Privacy Policy
Effective as of May 1st, 2021
1. Introduction
Welcome to our Privacy Policy.
We respect your privacy and are committed to protecting your Personal Data and other information. “Personal Data” means any information (including but not limited to Personally Identifying Information as that term is used in the USA) relating to an identified or identifiable natural person; where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to that natural person.
This Privacy Policy tells you about our policies and procedures for collecting, using, and disclosing your Personal Data and other information. It also tells you about your privacy rights and how the law protects you.
Users can access the service (the "Service") through our websites, including https://form-1095a-gov.com and other affiliated sites (the “Sites”), applications on Devices, through APIs, and through third-parties. A "Device" is any computer used to access the Service, including without limitation a desktop, laptop, mobile phone, tablet, or other Internet-enabled electronic device. This Privacy Policy governs your access of the Service, regardless of how you access it, and by using our Service you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.
This Privacy Policy refers to different categories of users, specifically: “Visitor” refers to a user who accesses the Sites or Service but does not register; “Registered User” refers to a user who signs up for an account with the Service; and “Subscriber” refers to a Registered User who purchases a subscription plan for the Service. All of the different forms of data, content, and information described below, including without limitation Personal Data, are collectively referred to as "information."
Our Privacy Policy explains:
- What information we collect and why we collect it.
- How we use that information.
It is our policy to respect the privacy of our users regarding any information that we may collect while operating our website and our mobile products.
2. Important information and who we are
Controller
Website form-1095a-gov.com (sometimes referred to as “Company”, “we”, “us” or “our” in this Privacy Policy) is the controller and responsible for your Personal Data.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights (see below), please contact the data privacy manager using the details set out below.
Contact Details
Our full details are:
Full name of legal entity: form-1095a-gov.com.
Attn: Privacy Manager
Email address: [email protected]
Postal address: 380 Huntington Ave, Boston, MA 02115.
You may have the right to make a complaint to a supervisory authority in the European Union (for example, the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)). We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
3. What Personal Data and other Information do we collect and store, and how is it collected?
Personal Data You Provide to Us. The types of Personal Data collected this way may include:
- Contact information and identifiers, such as your username, email address, postal address, telephone number, fax number, biometric print, photo or video image;
- Commercial information, such as the name of the file faxed/emailed/printed/stored by you when using our Service and the products or services you obtain;
- Professional and employment information, like place of work information (such as name of entity, title, industry, and organization size);
- Browser/mobile device information; and
- Demographic information, such as if you provide us your gender or age.
Payment details. Your payments are processed directly through paypal or through a credit card processing company. We do not have access to and do not store your credit card or paypal payment information.
Files. We collect and store the files you upload, download, or access with the Service ("Files").
Files filled out by users are stored on the server. However, these Files and the users’ information contained therein are accessible only to the account of the Registered Users in which they are stored. The data contained in these Files is encrypted in a manner intended to render it unreadable and unusable for anyone else including Company. You have the option to remove Files from your account at any point, which removes all the information that was contained in those Files from our servers. If you are a Visitor and do not have a registered for an account, your Files will be automatically deleted in 30 days (except for those Files submitted to other Subscribers).
Log Data and Other Internet and Electronic Activity Information. When you use the Service, we (ourselves or using third party services) automatically record some information from your Device, its software, and your activity using the Services, which can sometimes be correlated with Personal Data and so associated with you. This may include the Device’s Internet Protocol ("IP") address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the Service.
Cookies. We (ourselves and using third party services) also use "cookies" and other Internet technologies to collect information and improve our Services. A cookie is a small data file that we transfer to your Device. We may use:
- "persistent cookies" to save your registration ID and login password for future logins to the Service;
- "session ID cookies" to enable certain features of the Service, to better understand how you interact with the Service and to monitor aggregate usage and web traffic routing on the Service.
You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit, including our Sites. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy bellow.
Geo-Location Information. Some Devices allow applications to access real-time location-based information (for example, GPS). Our mobile apps do not collect such information from your mobile device at any time while you download or use our mobile apps as of the date this Privacy Policy went into effect, but may do so in the future with your consent to improve our Services. Also, some of the information we collect from a Device, for example IP address, can sometimes be used to approximate a Device's location.
