Effective date of this Privacy Notice – March 13, 2017
This Privacy Notice (the “Notice”) governs your use of ImPACT Applications, Inc.’s (“ImPACT Applications”) website www.impacttest.com (the “Site”) and your use of ImPACT Application’s computerized neurocognitive evaluation tools, mobile applications, and training content (each a “Product” and collectively, the “Products”) on the Site. This Policy applies to all users of the Site including users under the age of 13 as well as organizations or individuals who may use the Site or purchase Products for distribution to individuals, such as educational institutions and organizations, charities, military organizations, governmental organizations, sports organizations and healthcare providers. This Policy also applies to a third party authorized by ImPACT Applications to resell Products to individuals or institutions (“Authorized Resellers”), and any such Authorized Resellers agree to comply with this Policy as part of the Terms and Conditions of their use of the Site and the terms of their written Services Agreement or similar agreement with ImPACT Applications. This policy also governs ImPACT Application’s use of your Personally Identifiable Information (defined below), including Protected Health Information (“PHI”).
2. Registration and Personal Information
ImPACT Applications provides content on the Site to users free of charge and without registration; however, portions and features of the Site may require you or a child to register. If you or your child registers to gain access to Products or gain access to other content or functionality on the Site, you or your child will be required to submit information, which could be used to personally identify you or your child (“Personally Identifiable Information”). If you or your child registers to gain access to Products, you may be required to provide ImPACT Applications with additional Personally Identifiable Information including, but not limited to, your test results, symptoms, age, weight, etc. (“Additional Personal Information” and, together with “Personally Identifiable Information”, “PII”).
PII may also include one or more of the following:
1. User’s name, contact information (email address, mailing address, phone number, date of birth, and sex).
2. Schools or sports clubs, including contact information (mailing address, phone number and email address).
3. User’s medical provider, including contact information (mailing address, phone number and email address).
ImPACT Applications collects PII necessary to use the Site and the Products, and does not collect Social Security numbers, medical insurance information or financial information.
In the event a payment becomes necessary to access one or more Products, ImPACT Applications may request information necessary to process such payments such as credit card, checking account information or other on-line payment mechanisms. All such information will be encrypted and processed by accredited third party providers, and will not be retained upon successful completion of the transaction, unless you specifically elect to retain such information in your account.
3. Use of Information Collected From Site Users
When you register ImPACT Applications collects PII about you. ImPACT Applications uses PII to provide you with testing data, provide you with content that you may request, inform you about new products or services, send emails to you regarding questions about the Site, the Products, and to inform you of significant changes to this Policy.
ImPACT Applications may also use your PII along with the information of all or some of the other users of the Products for research purposes (the “Aggregated Data”). ImPACT Applications may use the Aggregated Data in an effort to discover certain trends in testing results, certain aspects of the Products which require refinement, the possible correlation of Aggregated Data with certain other measurements, demographic data, etc.
4. Sharing of Information Collected From Institutions
5. Special Notice for Parents and Guardians of Children Under 13
Sharing of PII with a third party is not required to register on the Site or access Products. If a parent or guardian does not wish to share a child’s PII with an institutional user who has provided access to a Product, they must find another institutional user.
As required by the Child Online Privacy Protection Act (“COPPA”), we provide parents or guardians notice of all third parties with whom we may seek to share PII. ImPACT Applications will not share the PII of any test taker under the age of 13 with any third parties, except when that test taker registers through an Authorized Reseller, in which case the PII is shared only with the Authorized Reseller. Authorized Resellers may use such PII for internal purposes only and agree to be bound by all the terms and conditions of this Policy.
6. Sharing of Information Collected From Site Users with Third Parties
Only in the event you are older than 13 years of age and provide ImPACT Applications with your consent will ImPACT Applications share your PII with certain marketing and/or service providers (“Partners”). ImPACT Applications will seek your consent to share this information at the time it is collected, and any User can elect to change or withdraw their consent at any time. Other PII, including test results, will not be shared with Partners.
7. Use of Aggregated Data by Third Parties
ImPACT Applications may, from time-to-time, use Aggregated Data to provide third parties with information on user patterns or characteristics or scores. All such Aggregated Data shall at all time be de-identified (devoid of PII). ImPACT Applications also occasionally provides third parties such as academic or private research organizations, governmental agencies, equipment manufacturers and other third parties de-identified Aggregate Data. In some cases ImPACT Applications may receive compensation from third parties for their use of such de-identified Aggregated Data.
8. Use of site by children
The content on the Site and the Products are designed and intended to be used by children only with the consent and under the supervision of a parent or guardian (or, in the case use is through an institutional user, with the consent and supervision of such institutional user acting with authority and consent from the parent or guardian). Except for the purposes of obtaining verifiable consent as permitted under COPPA, ImPACT Applications collects PII from a person under the age of 13 only with the consent of a parent, guardian or authorized institutional user.
