Privacy Policy
Last updated April 8, 2026
This Privacy Notice for Nursegrid & Nursegrid Learn (“Privacy Notice”) explains how we collect and treat information when you visit nursegrid.com or use the Nursegrid mobile application (together, “Nursegrid”) or use Nursegrid Learn products or services available through learn.nursegrid.com or via the mobile application (“Nursegrid Learn”). Nursegrid and Nursegrid Learn (collectively, the “Services”) are provided by HealthStream, Inc. along with its subsidiaries and affiliates (collectively, “HealthStream,” “us” or “we”). If you have questions about our privacy practices or would like to make a complaint, please contact us at support@nursegrid.com or toll free at 1-866-635-8151.
This Privacy Notice is part of and governed by the Nursegrid Terms of Use or Nursegrid Terms of Use for Institutional Users, as applicable, to which you agreed when you first accessed the Services. Any additional notices that we may provide about our privacy practices will be considered to form part of this Privacy Notice. We may periodically update this Privacy Notice. If we make any material changes, we will notify you through the Services or by updating this posting. Your continued use of the Services after the effective date will be subject to the new Privacy Notice. You are responsible for checking this Privacy Notice for changes.
Our Privacy Promise
We value you and your privacy, and we want you to understand how we treat and protect your information. Here is a summary of our promise to you, as detailed in this Privacy Notice:
- Individual users may use the Services for free at a limited service level and have the option to purchase course subscriptions or individual courses through Nursegrid Learn. If you access the Services through your nursing employer, you may have access to a paid premium SaaS service level as subscribed to by your employer.
- Your Shift Reflections in Nursegrid are 100% private. Any reporting we do on trends in Shift Reflection is done in aggregate and your user info remains 100% anonymous.
- Any Personal Information (defined below) that is necessary to use the Services’ core features will be securely stored by us and only accessible to you, your employer, and any colleagues with whom you choose to share it.
- Private messages to other users are only viewable by the message recipient.
- Use of certain features on the Services may be visible to, copied, or stored by other users. You decide whether and how to use those features.
- You can always control your data, either directly through your account, through your nursing employer, or by contacting us for help.
- We do not sell your Personal Information.
- Some disclosures of Personal Information to Nursegrid Partners may qualify as sharing for cross-contextual advertising purposes. See Section 5 for details.
- We will always notify you if this promise changes in any way.
- BY USING OR ACCESSING OUR SERVICES IN ANY MANNER, YOU CONSENT TO THE PRIVACY PRACTICES DESCRIBED IN THIS PRIVACY NOTICE. If you do not agree with this Privacy Notice, do not use the Services. This Privacy Notice DOES NOT apply to information collected while using a website or platform owned or operated by a third party, or other services offered by HealthStream.
We encourage you to read this Privacy Notice to understand in detail how we collect and use your information.
1. Personal Information Defined
When we say, “Personal Information,” we mean information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or household. Below are typical categories of Personal Information and examples for each category:
- Identifiers (e.g., name, address, telephone number, email address, username);
- Employment-related information (e.g., current or past employment);
- Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99);
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies); and
- Internet or other similar activity (e.g., browsing history, content interactions);
- Protected classification information (e.g., race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
- Biometric information (e.g., voice, image, keystrokes, biological characteristics);
- Sensitive Personal Information (e.g., state identification number, financial information, health information, precise geolocation);
- Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.
Not all information about you is your Personal Information. Certain information is exempt from privacy law protections. For example, publicly available information, aggregated information (meaning data summaries or reports with Personal Information removed), and anonymized information that cannot be linked back to an individual are types of information that may not be legally protected as Personal Information.
2. No Health Data
The Services should not be used to collect or process any health data. Please do not submit any health data about yourself, patients, or any other person to the Services. We cannot provide any assurances with respect to the health data you choose to submit to the Services. If we discover that health data has been submitted to the Services, we will delete such information from our systems. If you become aware of any unauthorized submission of health data, please contact us at support@nursegrid.com or 1-866-635-8151.
3. Collection and Use of Personal Information
Like most applications, the Services use Personal Information to give you a great experience. We only collect your Personal Information with your consent, as instructed by a nursing employer subscribed to the Services, to achieve a legitimate interest, or as authorized or required by law. The Personal Information we collect will depend on whether you use the Services as an individual user or through your nursing employer and the features you use.
