In addition to collecting the Personal Data as already described herein, we may also collect the following Personal Data:
j. SMS based customer support: If you contact us via SMS, we may collect your phone number and any information you provide to us via text message. We may also respond to you text messages in order to provide you with customer support. We will not use this information for marketing purposes without your consent.
Cookies: We may collect information from you through automatic tracking systems (such as information about your browsing preferences) as well as through information that you volunteer to us (such as information that you provide during a registration process or at other times while using the Website, as described above).
A cookie consists of a reduced set of data transferred to your browser from a web server and it can only be read by the server that made the transfer. This is not executable code and does not transmit viruses.
Technical cookies: Technical cookies, which can also sometimes be called HTML cookies, are used for navigation and to facilitate your access to and use of the site. They are necessary for the transmission of communications on the network or to supply services requested by you. The use of technical cookies allows the safe and efficient use of the site. You can manage or request the general deactivation or cancellation of cookies through your browser. If you do this though, please be advised this action might slow down or prevent access to some parts of the site. Cookies may also be retransmitted by an analytics or statistics provider to collect aggregated information on the number of users and how they visit the Website. These are also considered technical cookies when they operate as described.
Some cookies are deleted automatically at the end of the browsing session - these are mostly used to identify you and ensure that you don't have to log in each time - whereas permanent cookies remain active longer than just one particular session.
Support in configuring your browser: You can manage cookie through the settings of your browser on your device. However, deleting cookies from your browser may remove the preferences you have set for this Website.
For further information and support, you can also visit the specific help page of the web browser you are using:
Log Data: Like all websites and mobile applications, this Website also makes use of log files which store automatic information collected during user visits. The different types of log data could be as follows:
The aforementioned information is processed in an automated form and collected in an exclusively aggregated manner in order to verify the correct functioning of the site, and for security reasons. This information will be processed according to the legitimate interests of the Data Controller.
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may also possibly include Personal Data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the Website or damage to other users, or in the case of harmful activities or crime. Such data are never used for the identification or profiling of the user, but only for the protection of the Website and our users. Such information will be treated according to the legitimate interests of the Data Controller.
We may utilize third party service providers ("Third Party Service Providers"), from time to time or all the time, to help us with our Website, and to help serve you.
We may use Third Party Service Providers to assist with information storage (such as cloud storage).
We may use Third Party Service Providers to host the Website. In this instance, the Third Party Service Provider will have access to your Personal Data.
We may use Third Party Service Providers for the following services in relation to the Website:
Your Personal Data will not be sold or otherwise transferred to other third parties without your approval.
As stated: we take your privacy seriously. This extends into our approach for gathering usage statistics. We've taken great care to ensure no patient data is ever transmitted. In addition, we have no interest in trying to observe or report how you do anesthesia. We're only interested in how you're using the app.
For example, we identify the user and track non-sensitive events to Mixpanel.
Things we explicitly will never include:
Things we do track:
We use secure physical and digital systems to store your Personal Data when appropriate. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destructions.
Please note, however, that no system involving the transmission of information via the internet, or the electronic storage of data, is completely secure. However, we take the protection and storage of your Personal Data very seriously. We take all reasonable steps to protect your Personal Data.
The systems that we use to store your information include but are not limited to:
Personal Data is stored throughout your relationship with us. We delete your Personal Data if you request the deletion of data.
In the event of a breach of your Personal Data, you will be notified in a reasonable time frame, but in no event later than two weeks, and we will follow all applicable laws regarding such breach.
We primarily use your Personal Data to help us provide a better experience for you on our Website and to provide you the services and/or information you may have requested, such as use of our Website.
Information that does not identify you personally, but that may assist in providing us broad overviews of our customer base, will be used for market research or marketing efforts. Such information may include, but is not limited to, interests based on your cookies.
Personal Data that may be considering identifying may be used for the following:
It it our goal to always maintain the privacy of your Personal Data as described herein. However, there are certain exceptional scenarios where we may feel morally or legally compelled that disclosure to third parties is necessary.
This includes, but is not limited to:
From time to time, we may send you informational or marketing communications related to our Website such as announcements or other information. If you wish to opt-out of such communications, you may contact the following email: email@example.com. You may also click the opt-out link which will be provided at the bottom of any and all such communications.
Please be advised that even though you may opt-out of such communications, you may still receive information from us that is specifically about your use of our Website or about your account with us.
By providing any Personal Data to us, or by using our Website in any manner, you have created a commercial relationship with us. As such, you agree that any email sent from us or third-party affiliates, even unsolicited email, shall specifically not be considered SPAM, as that term is legally defined.
If you wish to modify or delete any information we may have about you, or you wish to simply access any information we have about you, you may do so from your account settings page.
You have many rights in relation to your Personal Data. Specifically, your rights are as follows: