Effective Date: January 1, 2022
Welcome to the Pain Institute of Middle Tennessee website, (the “Site”), where we provide general information and education about our surgical facilities, physician practices, ancillary services and other offerings (collectively, the “Services”). This Data Privacy Policy describes information that we receive from you when you interact with the Site and our Services, how we use and process the information that we receive, if and why Personal Information may be disclosed to third parties, and your choices regarding the collection and processing of your Personal Information.
Please note that this Data Privacy Policy does not apply to information collected through third-party websites or services that you may access through the Services.
PLEASE REVIEW THIS DATA PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection and processing of your information as described in this Data Privacy Policy. By using the Services, you accept the terms of this Data Privacy Policy and consent to our collection, use, disclosure, and retention of your information as described in this Data Privacy Policy.
IF YOU DO NOT AGREE WITH ANY PART OF THIS DATA PRIVACY POLICY, PLEASE DO NOT USE ANY OF THE SERVICES.
The Effective Date of this Data Privacy Policy is set forth at the top of this Policy. Whenever possible, we will provide you with advance written notice of any material changes to this Data Privacy Policy. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Data Privacy Policy. The amended Data Privacy Policy supersedes all previous versions.
We collect various kinds of information that you provide to us as well as information we obtain from your use of the Services. Some of the types of information that we collect include:
“Personal Information” means information associated with or used to identify or contact a specific person. Personal Information includes but is not limited to: (1) contact information (such as first and last name, e-mail address, telephone number, mailing address, and any other information supplied by you); (2) demographic data (such as zip code, gender, and age); and (3) certain Usage Data (defined below).
“Usage Data” means information about an individual’s online activity that, by itself, does not identify the individual, such as:
In addition, our third-party vendor, Google Analytics, collects IP address information in accordance its terms of service, which are available here.
Generally, we do not consider Usage Data as Personal Information because Usage Data by itself is de-identified so that it does not identify an individual. Personal Information and Usage Data may be linked together. Different types of Usage Information also may be linked together and, once linked, may identify an individual person. Some Usage Data may be Personal Information under applicable law.
We do not sell Personal Information.
Whether we collect certain types of information and how we process it depends on how you use and access the Services. Some information is collected automatically through use of cookies and similar data collection tools. We collect information about you in the following ways:
Cookies help us improve the Services by tracking navigation and analyzing technical and navigational information about the Services.
We also use other cookies and other data collection tools (such as web beacons and server logs), which we collectively refer to as “data collection tools,” to help improve your experience with the Services. For example, data collection tools help us remember users and make the Services more relevant to them. The Services also may use data collection tools to collect information from the device used to access the Services, such as operating system type, browser type, domain and other system settings, as well as the operating system used and the country and time zone in which the computer or device is located.
Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.
We may use the information we collect for any of the following purposes:
We may share and disclose information as described at the time information is collected or as follows:
We retain information as long as it is necessary and relevant for our operations. We also retain Personal Information from closed accounts to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and other actions permitted by law. After Personal Information is no longer relevant to our operations or the uses described above, we dispose of it according to applicable data retention and deletion policies.
We employ industry-standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any of our Site.
In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
The Services may contain links to third-party websites and services (“Third Party Services”) with which we have no affiliation. A link to any Third Party Service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Service, you are subject to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all other digital services that you visit.
The Services and the Site are not intended for use by children. If you are under the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and subsequently we will delete that information.
California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests in connection with marketing may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to datasecurity@surgerypartners.com.
If you have any questions about this Data Privacy Policy, please contact us at datasecurity@surgerypartners.com or by mail at the following address:
340 Seven Springs Way, Suite 600
Brentwood, TN 37027
If you are a resident of California, you have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see How to Make a Request, below), we will disclose to you:
a. Deletion Request Rights
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, unless an exception applies, we will delete (and direct our service providers to delete) your Personal Information from our records.
b. How to Make a Request
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at datasecurity@surgerypartners.com or mailing us at the following address:
340 Seven Springs Way, Suite 600
Brentwood TN 37027
Attn: Data Security Officer
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. We may require proof from the agent that you have provided the authorized agent written permission to do so, and we may require that you verify your own identity directly with us. If you have provided the agent with power of attorney, that may be sufficient.
You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We verify requests by matching the information you provide to information that we maintain in our records. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will not discriminate against you because you have exercised any of the rights described herein.
c. Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, up to an additional forty-five (45) days, we will inform you of the reason and extension period in writing.
We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.