We may combine, analyze, and make inferences from information we collect from different sources.
4. If you fail to provide Personal Data
Where we need to collect your Personal Data by law, or in order to perform a contract we have with you or are trying to enter into with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel the contract but we will notify you if this is the case at the time.
5. How do we use information we collect?
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to do so to perform a contract we have entered into with you, or to take steps at your request before entering into such a contract. This applies particularly where we use your Personal Data to administer your use of the Service.
- Where it is necessary for a legitimate interest and your interests and fundamental rights do not override those interests. A legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. This applies particularly where we use your Personal Data to better understand your needs and interests, to improve our Service, to personalise and improve your experience, to provide or offer software updates and other product announcements or otherwise to do anything with your Personal Data that we consider to be necessary for our legitimate interests (and typically also to be for the benefit of our users and therefore also for your benefit, whether directly or indirectly).
- Where we need to comply with a legal or regulatory obligation including but not limited to compliance with eSignature requirements.
Note that we may process your Personal Data upon more than one lawful ground depending on the specific purpose for which we are using your data.
Your Personal Data is or may be used:
(i) to set up an account and profile for you and to enable you to access Services securely;
(ii) to administer your use of the Service and to provide and improve our Service;
(iii) to deploy or support your use of Service;
(iv) to better understand your needs and interests;
(v) to personalize and improve your experience; and
(vi) to provide or offer software updates and product announcements. If you no longer wish to receive promotional communications from us, please follow the "unsubscribe" instructions provided in any of those communications.
We disclose potentially personally-identifying information (i.e. Personal Data) among our employees, contractors and affiliated or other third party organizations that (i) need to know that information in order to process it on Company's behalf or to provide services available at Company's website and mobile platforms, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated or other third party organizations may be located either within or outside of the USA or the European Economic Area (EEA); by using the Sites, you consent to the transfer of such information to them.
Log Data and Cookies are or may be used in aggregated form. We aggregate Log Data and data collected through Cookies (as described above). We use this aggregated information for the above purposes and to monitor and analyze use of the Service, for the Service’s technical administration, to increase our Service’s functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests. We may provide aggregated information to our partners about how our users, collectively, use the Sites, so that our partners may also understand how often people use their services and our Service.
Records of Communications. When you contact us, we may keep a record of your communication to help solve any issues you might be facing. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it (but in a manner that does not identify you) in order to help us clarify or respond to your request or to help us support other users.
Company Emails. We may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what's going on with the Company and our products. We strive to provide you with choices regarding use of your Personal Data in relation to such marketing and advertising, and will provide you with an opportunity to unsubscribe from such communications whenever we send marketing communications to you.
Third-Party Marketing. We will get your express opt-in consent before we share your Personal Data with any entity outside of Company and its affiliates for marketing purposes or use your Personal Data to market any third-party products or services to you.
Foreign Processing. We process Personal Data on our servers in many countries around the world. We may process your Personal Data on a server located outside the country where you live.
Retention of Records. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.
6. Disclosure of Your Information
We may have to share your Personal Data and other information with third parties, as described below.
Affiliates. We may share your Personal Data among subsidiaries and other affiliates.
Service providers. We may disclose your Personal Data to our third-party suppliers, agents, contractors, or other service providers working on behalf of our company in connection with the services that they perform.
For legal reasons. We may disclose to parties outside Company, Files stored on the Services and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Company or its users; or (d) protect Company’s property rights. If, as stated above, Company has to turn over your Files to comply with a law, regulation or compulsory legal request, the Files that will be turned over will remain encrypted, since Company does not have access to keys needed to decrypt any Files.
Business transfers. If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, your information may be transferred as part of that transaction, but we will notify you (for example, via email and/or a prominent notice on our website) of any change in control or use of your Personal Data or other information or Files, or if either become subject to a different Privacy Policy. We will also notify you of choices you may have regarding the information.
With your consent. We may share your information with third parties with your consent or when you direct us to share your information, such as when you access a third party’s application through our Services. See Third Party Applications below.
Non-private or non-Personal Data. We may share aggregated, non-Personal Data publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our Services.
