NurseGrid Privacy Notice
Last Updated December 15, 2020
This is the privacy notice (“Privacy Notice
”) for the NurseGrid application (“NurseGrid
”) provided by HealthStream, Inc. along with its subsidiaries and affiliates (collectively, “HealthStream
” or “we
This Privacy Notice also provides information specific to residents of California.
If you do not agree with this Privacy Notice, do not use NurseGrid.
This Privacy Notice describes how we collect and treat information through your use of NurseGrid and your interactions with us as a NurseGrid user by any means, whether as a NurseGrid user or a Business Subscriber offering NurseGrid to your nursing staff. We encourage you to read this Privacy Notice carefully to understand how we collect and use your information in connection with NurseGrid. This Privacy Notice DOES NOT
apply to information collected while using a website or platform owned or operated by a third party, nor websites or other services offered by HealthStream. For information about HealthStream’s privacy practices related to our other services, please read the HealthStream Privacy Statement
As used in this Privacy Notice, “Personal Information
” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, such as:
- Identifiers (e.g., real name, alias, address, username, IP address, email address)
- Protected Information (e.g. race, citizenship, marital status, sex)
- Biometric information (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, olfactory, or similar information;
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
- Employment-related information (e.g. current or past employment);
- Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);
- Internet activity (e.g., interactions with a website, content, or advertisement);
- Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes; and
- Sensitive Personal Information (e.g. social security or government identification number; precise geolocation; racial or ethnic origin; religious beliefs; biometrics; health information; information related to sex life or sexual orientation; union membership; contents of mail, email or text messages when we are not the recipient).
Personal Information does not include (i) publicly available information (ii) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer.
Personal Information Collected
We only collect your Personal Information for NurseGrid (i) when applicable, with your consent, (ii) if you are a subscriber to our Business Premium Service, in our role as a service provider, (iii) if we have a legitimate interest in doing so, or (iv) as authorized or required by law. The types of Personal Information we collect about you and the manner of collection depends on how you interact with us. We only collect, use, retain and share Personal Information as reasonably necessary and proportionate to achieve our purposes, or for other purposes that we disclose to you and are compatible with the context of how we collected the Personal Information. NurseGrid will not collect additional categories of Personal Information or use your Personal Information for purposes that are incompatible with the purpose stated at the time of collection without first notifying you by updating this Privacy Notice or through other means.
During the preceding 12 months, we have collected these categories of Personal Information:
- Identifiers, retained for
- Employment-related information
- Biometric information
- Internet or other similar activity
- Commercial information
We collect Personal Information from these sources:
Retention of Personal Information.
- Directly from you when you sign up with NurseGrid, with your consent. To use NurseGrid, you must download the application and provide identifiers like your name, address, email, and telephone number, as well as a photo to create your NurseGrid profile. We will also collect employment information like your professional credentials, worksite, and department. We may also request various permissions from your device to access your calendar, camera, microphone, or other device applications. You will be given the choice to opt-in or opt-out of receiving push notifications on your device.
- Directly from you when you use NurseGrid’s features, with your consent. When you use certain NurseGrid features, we may prompt you to provide additional Personal Information to enable those features to function. For example, to use the credentials tracking feature, you must input your professional credentials and other employment information. To use the shift comparison or shift swap features you must enter your shift schedule, either manually, automated from your Business Subscriber, or synced from another app on your device. Your colleagues who use NurseGrid will be able to see your shift schedule. Any Personal Information you include in a private message will be visible to the message recipient, and possibly to others if the recipient shares or copies the message. If you post User Content to public areas of NurseGrid, those posts may be visible to, copied, or stored by other NurseGrid users. Your use of NurseGrid features is entirely optional, and any Personal Information you submit is provided by you voluntarily and with your consent. We use the information you submit to offer you an enhanced user experience, provide you with tailored content, and improve NurseGrid.
- If you have access to our SaaS Service, from your Business Subscriber in our role as a service provider. If a Business Subscriber provides you with NurseGrid, your Business Subscriber may provide us with your identifiers, employment information, and other Personal Information to create your NurseGrid profile and to automate shift swap requests and other features. Your shift schedule and shift swap requests will be shared with other NurseGrid users associated with your Business Subscriber, such as your colleagues and supervisors. We collect and use this information to fulfill our contractual obligations to your Business Subscriber in our role as a service provider. When acting as a service provider, we only collect and use Personal Information as permitted by our agreement with the Business Subscriber and at the direction of the Business Subscriber as governed by the Business Subscriber’s privacy notice, or as permitted or required by law.
