Last Updated: Nov 24, 2022
1. Acknowledgement and Acceptance
This Privacy Policy (“Policy”) meticulously describes the privacy practices of Scribence (“we,” “our,” “us,” or “the Company”). It governs the collection, use, disclosure, and protection of information obtained through our website, [www.scribence.com], our service delivery platforms, and all interactions related to our services: Professional Medical Scribe Services and Medical Scribe Training Programs.
By accessing our website, enrolling in our training programs, or utilizing our scribe services, you expressly acknowledge that you have read, understood, and consent to be bound by the terms and conditions of this Policy. If you do not agree with our policies and practices, your sole recourse is to discontinue use of our services immediately.
2. Comprehensive Definition of Information Collected
We collect information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, with a particular individual or household (“Personal Information”). This is categorized as follows:
A. Voluntarily Provided Information:
Identity and Contact Data: Full name, postal address, email address, telephone number, and signature.
Professional and Employment Data: Curriculum Vitae (CV), work history, educational background, professional licenses, certifications, institutional affiliations, and job title.
Financial and Transactional Data: Bank account details, payment card information, billing address, and details of services purchased or subscribed to.
Application and Enrollment Data: Information provided in applications for employment or training programs, including essays, references, and interview notes.
B. Automatically Collected Information:
Technical and Device Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Usage and Analytics Data: Information about how you interact with our website and services, including the full Uniform Resource Locators (URL) clickstream to, through, and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
C. Protected Health Information (PHI):
In our capacity as a service provider to healthcare entities, our medical scribes, in the course of their duties, are exposed to patient health information. This PHI is defined under the Health Insurance Portability and Accountability Act (HIPAA) and is strictly processed under the instructions of and pursuant to a Business Associate Agreement (BAA) with our client healthcare providers, who are the “Covered Entities.” We do not collect PHI for our own purposes.
D. Information from Third-Party Sources:
We may receive Personal Information about you from third parties, such as:
Healthcare provider clients who engage our services.
Background check providers, subject to applicable law.
Advertising networks and analytics providers.
Publicly available sources and professional networking sites.
3. Detailed Purposes of Data Processing
We use the information we collect for the following business and legal purposes:
| Purpose of Use | Legal Basis (where applicable) |
|---|---|
| To execute and perform the contract for services or training. | Performance of a Contract. |
| To create, manage, and maintain your user account. | Performance of a Contract. |
| To process payments, invoices, and financial transactions. | Performance of a Contract, Legitimate Interest. |
| To fulfill our obligations as a Business Associate under HIPAA. | Legal Obligation, Performance of a Contract. |
| To communicate with you regarding service updates, security alerts, and administrative messages. | Performance of a Contract, Legitimate Interest, Legal Obligation. |
| To provide customer support and respond to inquiries. | Legitimate Interest. |
| To send marketing and promotional communications (with opt-out). | Consent, Legitimate Interest. |
| To screen and process applications for employment and training programs. | Pre-contractual Measures, Legitimate Interest. |
| To improve, test, and monitor the effectiveness of our website and services. | Legitimate Interest. |
| For internal research and analytical purposes to develop new products and features. | Legitimate Interest. |
| To detect, prevent, and address technical issues, fraud, or illegal activities. | Legitimate Interest, Legal Obligation. |
| To comply with legal and regulatory requirements. | Legal Obligation. |
4. Elaboration on Information Sharing and Disclosure
We may share your Personal Information in the following circumstances and with the following categories of recipients:
Healthcare Provider Clients: As an integral part of our service, we disclose medical documentation containing PHI to the specific healthcare provider for whom the scribe service is rendered, as explicitly authorized by our BAA.
Service Providers (Data Processors): We engage carefully vetted third-party companies and individuals to facilitate our services (“Processors”). These include:
Cloud Hosting Providers (e.g., AWS, Google Cloud)
Payment Processors (e.g., Stripe, PayPal)
Communication and Email Service Providers
Analytics and Performance Monitoring Services
Customer Relationship Management (CRM) Software Providers
All Processors are bound by strict data processing agreements that prohibit them from using your Personal Information for any purpose other than what we have contracted them to do.
