PRIVACY POLICY

SONIFI Health, Inc. (“SONIFI”) – Effective August 2020

INTRODUCTION

This SONIFI Privacy Policy (“Policy”) applies to the collection, use and protection of Personal Information received or processed by SONIFI Solutions, Inc. and its affiliates and subsidiaries (together, “SONIFI”, “us” or “we”). “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. SONIFI is committed to protecting Personal Information, as described below.

1. PERSONAL INFORMATION WE COLLECT, AND HOW WE COLLECT IT

1.1 Information You Provide:  If you participate in online programs or services offered through www.sonifi.com,  you may be asked to provide certain personal information, such as your name, mailing address, e-mail address, phone number, company name and job title. When you download or use our StayConnect® App, and create an account, for example, we collect your email address, birth date, gender, and zip code. You can choose not to provide this information, but then you might not be able to participate in those programs or use those apps or services. We also collect any information you include within the “comments” section of the Contact Us form. We also collect information from you when you apply for a job with SONIFI or go through our employee on-boarding processes.

 

1.2 Information We Collect Automatically: We use common Internet technologies, such as cookies, to improve the online experience of visitors to our Website. A cookie is a piece of data on the user’s computer. When you visit this site or another SONIFI website, we recognize only your domain name and certain Internet activity, and only analyze IP addresses in the aggregate for system administration purposes and to gather broad demographic data.

 

Google Analytics is a web analysis service provided by Google Inc. Google utilizes user data such as browser and computer settings like screen resolution, operating system and cookies that track whether a user is a returning visitor and examine their use of this website, to prepare reports on the user’s activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network. The data collected by Google Analytics does not contain any information that personally identifies you. Click here to review the Google privacy policy.

 

You can also learn more about this technology and how to opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.

 

1.3 Information We Receive From Others: SONIFI offers product and services to enterprise customers such as hotels, healthcare providers, and other establishments.  If you engage with SONIFI’s products and services offered by such SONIFI customers, we may receive and process Personal Information related to your use of those services, and in some cases information about the device used to do so.  We collect and track only the necessary information regarding the transaction, the facility information, the service provided, etc., which are associated with a temporary anonymized identification code used only during your stay at that facility. We may also generate reports for such third-party facilities that allow such transactional data to be associated with other personal information controlled by the facility. We may also collect personal information from trusted partners, including business partners who provide us with information about users and potential users of our services.  We collect certain identifiers and employment-related information from recruiters and companies that we use to perform background checks. Employees also provide us with information about their dependents and beneficiaries.

2. HOW PERSONAL INFORMATION IS USED

When SONIFI receives your Personal Information, we use it to conduct business with you, to provide you with requested services, to improve our products and services, and to improve the content of our sites. We may also use it to send you information about our products and services. We do not sell your Personal Information to third parties, or use it for marketing purposes contrary to your express choices.

3. SHARING PERSONAL INFORMATION

Though we endeavor to preserve user privacy, on occasion we may need to disclose Personal Information.  SONIFI does not sell Personal Information.  Examples of how SONIFI may share Personal Information include:

  • With another company, such as a vendor or service provider that has contracted with SONIFI to provide support services on our behalf, but only to the extent necessary for providing those support services;
  • With another company, such as a hotel or hospital, that has contracted with SONIFI to offer the services that we provide, but only in connection with the use of those services at those facilities;
  • To one of our subsidiaries or other affiliated companies, but not for marketing contrary to expressed individual choices;
  • In connection with the sale or transfer of our business or assets; or
  • When we have a good faith belief that such disclosure is necessary to comply with a judicial proceeding, a subpoena, a court order, law enforcement request, or other legal process.

4. PERSONAL INFORMATION OF CHILDREN

We do not intentionally collect Personal Information from children under the age of 13. We recommend that parents advise their children to check with them before entering information on any website, and that parents discuss with their children the types of Personal Information which they should refrain from disclosing. If you believe that we might have collected any Personal Information from a child under 13, please contact us at privacy@sonifi.com.