For all users under the age of 18, whether older or younger than 13, the parent, guardian or an authorized institutional user is solely responsible for providing supervision of the child’s use of the Site and/or the Products and a parent or guardian who registers a minor shall assume full responsibility for ensuring that the registration information is kept secure and that the information submitted is accurate and complete. Any such parent or guardian also assumes full responsibility for the interpretation and use of any information or suggestions provided through the Site and/or the Product related to that minor.
9. Access To and Individual Rights Involving PHI
ImPACT Applications does not maintain any Designated Record Set (“DRS”) as that term is defined by the Health Insurance Portability and Accountability Act (“HIPAA”). Accordingly, all requests for access to PHI contained within a DRS should be directed to the third party institutional user that created and/or maintains the DRS, such as the group, institutional or medical provider that provided you access to the Products. Similarly, requests for amendments or restrictions to PHI under HIPAA should be directed to the same third parties.
10. Disposal and Security Measures
ImPACT Applications disposes of PHI, electronic PHI (“e-PHI”) and PII in a manner designed to minimize the risk of loss, theft or misuse of this information. Disposal methods include those that are meant to wipe, sanitize or otherwise erase PHI, e-PHI or PII from the devices or media on which it is stored. Similarly, non-electronic PHI or PII will be shredded or otherwise disposed of, so that the potential for re-creation of information is minimized. ImPACT Applications institutes security measures intended to provide security of the PHI, PII and e-PHI collected. ImPACT Applications employees are trained on the requirements of HIPAA and their access to e-PHI, PII and PHI is based on job function. ImPACT Applications requires user authentication prior to allowing access to e-PHI and encryption is used to prevent unauthorized access to e-PHI. ImPACT Applications implements other industry-standard security measures to protect e-PHI including, but not limited to, periodic independent audits of security controls.
11. Disclosure of your Information
Except as set forth in this Policy or as specifically agreed to by you, ImPACT Applications will not disclose any PII on the Site or through the use of the Products. You agree ImPACT Applications may release PII: (1) to comply with legal requirements such as a law, regulation, search warrant, subpoena or court order; or (2) in response to a physical threat to you or others, to protect property or defend or assert legal rights. In the event ImPACT Applications is legally compelled to disclose PII to a third party, ImPACT Applications will attempt to notify you unless doing so would violate the law or court order. ImPACT Applications may disclose PII as described further below.
Service providers may have, or be granted from time-to-time, limited access to PII in the course of providing services to ImPACT Applications. Such third-party providers may include vendors and suppliers that provide ImPACT Applications with technology, services, and/or content for the operation and maintenance of the Site, databases and/or the Products. Some third parties may have access to your email address to send newsletters or special promotions to you on our behalf or to send emails to you for purposes such as conducting market research for ImPACT Applications. Access to PII by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function. ImPACT Applications requires all service providers to execute written agreements which require the third party to: (1) protect the privacy of PII consistent with terms and conditions no less stringent than those in this Policy; and (2) not use or disclose PII for any purpose other than providing ImPACT Applications with products and services.
ImPACT Applications will retain PII and PHI for 7 years or in accordance with any Federal or state requirements. Should one of ImPACT Application’s partners request the return of PHI pursuant to a HIPAA Business Associate Agreement, ImPACT Applications will comply the provisions of the applicable Business Associate Agreement.
International Users Consent to Processing and Transfer of Information
If you access impacttest.com outside of the United States, you fully understand and unambiguously consent to the transfer of your personal information to, and the collection and processing of such personal information in the United States.
14. Social Media
When you participate in various social media forums like Facebook and Twitter, you should be familiar with and understand the tools provided by those sites that allow you to make choices about how you share the personal data in your social media profile(s).
Also, depending on the choices you have made regarding your settings on various social media sites (and/or in combination with your settings on the ImPACT Applications pages), certain personal data may be shared with ImPACT Applications about your online activities and social media profiles (e.g., interests, marital status, gender, user name, photo, comments and content you have posted/shared etc.).
15. ImPACT Application’s Ability to Change the Policy
ImPACT Applications reserves the right, in its sole and absolute discretion, to amend this Policy from time-to-time. In the event such an amendment constitutes a “material” change (as defined below) in the collection and/or aggregation of PII, ImPACT Applications will notify you in advance of such proposed change and will provide you with an ability to “opt-out” of your registration on the Site. For purposes of this Policy, “material” means a change significantly expanding ImPACT Application’s ability to collect, use or disclose PII. If, following notice from ImPACT Applications regarding an adoption of a material change, you continue to use the Site an/or any of the Products, such continued use will constitute your acceptance of such material change(s). If you decide that any of the material changes are not acceptable to you then you should immediately stop using the Site.
If you have any questions about this policy, or any other aspects of your privacy with respect to ImPACT Applications, Inc., please contact us at:
ImPACT Applications, Inc,
Attn: Privacy Officer,
9665 Granite Ridge Drive, Suite 550, San Diego, CA, 92123