Privacy Policy
Effective: January 26, 2021
Last Updated: October 3, 2024
Overview
This privacy policy for Access Ingenuity ("Company," "we," "us," or "our") explains how and why we collect, store, use, and share your information when you use our services ("Services"). This includes:
- Visiting our website at Access Ingenuity or any other site that links to this policy.
- Engaging with us in other related ways, including sales, marketing, or events.
This Privacy Policy ("Policy") applies to 4751 Hoen Avenue and Access Ingenuity ("Company") and governs data collection and usage. For the purposes of this Privacy Policy, unless otherwise noted, all references to the Company include 4751 Hoen Avenue, Document Accessibility, and documentaccessibility.com. The Company's website is an eCommerce, Accessibility Resources, and Services Overview site. By using the Company website, you consent to the data practices described in this statement.
If you have any questions or concerns about our policies, please contact us at info@accessingenuity.com.
Summary of Key Points
- Personal Information: We collect various types of personal information based on how you interact with our Services and your choices.
- Sensitive Information: We handle Protected Health Information (PHI) for certain clients in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
- Third-Party Information: We do not receive information from third parties.
- Data Processing: Data processing activities are documented, monitored, and regularly reviewed to ensure compliance with SOC 2 and HIPAA requirements. We conduct regular risk assessments and implement necessary controls to mitigate identified risks.
- Data Sharing: We share your information in specific situations and with specific third parties.
- Data Security: We implement SOC 2-compliant security controls to protect your data, including encryption, access controls, regular security audits, and incident response plans.
- User Rights: Users have the right to access, amend, and restrict the processing of their PHI in compliance with HIPAA. We provide mechanisms for users to exercise their rights under HIPAA and SOC 2.
- Exercising Rights: You can exercise your rights by visiting our contact page or contacting us directly.
For more details, please read the full privacy policy below.
Table of Contents
- What Information Do We Collect?
- How Do We Process Your Information?
- When and With Whom Do We Share Your Personal Information?
- Do We Use Cookies and Other Tracking Technologies?
- How Long Do We Keep Your Information?
- How Do We Keep Your Information Safe?
- Do We Collect Information From Minors?
- What Are Your Privacy Rights?
- Controls for Do-Not-Track Features
- Do California Residents Have Specific Privacy Rights?
- CCPA Privacy Notice
- Incident Response and Breach Notification (HIPAA Compliance)
- Employee Training and Access Controls (SOC 2 and HIPAA Compliance)
- Do We Make Updates to This Notice?
- How Can You Contact Us About This Notice?
- How Can You Review, Update, or Delete the Data We Collect From You?
1. What Information Do We Collect?
We collect personal information that you voluntarily provide when you register on our Services, show interest in our products or services, participate in activities on our Services, or otherwise contact us. This may include:
- Names
- Phone numbers
- Email addresses
- Mailing addresses
- Contact preferences
- Authentication data
- Billing addresses
- Debit/credit card numbers
If you purchase Access Ingenuity's products and services, we collect billing and credit card information. This information is used to complete the purchase transaction.
We do not collect any personal information about you unless you voluntarily provide it to us. However, you may be required to provide certain personal information to us when you elect to use certain products or services. These may include:
- Registering for an account
- Entering a sweepstakes or contest sponsored by us or one of our partners
- Signing up for special offers from selected third parties
- Sending us an email message
- Submitting your credit card or other payment information when ordering and purchasing products and services
To wit, we will use your information for, but not limited to, communicating with you in relation to services and/or products you have requested from us. We also may gather additional personal or non-personal information in the future.
Protected Health Information (PHI): For certain clients, we handle PHI in compliance with the Health Insurance Portability and Accountability Act (HIPAA). This includes implementing administrative, physical, and technical safeguards to protect the privacy and security of PHI. PHI includes any information related to an individual's health status, provision of health care, or payment for health care that can be linked to a specific individual.
Non-PHI Personal Information: We also collect personal information during e-commerce transactions, marketing activities, or when users request quotes for our products and services. This information, which is not classified as PHI, includes:
- Information collected during e-commerce transactions (e.g., payment data such as payment instrument numbers and security codes).
- Information collected for marketing purposes (e.g., browsing behavior, preferences, interests).
- Information provided when requesting a quote (e.g., contact details, product/service interests).
Payment Data: We collect data needed to process payments, such as payment instrument numbers and security codes. All payment data is stored by our payment providers: Shopify, Stripe, PayPal, Apple Pay, Google Wallet, and Meta Pay. You can review their privacy policies via the provided links.
Automatically Collected Information: We collect certain information automatically when you visit, use, or navigate our Services. This includes:
- IP address
- Browser and device characteristics
- Operating system
- Language preferences
- Referring URLs
- Device name
- Country and location
- Usage information
This information helps us maintain the security and functionality of our Services and for internal analytics.