5. LINKS TO OTHER SITES AND SERVICES

Our websites and services may contain links to other third-party sites or services that we do not control, and for which SONIFI is not responsible for privacy practices. This SONIFI Privacy Policy applies solely to information collected by a SONIFI-affiliated website or other SONIFI services, as described above.

6. SECURITY AND RETENTION

We use reasonable efforts to protect Personal Information. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable. We will retain Personal Information for the length of time needed to fulfill the purposes outlined in this privacy policy, unless a longer retention period is contractually required or permitted by law.  Certain portions of our website use encryption technology such as our “Contact Us” page.  You will know that a page uses encryption when you see a padlock in the URL or the URL starts with “https”.  Except where designated, our website does not use encryption.

7. NOTIFICATION OF CHANGES

SONIFI reserves the right to change or update this policy at any time by posting a notice to that effect on this site and other places we deem appropriate. Please check back frequently.

8. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, California law provides certain additional rights regarding our use of your Personal Information. This Section 8 describes how we comply with those rights, which are available only to California residents, and how you can exercise them.

 

8.1 The California Consumer Privacy Act (“CCPA”): Under the CCPA, you may have the following rights (“CCPA Rights”), subject to the exceptions in the CCPA and applicable law:

  • Know what Personal Information is being collected about them;
  • Know whether their Personal Information is sold or disclosed and to whom;
  • Opt out from the sale of their Personal Information;
  • Access their Personal Information;
  • Have their Personal Information deleted; and
  • Have the right to receive equal services and prices, even if they exercise their privacy rights under this law (although certain services may be unavailable without providing Personal Information.

 

When you stay at a hotel property or are at healthcare facility or other location that uses SONIFI technology, we are acting as a “Service Provider” to such property or facility which is a “Business” under the CCPA.  In that case, your Personal Information is controlled by the Business and if you wish to exercise your CCPA Rights, you need to make a request to the Business under their privacy policy.  As a Service Provider, we will assist the Business in complying with your request.

 

8.2 Requests to Know or Delete. The CCPA may permit you to request access to information categories and specific pieces of Personal Information about you, as well as to delete Personal Information about you in certain circumstances, by submitting a verifiable consumer request in the specified manner. Please note, however, that we may deny such a request if retaining the Personal Information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the Personal Information, fulfil the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you or the party from whom we received such information.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise that consumer’s free speech rights, or exercise another right provided for by law.
  • Comply with legal or regulatory obligations, or any investigation, or civil or criminal process.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the Personal Information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses reasonably aligned with consumer expectations based on the consumer’s relationship with the business.
  • Make other internal and lawful uses of that information that are compatible with the context in which it was provided.

 

8.3 Verifiable Consumer Request: For questions concerning this Privacy Policy, or to submit a verifiable consumer request to exercise the CCPA rights referenced above, please contact us by:

  • Sending an e-mail to:  privacy@sonifi.com, or
  • Sending a written request to: Privacy Officer, SONIFI Solutions, Inc., 3900 West Innovation Street, Sioux Falls SD 57107

 

The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or such person’s legally authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it, in compliance with the CCPA.

 

Only you, or a person registered with the California Secretary of State whom you have authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you.  You may only make a verifiable consumer request twice within a 12-month period.

 

8.4 Response Timing and Format: We aim to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

8.5 Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. Except as permitted by the CCPA, we will not:

  • Deny you goods or services (although certain services may be unavailable without the requisite Personal Information).
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services (although certain services may be unavailable without providing personal information).
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services (although certain services may be unavailable without providing personal information).

 

8.6 Requests to Opt Out from the Sale of Your Personal Information to Third Parties: We currently do not sell Personal Information to third parties.  Unless and until we change that practice, we will treat your Personal Information that we collect as though you had opted out from the sale of such Personal Information.