In any case, we only collect and use Personal Information as adequate and relevant to the specific, express purposes described in this Privacy Notice, as reasonable, necessary, and proportionate to provide you with our Services, or for other purposes that we disclose to you and are compatible with the context of how we collected your Personal Information.
During the last 12 months, we have collected Personal Information like identifiers, employment information, commercial history, internet activity, and biometric data if the user uploaded a photo of themselves. This information is collected as described below:
- Your user profile. Each user will be asked to register and create a profile including identifiers like name, address, email, and telephone number, plus employment information like professional credentials, worksite, and department. Users can upload a photo of themselves. We may also request permission from your device to access your calendar, camera, microphone, or other device applications. You will be given the choice to opt-in or opt-out of receiving push notifications on your device. This information is collected with your consent and is used to facilitate your use of the Services.
- Your use of certain features. The Services may prompt you to provide additional Personal Information for certain features to function.
- Shift Reflections is designed to guide you in recording introspections about your shift. Shift Reflection collects your rating data (i.e., answers to standard choice questions) and your comments (i.e., answers to optional free text questions). Any Personal Information you submit under Shift Reflections or similar features is provided by you voluntarily and with your consent.
- Using Shift Reflections is optional, and the information you input is 100% private. We do not share your personal Shift Reflection data with other users or third parties without your consent. Any comments you make in Shift Reflections remain 100% confidential.
- For the credentials tracking feature to work, you will need to input your professional credentials and other employment information. The shift comparison or shift swap features require you to enter your shift schedule (either manually, automated from your nursing employer, or synced from another app on your device). Your colleagues who use the Services will be able to see your shift schedule.
- Any Personal Information you include in a private message will be visible to the message recipient, and possibly to others if the recipient shares or copies the message. If you post content to public areas of the Services, those posts may be visible to, copied, or stored by other users. Your use of these features is entirely optional, and any Personal Information you submit is provided by you voluntarily and with your consent.
- Nursegrid Jobs. The Nursegrid Jobs feature allows you to explore and apply for available nursing jobs or indicate your availability to prospective employers. To begin, you will create a profile for your applications that includes your full name, phone, email address, job title, professional summary and a photo, along with details like your qualifications, licenses, certifications, and education records (your “Jobs Profile”). You choose the information to include in your Jobs Profile, and you can update the information at any time.
- Nursegrid Jobs will ask for your consent to share your Jobs Profile with the employers to which you apply for jobs. If you consent, we will share your Jobs Profile with those employers. If you select “Open to Work,” your Jobs Profile will be accessible by prospective employers within a database of available job candidates.
- Employers may use your Jobs Profile to contact you and consider you for job opportunities, or for other purposes according to the employer’s privacy practices (not ours). You can revoke your consent at any time, and we will not share your Jobs Profile with employers going forward.
- Your use of Nursegrid Learn. On Nursegrid Learn, you can purchase individual nursing continuing education courses or subscribe to unlimited courses on an annual basis. Once you purchase a single course or subscription, you will be prompted to connect or create your hStreamID to use on Nursegrid Learn (your hStreamID is governed by the HealthStream Privacy Statement). Your hStreamID will give you access to the HealthStream Learning Center, where you can access your courses.
- Your nursing employer, as a service provider. If you use the Services through your nursing employer, your nursing employer may submit your identifiers, employment information, or other Personal Information to create your profile and to automate shift swap requests and other features. We collect and use this information in our role as a service provider to your nursing employer at their direction and according to their privacy practices, or as permitted or required by law.
- Your chats with us. If you participate in a live chat with us on the Services, we collect and record any information, including Personal Information, that you choose to include in the chat. Please note that our live chat feature is made possible through our relationship with a third-party service provider, and your chats may be accessible simultaneously and in real-time by that third-party service provider. BY INITIATING OR CONTINUING A LIVE CHAT, YOU CONSENT TO OUR THIRD-PARTY SERVICE PROVIDER ACCESSING YOUR CHATS. If you do not consent to such access to your chats, you should not initiate or participate in a chat.
- Your communications with us. If you contact us by email, online form, or other means to request information or support, we will collect your name and email address to respond to your inquiry. If you complete one of our surveys, report a problem, or interact with our support team, we will collect any Personal Information you submit to us through those channels. If you use our SaaS services, we may also collect your employment information to confirm your account details. We may keep records of our interactions with you. We use this information for the purposes stated at the time of collection.