2. How Do We Process Your Information?
We process your personal information for various reasons, such as:
- Account creation and authentication
- Sending administrative information
- Requesting feedback
- Protecting our Services
- Improving our Services, marketing, and your experience
- Identifying usage trends
- Evaluating marketing and promotional campaigns
- To operate and deliver the services you have requested
- To provide you with information, products, or services that you request from us
- To provide you with notices about your account
- To carry out the Access Ingenuity's obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collection
- To notify you about changes to our services or any products we offer or provide through it
- In any other way we may describe when you provide the information
- For any other purpose with your consent
3. When and With Whom Do We Share Your Personal Information?
Access Ingenuity does not sell, rent, or lease its customer lists to third parties.
Access Ingenuity may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (email, name, address, phone number) is transferred to the third party. Access Ingenuity may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Access Ingenuity, and they are required to maintain the confidentiality of your information.
Access Ingenuity may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to:
- Conform to the edicts of the law or comply with legal process served on Access Ingenuity or our sites
- Protect and defend the rights or property of Access Ingenuity
- Act under exigent circumstances to protect the personal safety of users of Access Ingenuity, or the public
All third-party vendors handling PHI or other sensitive data are required to sign Business Associate Agreements (BAAs) and comply with SOC 2 and HIPAA standards.
The third parties we may share personal information with are as follows:
| Category | Third-Party Service Providers |
|---|---|
| Advertising, Direct Marketing, and Lead Generation | Facebook Audience Network, Bing Ads, Google AdSense, Mailchimp, LinkedIn Marketing, X |
| Invoice and Billing | Apple Pay, Google Wallet, PayPal, Stripe |
| Retargeting Platforms | Facebook Remarketing, Facebook Custom Audience, Google Analytics Remarketing, Google Ads Remarketing, X Remarketing, Twitter Tailored Audiences, LinkedIn Marketing Tracking |
| Social Media Sharing and Advertising | Facebook advertising, LinkedIn advertising, LinkedIn social plugins, Facebook social plugins, Instagram advertising, Google+ social plugins, X advertising, Twitter social plugins, YouTube social plugins |
| User Commenting and Forums | Facebook Comments |
| Web and Mobile Analytics | Google Analytics, Google Tag Manager |
| Website Hosting | Shopify |
4. Do We Use Cookies and Other Tracking Technologies?
Yes, we use cookies and similar tracking technologies to collect and store information. You can learn more and manage your preferences in our Cookie Policy.
5. How Long Do We Keep Your Information?
We retain your personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law. Once we no longer need your information, we will delete or anonymize it.
For PHI specifically, we retain and protect the information for 30 days, after which it is securely shredded and deleted.
6. How Do We Keep Your Information Safe?
We use technical and organizational measures to protect your personal information. These measures include:
- SSL Protocol
- Encryption: We use AES-256 encryption for data at rest and in transit.
- Access Controls: Access to personal information is restricted based on the principle of least privilege. We use multi-factor authentication where applicable and conduct regular access reviews.
- Regular Security Audits: We conduct regular penetration testing and security audits to identify and address vulnerabilities.
- Incident Response Plans: We have a detailed incident response plan to promptly address and mitigate any security incidents.
We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that:
- There are security and privacy limitations inherent to the Internet that are beyond our control
- The security, integrity, and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed
7. Do We Collect Information From Minors?
We do not knowingly collect data from or market to children under 18 years of age. If we learn that we have collected data from a minor, we will delete it promptly. If you become aware of any data we may have collected from children under age 18, please contact us at info@accessingenuity.com.
8. What Are Your Privacy Rights?
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Depending on your location, you may have rights regarding your personal information, including accessing, updating, or deleting your data. You can exercise these rights by visiting our contact page or contacting us directly at info@accessingenuity.com.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying "STOP" or "UNSUBSCRIBE" to the SMS messages that we send, or by contacting us using the details provided in the section "How Can You Contact Us About This Notice?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account settings and update your user account from https://accessingenuity.com/account/login.
- Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to remove cookies or reject cookies. If you choose to remove cookies or reject cookies, it could affect certain features or services of our Services. You may also opt out of interest-based advertising by advertisers on our Services. Additionally, you may visit our Do Not Share or Sell My Personal Information - Opt-out Option page to opt out of activities that may be considered a "sale" or "share," or "targeted advertising." For further information, please see our Cookie Notice.
If you have questions or comments about your privacy rights, you may email us at info@accessingenuity.com.