- Directly from you when you communicate with us, with your consent. If you contact us by email, online form or other means to request information or support, we will collect your name and email address in order to respond to your inquiry. If you complete one of our surveys, report a problem or interact with our support team, we will collect any Personal Information you submit to us through those channels. If you use our SaaS Services, we may also collect your employment information to confirm your account details. We may keep records of our interactions with you. We collect this information with your consent, and we use it for the purposes stated at the time of collection.
- From other NurseGrid users and third parties, with a legitimate interest. If a current NurseGrid user inputs your email address into the “Invite Colleague” feature on NurseGrid or our website, we will use your email address to send you an invitation email from that NurseGrid user. You can unsubscribe from these emails at any time. In addition, analytics companies, advertisers, and other third parties may provide us with Personal Information about you that is publicly available or related to your internet or similar activities across different websites, apps and other online services. We collect and use this information for our legitimate interests of marketing NurseGrid and developing new features for our Services.
NurseGrid only retains Personal Information as necessary to provide you with the Services you request. For example, if you contact us for information or support, we will retain the information you provide for the necessary length of time to respond to your inquiry. We will retain your account information, such as your identifiers and employment information, as long as your account remains active. We regularly review and deidentify unnecessary Personal Information, and we periodically delete data associated with inactive accounts.
NurseGrid might use also your Personal Information to:
- Monitor your compliance with any of your agreements with
- Protect your privacy and enforce this Privacy Notice.
- If we believe it is necessary, to identify, contact or bring legal action against persons or entities who may be causing injury to you, to HealthStream, or to others.
- Comply with a law, regulation, legal process or court order.
- Fulfill any other purpose to which you consent.
NurseGrid is designed for users age 18 and older. We do not knowingly collect Personal Information from children under 18. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our systems. If you believe we might have any information collected online from a child under 18, or if you become aware of any unauthorized submission of information to us, please contact us at email@example.com
How We Disclose Your Personal Information
In the preceding 12 months, NurseGrid has disclosed the following categories of Personal Information for a business purpose:
- Employment-related information
- Internet or other similar activity
- Commercial information
NurseGrid may disclose Personal Information for a business purpose to the following recipients:
Aggregated and Deidentified Information.
- Business Subscribers. If you have access to our SaaS Service, we may disclose Personal Information collected from your use of certain NurseGrid features to your Business Subscriber in order to enable those features to function. For example, if you request a shift swap, your Business Subscriber will see your request so that your supervisor or other users can review and approve the request. NurseGrid is committed to keeping your private information private, even from your Business Subscriber. We will never share your private messages sent via NurseGrid with your Business Subscriber. NurseGrid is designed to only share private messages with the selected message recipient.
- Service Providers. NurseGrid’s service providers like data analyst companies, payment processors, and email and data hosting providers may have access to your Personal Information in order to perform their contractual obligations to us. Our service providers are subject to contractual agreements that protect your Personal Information, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. The type of information that we provide to a Service Provider will depend on the service that they provide to
- Affiliates. We disclose the information we collect from you to our affiliates or subsidiaries. If we do disclose your Personal Information to our affiliates or subsidiaries, their use and disclosure of your Personal Information will be subject to this Privacy Notice.
- Law enforcement or other government agencies as permitted or required by law.
- Cookie information recipients, subject to their respective privacy notices.
- Other Third Parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
We reserve the right to disclose aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for business development, marketing, advertising, research or other purposes, without restriction.
Limited Sensitive Personal Information.
NurseGrid does not require you to provide us with your Sensitive Personal Information. If you choose to input Sensitive Personal Information, such as your union or other organizational memberships, we will only use this information to complete your user profile, to facilitate your choice to use certain NurseGrid features, or for our internal business purposes. NurseGrid does not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Notice and provide you with methods to limit use and disclosure of Sensitive Personal Information.
No Sale or Sharing With Third Parties.
NurseGrid does not sell your Personal Information or share your Personal Information with third parties for cross-contextual advertising purposes. If this ever changes in the future, we will update this posting and provide you with methods to opt-out of such sale and sharing.
Your Privacy Rights
NurseGrid provides you mechanisms to exercise certain controls and choices regarding our collection, use and sharing of your Personal Information. Depending on where you reside, your options to control your Personal Information may include some or all of the following:
- Changing your registration or account information.