- Other users or third parties. If a user invites you to the Services, we will collect your email address and use it to send you an invitation on behalf of that user. You can unsubscribe from these emails at any time. Analytics companies, advertisers, and other third parties may provide us with Personal Information about you that is publicly available or related to your internet activities on online services. We collect and use this information for our legitimate interests of marketing the Services and developing new features.
- Automatically from your use of the Services. When you interact with the Services, we automatically collect data about your internet activity such as your IP address, internet service provider, browser, information, device data, date and time of access, and the content with which you interact. Like most online services, the Services use cookies for various purposes as described in our Cookie Declaration. In addition to the cookies and related technologies described in the Cookie Declaration, we use Mixpanel cookies to analyze user interactions with Nursegrid and Nursegrid Learn and an application manager pixel to track user activity across Nursegrid and Nursegrid Learn. We collect this information to achieve our legitimate interest in managing and improving our Services. We use this information to administer the website, provide and improve the Services, analyze usage, protect the Services and their content from inappropriate use, and improve the nature and marketing of the Services. You can control how these technologies interact with your device by adjusting your device settings or by opting out using the cookie consent tool we provide.
In addition to the uses described above,we might also use your Personal Information to: (i) provide, maintain, and improve the Services; (ii) personalize the user experience and provide customer service; (iii) send you support and administrative messages; (iv) monitor your compliance with any of your agreements with us; (v) detect, investigate, and prevent fraudulent transactions and other illegal activities and protect our or others’ rights and property; (vi) protect your privacy, enforce this Privacy Notice, and comply with applicable laws, regulations, legal processes or court orders; (vii) if we believe it is necessary, to identify, contact, or bring legal action against persons who may be causing injury to you, to us, or to others; or (viii) fulfill any other purpose to which you consent.
We will not collect additional categories of Personal Information or use already collected Personal Information for purposes that are materially different, unrelated, or not reasonably necessary or compatible with the original purpose without notice and consent to you as required by law.
4. Children’s Privacy
The Services are designed for users aged 18 and older. We do not knowingly collect Personal Information from children under 18. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our systems. If you believe we might have any information collected online from a child under 18, or if you become aware of any unauthorized submission of information to us, please contact us at support@nursegrid.com or 1-866-635-8151.
5. Nursegrid Partners
From time to time, we partner with companies that want to offer discounts, promotions, or other offers exclusively to our users (“Nursegrid Partners”). These offers are posted on the Services as advertisements and users receive the promotion when they click through and purchase the product or service from the Nursegrid Partner. Any Personal Information you submit to the Nursegrid Partner when you make a purchase or sign up for services is subject to the Nursegrid Partner’s privacy practices, not ours. You consent to this processing by clicking the ad and interacting with the Nursegrid Partner. If you don’t want a Nursegrid Partner to have your Personal Information, do not click on the ad or engage the Nursegrid Partner for products or services. We may earn a commission from your purchase with a Nursegrid Partner.
Please note that HealthStream and the Nursegrid Partner may exchange user data to facilitate your use of Nursegrid along with the products or services of the Nursegrid Partner. The Nursegrid Partner is strictly required to keep all disclosed data confidential and to only use the data to fulfill the contract with us. For example, we may provide user data (e.g., username, employer, hire date) to the Nursegrid Partner or the Nursegrid Partner may report to us whether a user participated in a promotion. We may use the data received from the Nursegrid Partner for any purpose as permitted by this Privacy Notice and applicable law. You can adjust your account settings to opt-out of sharing, which will prevent the disclosure of your information in this manner to the extent that this exchange of data qualifies as “sharing” Personal Information under privacy laws. Please note that opting out may make it impossible for the Nursegrid Partner to provide you with the promotion. For clarity, neither HealthStream nor the Nursegrid Partner will never sell your Personal Information to one another or to any third party.
6. Disclosure of Personal Information
We only disclose your Personal Information in limited circumstances and for specific purposes. In the last 12 months, we have disclosed all categories of Personal Information that we collected for a business purpose to these recipients:
Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
- Your Nursing Employer. If you use the Services through your nursing employer, we may disclose Personal Information collected from your use of certain features to your nursing employer so those features can function. For example, if you request a shift swap, your nursing employer will see your request so that your supervisor or other users can review and approve the request. We are committed to keeping your private information private, even from your nursing employer. We will never share your Shift Reflections or private messages sent via the Services with your nursing employer.