Subject to certain exceptions set out below, upon receipt of a verifiable request from you, we will:
- Delete your personal information from our records
- Direct any service providers to delete your personal information from their records
Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:
- Complete the transaction for which the personal information was collected
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity
- Debug to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law
- Comply with the California Electronic Communications Privacy Act
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest
- Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us
- Comply with an existing legal obligation
- Otherwise use your personal information internally in a lawful manner that is compatible with the context in which you provided the information
9. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. At this stage, there is no uniform technology standard for recognizing and implementing DNT signals, so we do not currently respond to DNT browser signals. However, we recognize and comply with Global Privacy Control (GPC) signals for users in certain jurisdictions.
10. Do California Residents Have Specific Privacy Rights?
Yes, California residents have specific rights regarding their personal information, including the right to request information about data disclosures and to request the removal of certain data.
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).
11. CCPA Privacy Notice
The California Code of Regulations defines a "resident" as:
- (1) every individual who is in the State of California for other than a temporary or transitory purpose and
- (2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents." If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
We have collected the following categories of personal information in the past twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name | YES |
| B. Personal information categories listed in the California Customer Records statute | Name, contact information, education, employment, employment history, and financial information | YES |
| C. Protected classification characteristics under California or federal law | Gender and date of birth | YES |
| D. Commercial information | Transaction information, purchase history, financial details, and payment information | YES |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other similar network activity | Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements | YES |
| G. Geolocation data | Device location | YES |
| H. Audio, electronic, visual, thermal, olfactory, or similar information | Images and audio, video or call recordings created in connection with our business activities | YES |
| I. Professional or employment-related information | Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | YES |
| J. Education Information | Student records and directory information | YES |
| K. Inferences drawn from other personal information | Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | YES |
| L. Sensitive Personal Information | Social Security numbers, driver's license numbers, state identification card numbers, financial account information, health insurance information, biometric data, or precise geolocation | YES |
We will use and retain the collected personal information as needed to provide the Services or for:
- Category A - Category K - Until it is requested for deletion
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
How do we use and share your personal information? Access Ingenuity collects and shares your personal information through:
- Targeting cookies/Marketing cookies
- Social media cookies
- Beacons/Pixels/Tags
- To provide services
More information about our data collection and sharing practices can be found in this privacy notice and our Cookie Notice: https://accessingenuity.com/pages/cookie-policy.
You may contact us by email at info@accessingenuity.com, by calling toll-free at 877-579-4380, by visiting https://accessingenuity.com/pages/contact, or by referring to the contact details at the bottom of this document.
If you are using an authorized agent to exercise your right to opt out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA.
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
Access Ingenuity has not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Access Ingenuity has disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
- Category A. Identifiers, such as contact details like your real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name.
- Category B. Personal Information, as defined in the California Customer Records law, such as your name, contact information, education, employment, employment history, and financial information.
- Category C. Characteristics of protected classifications under California or federal law, such as gender or date of birth.
- Category D. Commercial information, such as transaction information, purchase history, financial details, and payment information.
- Category E. Biometric information, such as fingerprints and voiceprints.
- Category F. Internet or other electronic network activity information, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements.
- Category G. Geolocation data, such as device location.
- Category K. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics.
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "When and With Whom Do We Share Your Personal Information?".
12. Incident Response and Breach Notification (HIPAA Compliance)
In the event of a data breach involving PHI, we will notify affected individuals and the Department of Health and Human Services (HHS) as required by HIPAA. We have an incident response plan in place to promptly address and mitigate any security incidents.
13. Employee Training and Access Controls (SOC 2 and HIPAA Compliance)
All employees handling sensitive information undergo regular training on SOC 2 and HIPAA compliance. Access to sensitive data is restricted based on the principle of least privilege and regularly reviewed to ensure appropriate access levels.
14. Do We Make Updates to This Notice?
We may update this privacy notice as needed to stay compliant with relevant laws. The updated version will be effective as soon as it is accessible.
The Company reserves the right to change this Policy from time to time. For example, when there are changes in our services, data protection practices, or the law. When changes to this Policy are significant, we will inform you. You may receive a notice by sending an email to the primary email address specified in your account, by placing a prominent notice on our website, and/or by updating any privacy information. Your continued use of the website and/or services available after such modifications will constitute your:
- Acknowledgment of the modified Policy
- Agreement to abide and be bound by that Policy
15. How Can You Contact Us About This Notice?
If you have any questions or comments about this notice, you may contact us at info@accessingenuity.com or by mail at:
Access Ingenuity4751 Hoen Ave, Santa Rosa, CA 95405, USA
Santa Rosa, CA 95405
United States
16. How Can You Review, Update, or Delete the Data We Collect From You?
Based on your location, you may have the right to access, update, or delete your personal information. To make such a request, please visit our contact page.