 

8.7 CCPA Categories of Personal Information That We Collect:  The CCPA defines eleven categories of Personal Information.  Depending on which of our services that you use, or if you are an employee or candidate for employment, we may collect Personal Information in various of these categories as described below:

  • Identifiers
    • First and last name
    • Email address
    • Mailing address
    • Phone number
    • Company name
    • Title
    • Internet Protocol (IP) Address
    • From employees and candidates, we also collect:
      • Secondary phone number
      • Birth date
      • Social Security Number
      • Driver’s license number
      • Passport and other government identification numbers
      • Employee photos for identification badges and system profiles
      • Emergency contact information including relationship to employee
      • Dependent and beneficiary information
    • Personal Information Listed in the California Customer Records Statute
      • From customers and users of our services, we collect no Personal Information in this category other than the identifiers listed above
      • From employees and candidates, we collect:
        • Account information for payroll, reimbursement and benefits processing
        • Employment and employment history information
      • Characteristics of Protected Classifications
        • From customers and users of our service, we do not collect Personal Information in this category
        • From employees and candidates, we collect:
          • Age and gender
          • Voluntary self-disclosure information regarding minority, veteran and disability status
          • Dependent and beneficiary information
        • Commercial Information
          • Transaction information
          • Information about your in-room orders
        • Biometric Information
          • From customers and users of our service, we do not collect Personal Information in this category
          • From employees, we collect
            • A photograph
            • For certain cellular devices and computers, a fingerprint, facial recognition or other biometric keys may be used to ensure authorized access.
          • Internet or Other Electronic Network Activity Information
            • Cookies
            • Domain name
            • Browser type
            • Operating system
            • App usage
            • Device identifiers
            • MAC address
            • Usage data
          • Geolocation Data
            • Information that tells us from where you access our website
            • From employees and candidates, we collect information that tells us where you access our website, and are engaged in work-related activity other than in a SONIFI office.
          • Sensory Data
            • We do not collect Personal Information in this category
          • Professional or Employment-Related Information
            • From customers and users of our service, we do not collect Personal Information in this category
            • From employees and candidates, we may collect:
              • Resumé/CV
              • Job title and duties
              • Immigration and work authorization status
              • Withholding tax information
              • Dependent and beneficiary information
              • Pay information such as pay rate, and payroll deduction information
              • Leave of absence information
              • Other information necessary to administer benefits
              • Performance Management Information, such as employment status (full-time or part-time, regular or temporary), work schedule, job assignments, hours worked, business travel information, expatriate and secondment assignments, accomplishments and awards, training and development information, performance evaluation information, discipline and counselling information, and employment termination information
              • Health and safety information such as health condition, job restrictions, drug testing information, workplace accident and illness information, and health insurance information
              • Employment history
            • Non-public Education Information
              • From candidates and employees, we collect educational information relevant to job requirements and hiring qualifications
            • Inferences Drawn from Other Personal Information
              • From candidates and employees, we collect Performance Management Information derived from other information above.

 

8.8 How We Use Personal Information of Employees and Candidates:

  • We may use Personal Information in any or all of the above categories to assess candidates, onboard new employees, comply with applicable laws, comply with government requests for information, meet our contractual obligations and to initiate or respond to legal claims.
  • We use Identifiers, Personal Information Listed in the California Customer Records Statute, Internet or Other Electronic Network Activity Information, Geolocation Data, Professional or Employment-Related Information, and Inferences Drawn from Other Personal Information to perform human resource functions, manage your employment, and administer compensation and benefits.
  • We use Identifiers, Personal Information Listed in the California Customer Records Statute, such as account information, and Professional or Employment Related Information to administer payroll, reimbursements and benefits.
  • We use Characteristics of Protected Classifications to implement our diversity programs and to comply with applicable laws.
  • We use Professional or Employment-Related Information such as health and safety Information to maintain a safe workplace, assess your working capacity, administer health and Workers’ Compensation insurance programs, and comply with applicable laws.
  • We use Identifiers and Biometric Information to ensure that employees properly log-in to our equipment and ensure that authorized employees have access to secured locations of SONIFI
  •  We use Internet or Other Electronic Network Information to protect SONIFI, customer, and employee property, equipment and confidential information; monitor employee performance; and enforce SONIFI’s electronic communications acceptable use policies.