- Our Chat Provider. To enable the chat feature available through the Services, we may transfer certain data to our third-party chat service provider simultaneously and in real-time. Our chat service provider will only use your chat data to facilitate your chat and provide you with support, to provide us with the live chat feature, or for internal operations purposes. By participating in a live chat, you consent to the disclosure of your chats, and the data you include in those chats, to our third-party service providers, and you waive any potential eavesdropping or wiretapping claims.
- Employers that Receive Your Nursegrid Jobs Profile. We will disclose your Jobs Profile to employers when you create your Jobs Profile and apply for the job or indicate that you are “Open to Work.” This disclosure is subject to your consent and the selections you make on the Services to submit your information to the employer. If you do not wish your Jobs Profile to be shared with a particular employer, do not apply for a job with that employer and do not select “Open to Work.” An employer may use the Personal Information in your Jobs Profile to contact you and consider you for job opportunities, or for other purposes according to the employer’s privacy practices. Any information you submit to a potential employer will be collected and processed according to the potential employer’s privacy practices. If you want to change, access, or delete the information an employer received through your Jobs Profile, please contact that employer. You can contact support@nursegrid.com for help identifying employers that have received your Jobs Profile.
- Other Service Providers. Service providers like our chat provider, data analyst companies, payment processors, and email and data hosting providers may have access to your Personal Information in order to perform their contractual obligations to us. Our service providers are subject to contractual agreements that protect your Personal Information, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. The type of information that we provide to a Service Provider will depend on the service that they provide to us. We prohibit our service providers from selling or disclosing the Personal Information we provide, and we require all service providers to maintain confidentiality standards and appropriate technical and organizational measures to ensure the security of your Personal Information.
- Affiliates. As a part of the HealthStream family of services, we may disclose the Personal Information we collect about you via the Services to our HealthStream affiliates or subsidiaries. If we do disclose your Personal Information to HealthStream affiliates or subsidiaries, their use and disclosure of your Personal Information will be subject to this Privacy Notice. Additionally, we may disclose Personal Information to Nursegrid Partners, which the Nursegrid Partner must keep confidential and only use for its contractual obligations to us.
- Advertisers. Nursegrid Partners or other advertisers may place ads on Nursegrid. If you click on an ad, you will be redirected to the advertiser’s website or platform. Any information you provide to the advertiser will be processed according to the advertiser’s privacy practices, not ours. We may collect data about the ads you click from the Services to measure the popularity and effectiveness of ads on the Services. We may place cookies or pixels on the application to track and report on content interactions and to serve you with tailored advertisements when you visit social media and other platforms. This allows us and our advertisers to better understand how users interact with the platform and its features and to inform advertisers of the offers that most interest our users. You can opt out of these disclosures by not interacting with ads on the Services. Please note that if you directly interact with an advertiser, the advertiser will process your Personal Information according to its privacy practices.
- Law enforcement or other government agencies as permitted or required by law.
- Cookie information recipients, subject to their respective privacy notices.
7. Aggregated Data
We may process data collected through the Services to generate aggregated or deidentified data sets. This section explains how those datasets are processed and used. Please note that data in aggregated or non-identifiable formats is not subject to protection under applicable privacy laws.
- Reporting to subscribing nursing employers. As a premium service to subscribing nursing employers, we provide aggregated reporting on user trends in content consumption and Shift Reflection data. Rest assured that we will never allow your nursing employer or anyone else to see your Personal Information. Reporting may be aggregated at a facility or department level but will never include a sample size small enough for any Shift Reflection or content consumption data to be personally identifiable. Journal Entries made by users in the Shift Reflection are never included in any premium service reporting. We may also use the same fully anonymized, deidentified or aggregated reports to assist with our research, marketing, advertising, or other purposes. If we ever have a data collection mechanism specifically intended for a nursing employer’s use, we will notify you that the data is being collected for that specific purpose and help you understand the privacy implications before you use it.
- Other aggregated or deidentified data. We may create trend reports or aggregated data reports based on Shift Reflection ratings. Reports never include individual names or other identifiers. Journal Entries made in Shift Reflections are never included in our trend reporting. These reports only show data across large samples, and all data is 100% deidentified, meaning that the data excludes all Personal Information about the creators, so it is impossible to link the information to a specific user. Reports could be made public or shared with third parties, but all reports of this nature are 100% anonymous and de-identified. We also reserve the right to disclose aggregated, anonymized, or de-identified information about any individuals with nonaffiliated entities for business development, marketing, advertising, research, or other purposes, without restriction.
