Simplica considers individual privacy paramount, and we take great care in keeping personal data private and secure.
The purpose of this Privacy Policy is to describe our policies regarding the information that we collect or process when you use our services or products, visit our website, or are engaged as an employee or contractor. This Privacy Policy does not apply to third-party services that are not under Simplica’s control; those third party services are governed by their own privacy policies.
This policy applies to
For purposes of this policy, personal data is defined as any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified by referencing an identifier such as a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, economic, cultural, or social identity of that natural person.
A controller is an entity that determines the purposes and means of processing personal data while a processor is an entity that has the responsibility of processing the personal data only on behalf of a controller.
Simplica provides its customers with cloud services infrastructure, has limited knowledge of customer data within that infrastructure, and only processes hosted data in accordance with the customer’s instructions. As such, Simplica is a processor and its customer may be either a controller or a processor of hosted data. Customers are responsible for adhering to legal and regulatory requirements for the data which they collect and process.
Simplica ensures that any subcontractor it engages for carrying out specific processing activities on behalf of the customer will be subject to the same data protection obligations as Simplica.
Simplica’s customers who have direct access to personal medical information such as personal health information (PHI) are both controllers and covered entities under The Health Insurance Portability and Accountability Act (HIPAA). A covered entity is a health plan, health care clearinghouse, or health care provider who electronically transmits any health information in connection with transactions for which the U.S. Department of Health and Human Services (HHS) has adopted standards.
With regard to these customers, Simplica is both processor and business associate which HIPAA defines as a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to protected health information. The relationship between covered entity/customer and Simplica is governed by a business associate agreement or addendum.
Simplica collects and maintains personal data (1) for the offer and maintenance of Simplica services for customer use and for the related communications, (2) for the maintenance of the Simplica.com website, and (3) for internal human resources (HR) purposes. In such cases, Simplica is a controller.
The collection and processing of a customer’s personal data for direct use and administration of our services is based on contractual obligation, necessary to provide the customer with access and use of the services.
1. Information customer gives us in order to effectively operate and carry out our contractual obligation with customer;
2. Information we receive from third parties in order to fulfill our contractual obligation with customer;
3. Information we collect when an individual visits the Simplica.com website such as IP addresses;
4. Information automatically collected through the use of cookies on Simplica.com pages;
5. Information provided by visitors through the use of forms on the Simplica.com website, such as name, email address, and demographic information such as city,
state and zip code; and
6. Information necessary for HR administration.
1. To provide a requested service to customer, we use data for
2. When an individual visits the Simplica.com website, we use
3. For HR purposes, we use information such as
This section describes how Simplica may share and disclose personal data. Simplica may share personal data with customer’s consent or as necessary to complete a transaction or to provide a service customer has requested or authorized. For example:
1. If a customer elects to use connected third-party applications, we may share personal data with companies who provide those applications. In those cases, we encourage customers to review and understand the terms and conditions and privacy policies of those third parties over whom we have no control.
2. We may use third-party service providers to help us operate or administer our services. For example, companies we’ve hired to assist in protecting and securing our services and systems may need access to personal data to complete those functions. In such cases, these companies must abide by our data privacy and security requirements and are not permitted to use personal data they receive from us for any other purpose.
3. As we believe to be necessary or appropriate, we may disclose personal data: (a) under applicable laws; (b) to comply with a subpoena or other legal process; (c) to respond to requests from public and government authorities; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our customers or affiliates; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.
Simplica does not share personal data with third parties for marketing purposes. Similarly, personal data collected through the use of the Simplica.com website is not shared. Personal data collected for HR administration is shared only to fulfill an HR purpose
Simplica has adopted appropriate organizational and technical security measures to protect personal data against loss, theft, unauthorized access, alteration, disclosure, or destruction. Simplica only processes personal data in accordance with the purposes for which it has been collected and in accordance with this Privacy Policy.
We keep personal data to enable your continued use of Simplica services, for as long as it is required in order to fulfill the relevant purposes described in this Privacy Statement, as may be required by law (including for tax and accounting purposes), or as otherwise communicated to you. How long we retain specific personal data varies depending on the purpose for its use.
Access and control of personal data is managed by the Simplica Privacy Manager. Requests regarding access and control of personal data, whether related to Simplica as processor or controller, should be directed to support@simplica.com.
General Data Protection Regulation (GDPR)
If an employee, contractor, customer, or visitor to the Simplica.com website is located in the European Union (EU), those individuals have the right to access personal data about them and to limit use and disclosure of their personal data. Those rights include
1. the right to object to processing,
2. the right to be informed,
3. the right of access,
4. the right to rectification,
5. the right to erasure,
6. the right to restrict processing,
7. the right to data portability
8. the right to lodge a complaint with your local Supervisory Authority, and
9. the right to withdraw consent.
Because Simplica, as processor, has limited ability to access data our customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Simplica customer who submitted your data to our services. We will refer your request to that customer, and will support them as needed in responding to your request.