 

8.9 How We Share Your Personal Information: We share Personal Information in each of the above categories as follows:

  • All categories of Personal Information
    • When we are a Service Provider to a hotel or other Business, if you use our services, then you may share Personal Information with the Business, who shares it with us, to the extent necessary for us to provide those services.
    • We will share Personal Information in any of the above categories if our company is sold or we engage in a merger or other such transaction.
    • We will share Personal Information in any of the above categories in connection with a law enforcement request that is compliant with the California Electronic Communications Privacy Act.
  • Identifiers
    • We share identifiers with service providers who use that information only to provide services to us such as website development and operating, sending postal mail or email, analyzing website use, processing payments, processing data, marketing or advertising services, IT services, accounting, and legal services.
  • Internet or Other Electronic Network Activity Information
    • We share this category of information with our data analytics and information security providers
  • For Candidates and Employees Only—Identifiers, Personal Information Listed in the California Customer Records Statute, Internet or Other Electronic Network Activity Information, Geolocation Data, and Professional or Employment-Related Information
    • We share this information with service providers who use that information to provide services to us such as sending postal mail or email, processing job applications, administering benefits, recruiting, background checks, administering HR and payroll services and processing data.
    • We share some of this information with our security service providers to protect our property, networks, data, equipment and people.

9. GDPR RIGHTS

If you are a European Union resident, the General Data Protection Regulation (“GDPR”) may provide you with additional rights regarding our use of your personal information (“GDPR Rights”). This section describes additional information concerning GDPR Rights.

 

When you stay at a hotel property or are at healthcare facility or other location that uses SONIFI technology, we are acting as a “Processor” to such property or facility which is a “Controller” under the GDPR.  In that case, your Personal Information is controlled by the Controller and if you wish to exercise your GDPR Rights, you need to make a request to the Controller under their privacy policy.  As a Processor, we will assist the Controller in complying with your request.

 

9.1 GDPR Principles:  SONIFI is committed to following the GDPR principles for personal information processing.

  • Lawfulness, fairness, and transparency. SONIFI will only process personal information in such a manner as would reasonably be expected, and will be transparent in its processing of personal information.
  • Purpose limitation: SONIFI will process personal information only for the specific purpose it was collected.
  • Data minimization: SONIFI does not collect or process more personal information than reasonably required.
  • Accuracy: SONIFI takes reasonable steps to confirm that any personal information held is both adequate and accurate.
  • Storage limitation: SONIFI does not store personal information for longer than necessary or required.
  • Integrity and confidentiality: SONIFI takes reasonable steps to protect the integrity, security and confidentiality of personal information.

 

9.2 Legal Basis for Processing:  SONIFI will only process personal information when it has a legal basis for doing so.  These may include:

  • Consent: the data subject has consented to the use of the personal information.
  • Contract: processing of the personal information is necessary to fulfill a contractual obligation.
  • Legal obligation: A legal, regulatory, or judicial process requires processing of such personal information.
  • Vital interests: Someone’s life, health or security depends on the processing of such personal information
  • Public task: The processing of such personal information is necessary to carry out a task in the public interest
  • Legitimate interests: processing the personal information serves a legitimate interest, as determined by an appropriate assessment, such as the improvement of our services or operations.

 

9.3 Processing of Personal Information: SONIFI processes personal information in the United States of America.  Personal information transmitted from other countries is subject to standard contractual clauses concerning the transfer of such information.

 

9.4 Exercising GDPR Rights:  To exercise GDPR Rights concerning the accessing, managing, rectifying, erasing, etc., of personal information, or to contact SONIFI’s Data Protection Officer, please follow the same process as for submitting a verifiable request under the CCPA, as described in Section 8.3., above.