8. Third-Party Services
If you click an ad or link on the Services, you will be redirected to a website or platform operated by a third party whose privacy practices may differ from ours. If you submit Personal Information to any third-party websites or platforms, your information is governed by the privacy policies of those third parties and HealthStream has no control over their privacy practices.
9. Retention of Personal Information
We only retain Personal Information as necessary to provide you with the Services you request. For example, if you contact us for information or support, we will retain the information you provide for the necessary length of time to respond to your inquiry. We will retain your account information, such as your identifiers and employment information, as long as your account remains active. We regularly review and deidentify unnecessary Personal Information, and we periodically delete data associated with inactive accounts.
10. Offered in the U.S. and Canada
The Services are owned and operated in the United States and designed to serve nurses and nursing employers and their users located in the United States and Canada only. We do not market the Services to residents of the European Union or any other jurisdiction outside of the United States or Canada. If you reside outside of the United States or Canada, please do not submit any Personal Information to us.
If you are a user of the Services who is a non-US resident or if you visit the website from outside of the United States, you acknowledge and consent to your Personal Information being transferred to our servers in the United States and maintained there in accordance with our retention policy. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement, or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction. By allowing us to collect Personal Information about you, you consent to this Privacy Notice in its entirety and the transfer and processing of your Personal Information as described in this paragraph, and you waive any and all remedies that you may have based on the laws of your jurisdiction.
11. Your Privacy Choices and Controls
We believe you should have the ability to readily control the Personal Information we collect and hold about you. If you have questions or need help, please contact your nursing employer, send us a Consumer Privacy Request, or email us at support@nursegrid.com.
- Your Account Profile and Device Settings. You can sign into your account to access, change, or delete your Personal Information at any time. If you require assistance to access or make certain changes, please contact support@nursegrid.com. You can also control the data we collect about you by adjusting your device settings.
- Informational and Marketing Communications. If you provide your email address, we may send you informational or support emails. If you opt-in to receive marketing communications from HealthStream, we may send you emails, push notifications, or in-app messages related to your activity on the Services, to inform you about Services features, or for direct marketing purposes. We will only send you these communications in ways that are compatible with your privacy choices. To opt out, change your preferences via the links provided in the emails or email support@nursegrid.com.
- Texting Consent. If you provide us with your wireless number, you consent to HealthStream sending you text messages for informational or authentication purposes. The number of texts that we send to you will be based on your circumstances and requests. You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
- Do Not Track Requests. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. If this changes in the future, we will update this Privacy Notice.
- Consumer Privacy Requests. You can exercise your rights beyond the methods provided, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information. If you use the Services through your nursing employer, please contact your nursing employer with any privacy requests or inquiries.
All other users can contact us on privacy matters by submitting a Consumer Privacy Request or by email at support@nursegrid.com.
We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. In that case, we will tell you the cost estimate and why we are charging the fee before completing your request. We may be unable to fulfill some or all of your requests, for example, if your request falls within a statutory exception or if fulfilling your request would prevent us from complying with a statutory or contractual obligation. If we do not fulfill your request within the legally required timeline, you can appeal our response by contacting support@nursegrid.com.
12. U.S. Privacy Rights
In the United States, consumer privacy is governed by federal privacy laws covering specific industries or data uses (e.g., HIPAA) and state privacy laws providing general consumer privacy rights. This section provides informational notices for state privacy laws applicable to residents of states that require companies to inform consumers about their privacy rights and provide a method to exercise those rights. Residents of these states (each a “Consumer”) can exercise their privacy rights by submitting a Privacy Request as instructed in Section 11. Some of these laws may not apply to our Services, in which case these notices are offered as a courtesy to those Consumers.
- Right to Correct. You have the right to request that we correct inaccurate Personal Information about you on our systems. If you become aware that the Personal Information that we hold about you is incorrect, or if your information changes, please inform us and we will update our records.
- Right to Deletion. You have the right to request that we delete the Personal Information that we collected and retained, with certain exceptions. We may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion.
- No Selling or Sharing Personal Information. Some states entitle Consumers to opt out of the sale or sharing of Personal Information or targeted advertising practices. We do not, and will not, sell the Personal Information we collect about you from your use of the Services or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. If our practices change, we will update this posting and provide you with opt-out methods.
- No Profiling. You have the right to opt out of automated profiling. We do not use your Personal Information to evaluate, analyze, or predict your interests and preferences or otherwise use automated profiling to produce significant effects that concern you. If this changes in the future, we will update this Privacy Notice and provide you with a method to opt out.