We do not sell or share information except as described in this Privacy Policy.
7. International Transfers
Providing our Service to you and using your Personal Data and other information for the purposes described above means that (where your information originates from within the EEA) we will transfer your Personal Data outside the European Economic Area (EEA).
Whenever we transfer your Personal Data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of Personal Data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between the European Union and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us at [email protected] if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
8. Data Security
We have put in place appropriate security measures intended to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
9. Changing or Deleting Your Information
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us.
If you are a Registered User, you may review, update, correct or delete the Personal Data provided in your registration or account profile by changing information in your profile or account page, depending on where you live and in accordance with applicable laws. In some cases we may retain copies of your information if required or permitted by law. For questions about your Personal Data on our Service, please contact Company’s support at [email protected]. We will aim to respond to your inquiry within 30 days or such other period provided for by law.
10. Data and File Retention
We will retain your Personal Data and other information for as long as your account is active or as needed to provide you Services. Once your subscription is terminated, your Files will be deleted within 30 days.
If you are a Registered User and wish to cancel your account or request that we no longer use your information to provide you Services, you may find instructions for deleting your account by visiting [email protected].
We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, including but not limited to compliance with eSignature requirements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion (although Files will be encrypted without a key to access them). In addition, although we will delete Files from your account, we do not delete from our servers copies of Files shared with and stored in the accounts of other Registered Users.
In some circumstances we may anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, or for purposes of aggregating it with other information in connection with improving our Services, in which case we may use this information indefinitely without further notice to you. We may retain your email address on opt-out lists and audit trails required to prove compliance with laws and regulations.
If you are a user of Files shared with you by another Registered User of the Service, you acknowledge that the Company does not have unencrypted access to the Files or your Personal Data therein and has no means to identify or delete specific information contained in these Files. You should contact the Registered User directly with requests to delete of your Personal Data.
11. Corporate Customers
If you are a Registered User of an account with multiple Subscribers, then your account administrator may be able to:
- access information in and about your account;
- disclose, restrict, or access information that you have provided or that is made available to you when using the Service; and
- control how your account may be accessed or deleted.
Please refer to your organization's policies if you have questions about your administrator's rights.
12. Third Party Applications
Our Privacy Policy applies to all of the services offered by the Company and its affiliates, including services offered on other sites (such as our advertising services), but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. Before using those services, please make sure you understand the separate privacy policy relating to them.
Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may be displayed to you in search engine listings, third-party sites that may include Service, or other sites linked from our Services. In order to understand what Personal Data and other information may be collected, and how it may be used, if you use or visit those products or sites, you will need to review the privacy policies associated with those products or sites. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
We may share your information with a third party application with your consent, for example when you choose to access our Services through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you.
13. Enforcement and Your Legal Rights
Compliance. We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Data that we cannot resolve with our users directly.
Your legal rights. Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. In particular you may have the right to:
- Request access to your Personal Data. This is commonly known as a “data subject access request”. This enables you to receive a copy of the Personal Data that we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your
- Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable,
- Object to processing of your Personal Data where we are relying on a legitimate interest (or the legitimate interest of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We have no access to your Files of any Personal Data therein but the Service provides you means to export any Files.
- Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact Company’s support at [email protected]. For additional ways to exercise your rights, please also check our FAQs.
No fee usually required. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights described above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that your Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month or such other period provided for by law. Occasionally it may take us longer than a month or such other time period if, for example, your request is particularly complex or you have made a number of requests or we have received multiple requests. In this case, we will notify you and keep you updated.
14. Privacy Policy Changes
Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
15. Security
The security of your information is important to us. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, please see the Security section of our website.
16. Our Policy Toward Children
Our Services are not directed to persons under 13. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without their consent, he or she should contact Company support. If we become aware that a child under 13 has provided us with Personal Data, we will take steps to delete such information from our account data.
17. Questions or Concerns?
If you would like to communicate with us about this Privacy Policy or our collection and use of your Personal Data or other information, please contact our data privacy manager (see contact details at paragraph 2 above).
18. Your California Privacy Rights.
We will not charge you different prices or provide different quality of services for exercising your rights under state law unless those differences are related to your information or otherwise permitted by law. If you would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.