Netsmart Privacy Policy

Updated September 19, 2023

I. SCOPE AND PURPOSE

Netsmart Technologies, Inc. and its affiliates (“Company”, “we”, or “us”) respects your privacy and is committed to protecting it through our compliance with this privacy notice (“Privacy Notice”). Our Privacy Notice is designed to provide transparency into our data practices in a format that is easy to read and navigate. Please read the sections below to understand how we collect, use, share, and safeguard your information when you visit our websites (“Sites”), mobile applications and social media pages that link to this Privacy Policy, email, text and other electronic messages between you and our Sites. This Privacy Notice also applies to any information we collect offline, such as when you visit our offices, attend our events, or interact with our representatives at other events, and in the context of other online or offline sales and marketing activities. By accessing or using our Sites, you agree to this Privacy Policy.

Our Technology Solutions

This Privacy Notice does not apply to Netsmart technology solutions that have their own privacy notices, or to websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of the websites of other entities and we urge you to review any applicable third-party privacy policies for yourself.

Our Clients

Please note that our processing of data on behalf of our healthcare provider clients (“Clients”) is governed by the Business Associate Agreement we enter into with our Clients, as applicable and required under the Health Insurance Portability and Accountability Act (“HIPAA”). You can learn more about our processing of your information on behalf of our Clients under the technology solution specific privacy notice. Your healthcare provider may also have its own privacy practices and/or policies that govern its collection and use of your data. We are not responsible for how your healthcare provider treats your information, and we recommend you review their own privacy policies.

Minors

Our Sites are intended for serving the needs of our healthcare clients and are not directed to minors under the age of 16 or children under the age of 13. We do not wish to obtain any information from or about such minors or children through our Sites. If you are a parent or guardian and you believe we have collected information from your child or a minor in a manner not permitted by law, contact us using the information in the “Privacy Questions” section below. We will remove the data to the extent required by applicable laws. Please note that such requests may not ensure complete or comprehensive removal of information as some of it may have been reposted by another user.

II. INFORMATION WE MAY COLLECT

We collect several types of information from and about you, including personal information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device information. We collect information from and about you in the following four ways:

• Information we collect directly from you
  We collect information you provide directly to us, such as when you voluntarily enter information into fields on the Sites, sign up for or request certain services or information, agree to participate in our surveys, register for a specific conference or webinar, or call our customer service. Depending on how you interact with us, we may ask for your name, practice/organization name, address, email address, telephone number, and demographic information such as organization and/or role.
• Information we collect with cookies and tracking technologies
  When you access our Sites, we may collect information about your visit and your device using automatic data collection technologies as described in the “Cookies and Tracking Technologies” section below. This information may include IP address, geolocation information, browser type and version, device type, mobile device identifiers, and information reflecting how you searched, browsed, and were directed to the Sites.
• Information we collect from third-party organizations
  We may also collect information from other sources, such as lead generation companies, social networks, and our business partners. We may also collect information from other users of our services or from publicly available sources.

Personal Information Categories Collected

Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from visitors of our Sites within the last twelve (12) months:

Category of Personal Information	Category of Source	Business or Commercial Purpose(s) for Collection	Categories of Third Parties with Whom we Share
Personal identifiers including name, address, phone number, Internet Protocol address, email address, or other similar identifiers	You or your agents Your employer Our service providers Third-party partners	Identity verification Business ownership and/or authority verification Provide and improve the Services Communicate with You Protect Your Account Prevent fraud or illegal activity Conduct our marketing activities Legal and compliance purposes Everyday business purposes*	Our affiliates Our service providers Third parties as required by law
“Sensitive Personal Information” such as age, race, sex, religion, passport number and medical information	You or your agents Our service providers	Identity verification Conduct our marketing activities Legal and compliance purposes Everyday business purposes*	Our affiliates Third parties as required by law
Online identifiers - Internet or other network activity information, including browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement	You or your agents Our service providers Third-party partners	Identity verification Prevent fraud or illegal activity Conduct our marketing activities Legal and compliance purposes Everyday business purposes*	Our service providers Third parties as required by law

III. HOW DO WE MAY USE YOUR INFORMATION

We may use or disclose the Information we collect or you provide as described in this Privacy Policy:

• To present our website and its contents to you.
• To market and promote products or services provided by our Company or partners.
• To provide you with information, products, or services that you request from us.
• To fulfill a purpose as described to you when collecting your Information.
• To provide you with notices about your account.
• To carry out our obligations and enforce our rights arising from any agreements entered into between you and us.
• To allow you to participate in interactive features on our website.
• To improve our website or services.
• To conduct market research.
• To fulfill any other purpose for which you provide it, with your consent.

We may use the information we have collected from you to enable us to display advertisements to our target audiences. Even though we do not disclose your information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet the target criteria.

IV. SELLING OR SHARING YOUR INFORMATION

We do not sell your information to third parties. We do not share your information with third parties for their promotional or marketing purposes. We may disclose information that we collect, or you provide, as follows:

• To comply with legal requirements and corporate transactions.
• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Company about our website users is among the assets transferred.
• To comply with any court order, law, subpoena, or legal process, including to respond to any government or regulatory request.
• If we believe in good faith disclosure is necessary or appropriate to protect the rights, property, or safety of our Company, our clients, or others, investigate fraud, for national security and/or law enforcement purposes.
• For any other purpose disclosed by us when you provide the information.

Notwithstanding the above, we may share information that does not identify you and could not reasonably be used to identify you (including information that has been aggregated, anonymized, or de-identified) except as prohibited by applicable law.