- Limited Use and Disclosure of Sensitive Personal Information. You may have the right to opt out of or limit our use of your sensitive Personal Information.We do not require you to provide any Sensitive Personal Information. If you choose to input Sensitive Personal Information, such as your union or other organizational memberships, we will only use this information to complete your user profile, to facilitate your choice to use certain features of the Services, or for our internal business purposes. We do not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Notice and provide you with methods to limit use and disclosure of Sensitive Personal Information.
- Right to Access. You have the right to request confirmation that we have collected Personal Information about you and that we provide you with access to that Personal Information. If you submit an access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that we may be prohibited by law from disclosing certain pieces of Personal Information, and we may be limited in the number or frequency of requests we must fulfill.
- Health Data Rights. The Services are designed to support healthcare professionals and Organizations. Some state laws entitle consumers to certain details about health data collected about them, including (a) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (b) a method to withdraw consent related to use of health data, and (c) the right to have their health data be deleted. Users should never submit protected health information or educational information unless instructed to by the User’s Organization. The Organization, and not HealthStream, is responsible for fulfilling consumer requests to exercise their rights related to health data.
- Right to Disclosure. You may request that we disclose information to you about our collection and use of your Personal Information, such as: (a) the categories of Personal Information we have collected about you; (b) the categories of sources for the Personal Information we have collected about you; (c) our business purpose for collecting, using, processing, sharing or selling that Personal Information, as applicable; (d) the categories of third parties with whom we share that Personal Information; and (e) if we sold or shared your Personal Information under the CCPA, two separate lists stating: (i) sales or sharing, identifying the Personal Information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your privacy rights. Unless permitted by law, we will not (a) deny you goods or services, (b) charge you different prices or rates for goods or services, (c) provide you with a different level or quality of goods or services, (d) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (e) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services because you exercised a privacy right.
- Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
Consumers may exercise these rights by submitting a Privacy Request as instructed above. Only you or someone legally authorized to act on your behalf may make a verifiable Privacy Request related to your Personal Information. You may designate a third party to exercise your rights – an authorized agent – however, we will require written proof of the authorization and potentially proof of your identity.
13. Canadian Privacy Rights
This section provides supplemental information to residents of Canada (“Canadian Consumers”) in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and applies solely to Canadian Consumers where PIPEDA applies. The following paragraphs describe PIPEDA rights and explain how to exercise those rights.
- Right to know why we collect, use and distribute the Personal Information we process. We have set the required notices in this Privacy Notice. We may provide you with additional notices about other ways we process your Personal Information, such as by sending you a notice via email or by other means of communication.
- Right to expect us to collect, use or disclose Personal Information responsibly and not for any other purpose other than which you consented. We set your expectations in this Privacy Notice and collect express or implied consent at various stages of collection or processing. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as needed. You may withdraw your consent at any time with reasonable notice by submitting a Privacy Request as instructed in Section 11 or by contacting us at support@nursegrid.com.
- Right to the accuracy of your Personal Information. We take steps to reasonably ensure that the Personal Information we are using is accurate. In most cases, we rely on you to ensure that your information is current, complete, and accurate. We provide methods for you to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
- Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used, and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfill the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal and outline further steps that are available to you.
Canadian Consumers may exercise these rights by submitting a Privacy Request as instructed above. Only you or someone legally authorized to act on your behalf may make a verifiable Privacy Request related to your Personal Information. You may designate a third party to exercise your rights – an authorized agent – however, we will require written proof of the authorization and potentially proof of your identity.
14. Data Security
HealthStream implements and maintains reasonable and appropriate technical, organizational, and physical security measures to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. HealthStream employees who handle user inquiries are informed of applicable privacy law requirements. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions are processed on a PCI-compliant third-party application. Our security measures are appropriate to the volume, scope, and nature of the Personal Information processed and designed to meet our duty of care with respect to your Personal Information.
Please note, however, that no transmission of data over the internet is 100% secure. We cannot guarantee that unauthorized third parties won’t defeat our security measures or use your Personal Information for improper purposes. It is your responsibility to keep your account secure from unauthorized access. We are not responsible for any lost, stolen, or compromised passwords, or any unauthorized activity on your account. We also have no control over any nursing employer or other third party’s security measures or practices, and we make no representations or guarantees that your Personal Information is secure once transmitted or stored on their systems.