Legal and Regulatory Authorities: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to:
Comply with a legal obligation (e.g., a court order, subpoena).
Protect and defend the rights or property of Scribence.
Prevent or investigate possible wrongdoing in connection with our services.
Protect the personal safety of users of the services or the public.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Information may be transferred as a business asset, subject to the same commitments in this Policy.
With Your Consent: We may share your information for any other purpose with your explicit, prior consent.
5. International Data Transfers
Scribence is a global organization. Your Personal Information may be transferred to, and processed in, countries other than your country of residence, which may have data protection laws that are different from those in your country. We ensure all such transfers are conducted in compliance with applicable laws. For transfers of data from the EEA, UK, or Switzerland to the US and other countries, we rely on approved legal mechanisms, such as Standard Contractual Clauses, to ensure an adequate level of protection.
6. Data Security and Integrity
We implement a rigorous, multi-layered security framework based on industry best practices. Our measures include, but are not limited to:
Administrative Safeguards: Comprehensive employee training, strict access controls and role-based permissions, and a dedicated security officer.
Technical Safeguards: Encryption of data both in transit (TLS 1.2+) and at rest, advanced firewalls, intrusion detection and prevention systems, and regular security patch management.
Physical Safeguards: Secure access controls to our facilities and data centers.
We regularly test and audit our systems and processes. However, no method of transmission over the Internet or electronic storage is 100% secure; therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
7. Data Retention and Deletion
We will retain your Personal Information only for as long as is necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (e.g., HIPAA mandates a 6-year retention period for certain documentation). Our retention criteria include:
The duration of our active business relationship with you.
Legal and regulatory obligations.
The necessity for the establishment, exercise, or defense of legal claims.
Upon expiration of the applicable retention period, we will securely destroy or anonymize your Personal Information.
8. Your Privacy Rights and Choices
Depending on your geographical location, you may have the following rights regarding your Personal Information:
Right of Access & Data Portability: The right to request access to and a copy of your Personal Information in a structured, machine-readable format.
Right to Rectification: The right to request correction of any inaccurate or incomplete Personal Information.
Right to Erasure (“Right to be Forgotten”): The right to request the deletion of your Personal Information under certain conditions.
Right to Restrict Processing: The right to request a temporary halt to the processing of your Personal Information.
Right to Object to Processing: The right to object, on grounds relating to your particular situation, to the processing of your Personal Information which is based on our legitimate interests.
Right to Withdraw Consent: Where we rely on your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.
Right to Opt-Out of Sale/Sharing: We do not sell your Personal Information. We also do not “share” it for cross-contextual behavioral advertising as defined under the CCPA.
To exercise any of these rights, please submit a verifiable request to us by contacting us at the details provided in Section 11. We will respond in accordance with applicable law. Please note that we may need to verify your identity before processing your request, and certain data may be exempt from these rights due to legal obligations (e.g., HIPAA compliance).
9. Use of Cookies and Tracking Technologies
We use Cookies and similar tracking technologies (e.g., web beacons, pixels) to track activity on our service and hold certain information. You can configure your browser to refuse all cookies or to alert you when cookies are being sent. However, if you do not accept cookies, you may not be able to use some portions of our service. For detailed information, please see our separate Cookie Policy.
10. Policy Updates and Notification of Changes
This Policy may be updated periodically to reflect changes in our practices, services, or legal obligations. The “Last Updated” date at the top of this page will be revised. We will notify you of any material changes by posting the new Policy on this site and, where appropriate, through other communication channels such as email.
11. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to designate an authorized agent to exercise your rights on your behalf, please contact our Data Protection Officer (DPO) at:
Scribence Data Protection Office
Address: 200 S Michigan Ave, Chicago, IL 60604, USA
Email: privacy@scribence.com
If you are a resident of the EEA or UK and believe we have not resolved your complaint, you have the right to lodge a complaint with your local supervisory authority.