V. COOKIES AND TRACKING TECHNOLOGIES

Our Company or third parties we contract with may use persistent identifiers such as cookies and other tracking technologies to collect certain information about visitors to our website and interactions with our online content or applications, including advertisements. The information we collect may be associated with your personal information or we may collect information, including information about your online activities over time and across different websites.

Our cookie compliance policy is based on cookie functionality and intended purpose, as defined by the following categories:

• Essential Cookies
  Essential cookies or strictly necessary cookies are cookies that are essential for a website to function correctly. These cookies are essential for you to browse our website and use its features, such as page navigation and accessing secure areas of the site. The website cannot function properly without these cookies.
• Analytics & Customization Cookies
  These cookies analyze usage for site optimization. These cookies collect information that is used either in aggregate form to help us understand how our website is being used, or to help us customize our website for you. Analytics cookies are used to understand how visitors interact with the website; they help provide information on metrics such as the number of visitors, bounce rate, and traffic source. Customization cookies help us to personalize your experience on the website with features like relevant content or products you could be interested in based on what you previously viewed. These cookies are set by us or by third party providers who may add services and features to our website.
• Advertising Cookies
  These cookies help serve advertising content that is relevant to you. These cookies track your online activity to help advertisers deliver more relevant advertising, to limit how many times you see an ad, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests. These cookies can share that information with other organizations or advertisers. Without them you will still see ads, but they might not be as relevant to you.
• Performance & Functionality
  These cookies facilitate measurement and analytics for improved browsing experience. These cookies are used to enhance the performance and functionality of the website but are non-essential to their use. However, their sole purpose is to improve website functions. This includes cookies from third-party analytics services that we may use.

We periodically scan and evaluate our Sites for cookie compliance against our defined policies and to block undesirable cookies. You can manage your cookie preferences via the banner available on our Sites under the Cookie Preference option. Please note, that you cannot opt-out from essential cookies to use our Sites.

VI.SOCIAL MEDIA AND OTHER INTEGRATIONS

Some of our Sites and services may have social media and technology integrations that are operated or controlled by separate entities. We also may collect information from third party social media and marketing companies to enhance our data sets. Some examples include:

• Links: Our Sites include links that hyperlink to websites, platforms, and other services not operated or controlled by us.
• Liking, Sharing, and Logging-In: We may embed a pixel or SDK on our Sites that allows you to “like” or “share” content on, or log in to, your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through the integration.
• Social Media Content: We may offer our content through social media. Any information you provide to us when you engage with our social media content is treated in accordance with this Policy. Also, if you publicly reference our Sites on social media (e.g., by using a hashtag associated with Netsmart in a tweet or post), we may use your reference on or in connection with our Sites.

Please note that when you interact with other entities, including when you leave our Sites, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

VI. YOUR CHOICE AND TRANSPARENCY

a. Rights and Choices

Data Privacy Requests

We want you to be in control of how your personal data is used by us. Subject to local law, you may have the right to be informed of, and request access to, the personal data we process about you; update and correct inaccuracies in that information; have the information restricted or deleted; object or withdraw your consent to certain uses of data; and lodge a complaint with your local data protection authority. You may also have the right not to be subject to automated decision-making, including profiling, where it would have a legal or similarly significant effect on you; and the right to data portability with regard to the data you provided to us.

Netsmart enables you to exercise those rights in a variety of ways, including by:

• Submitting a Data Privacy Request online
• Calling us at (800) 842-1973 and select the Privacy Office option
• Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, United States

When contacting Netsmart and where your issue requires it, we may request more information from you, such as to verify identity, or indicate that a response will require additional time. You may at any time refer your complaint to the relevant regulator in your jurisdiction if you are unsatisfied with a reply received from us. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

b. California Privacy Disclosure

California residents have a right to knowledge, access, and deletion of their personal data under the California Privacy Rights Act (“CPRA”). California residents also have a right to opt out of the sale of their personal data by a business and a right not to be discriminated against for exercising one of their California privacy rights. Netsmart does not sell your personal data to anyone for any purpose and does not discriminate in response to privacy rights requests.

We provide disclosure of our data practices in this Privacy . This includes what personal data is collected, the source of the personal data, and the purposes of use, as well as whether Netsmart discloses that personal data and if so, the categories of third parties to whom it is disclosed.

If you are a California resident and you or your authorized agent, would like to exercise your rights under the CPRA, requests may be made by:

• Submitting a Data Privacy Request online
• Calling us at (800) 842-1973 and select the Privacy Office option
• Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, United States

Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with our Company, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note, that we will both render certain personal data about you permanently unrecoverable and also de-identify certain personal data.

c. Protection of Personal Information

We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use physical, electronic, and administrative safeguards designed to protect your information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Sites such as message boards. The information you share in public areas may be viewed by any user of the Sites,

d. Internal Transfers

We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Sites from outside of the U.S., please be aware that information collected through the Sites may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of the Sites or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. as set out in this Privacy Policy.

e. Updates to this Privacy Notice

This Privacy Notice sets out the essential details relating to your personal data relationship with the Company. From time to time, we may develop new capabilities, features, or offer additional services which may require we make material changes to this Privacy Policy. When we do, we’ll let you know by revising the date this Privacy Notice was last updated on our website. Other times, we may provide you with additional notice (such as an email) with more information about the revisions. Unless stated otherwise when we introduce these new or additional services, they will be subject to this Privacy Notice and become effective when we post it on our website.

VII. PRIVACY QUESTIONS

If you have any questions regarding this Privacy Notice, privacy related comments or concerns, or to submit a data privacy request, please contact us at:

• Submitting a Data Privacy Request online
• Calling us at (800) 842-1973 and select the Privacy Office option
• Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, United States

We will investigate and attempt resolve any concerns regarding use and disclosure or personal information in accordance with this Privacy Policy and in accordance with applicable law.