- Changing your preferences for how and about what we communicate with you.
- Correcting, accessing, or deleting the Personal Information we have collected about you.
- Choosing whether to receive marketing communications from us.
- Opting-out or limiting certain uses of your Personal Information.
- Controlling how the cookies we use interact with your device.
At any time, you may exercise any of these controls and choices, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information by contacting us via the customer dashboard or by email at firstname.lastname@example.org
Consumer Privacy Requests.
NurseGrid provides methods for you to directly access, edit, delete, or export certain Personal Information by logging into your NurseGrid account. If you delete your User Content, copies may remain viewable in cached and archived pages or might have been copied or stored by other NurseGrid users. We have no control and are not liable for access to or copies made of User Content prior to the date you delete it.
If you wish to exercise your rights beyond the methods available through your NurseGrid account, please submit a verifiable Consumer Privacy Request:
- using our online Consumer Privacy Request.
- by email at email@example.com
- toll free at 1-866-635-8151.
NurseGrid may only legally fulfill a Consumer Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request.
Note that if you subscribe to our Business Premium Service, then we process your Personal Information in our capacity as a service provider and cannot fulfill your request directly. In that case, we will relay your request to your Business Subscriber for further processing and fulfillment. Please contact your business subscriber if you have any questions.
We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so, such as requests that are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Read more about privacy rights available to residents of California.
When you create your NurseGrid profile, you will be asked whether you wish to opt-in or opt-out of receiving marketing communications from us. If you opt-in, we may send you emails, push notifications or in-app messages related to your NurseGrid activity, to inform you about NurseGrid features, or for direct marketing purposes. We will only send you these communications in ways that are compatible with your privacy choices.
Do Not Track.
Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed below.
California Privacy Rights
This section provides residents of the State of California (“California Consumers
”) with the disclosures and notices required under the California Consumer Privacy Act of 2018 (“CCPA
”). The following paragraphs apply solely to California Consumers and describe the specific rights afforded under the CCPA.
Employee Data Exception.
In many cases, the Personal Information we collect about you is in a business-to-business context when you are acting as an employee to a current or potential Business Subscriber in the performance of your job duties. Please note that Personal Information collected and used in this context is not protected Personal Information under the CCPA.
Without limiting the foregoing, California Consumers may exercise the following rights over their Personal Information, subject to our receipt of a verifiable Consumer Privacy Request, as well as any exceptions and limitations that may apply.
- Right to Disclosure. You have the right to request that we disclose information to you about our collection and use of your Personal Information, such as (i) the categories of Personal Information we have collected about you; (ii) the categories of sources for the Personal Information we have collected about you; (iii) our business or commercial purpose for collecting, selling or sharing your Personal Information; (iv) the categories of third parties with whom we disclose your Personal Information; and (v) a list of specific pieces of Personal Information we have collected about you. You also have the right to request that we disclose the categories of your Personal Information we have sold or shared and the categories of third parties to whom that Personal information was sold or shared, as well as the categories of Personal information disclosed for a business purpose and the categories of recipients of that information. NurseGrid is only required to respond to two disclosure requests within a 12-month period.
- Right to Access. You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that NurseGrid is prohibited by law from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. NurseGrid is only required by law to respond to two access requests within a 12-month period.
- Right to Correct. If you discover that we maintain inaccurate Personal Information about you, or if your Personal Information changes, please inform us and we will update our records to reflect the correct information.
- Right to Deletion. You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. NurseGrid may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete. Note that we can only delete your Personal Information entirely if we delete your NurseGrid account so you can no longer use NurseGrid.
- Right to Opt-Out of Selling or Sharing Personal Information. If a business sells or shares your Personal Information with third parties, you have the right to opt-out. NurseGrid does not sell or share your Personal Information with third parties. We only disclose your Personal Information in the limited circumstances described in this Privacy Notice. If this changes in the future, we will provide you with a method to opt-out of such selling and sharing.
- Right to Limit Use and Disclosure of Sensitive Personal Information. If a business uses or discloses your Sensitive Personal Information for the purpose of inferring characteristics about you, then you have the right to direct the business to limit the use and disclosure of such information to certain legally permissible purposes. NurseGrid does not use or disclose your Sensitive Personal Information to infer characteristics about you. If this changes in the future, we will provide a method for you to limit the use and disclosure of that information.
- Right to Nondiscrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
- Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
We endeavor to respond to a verifiable Consumer Privacy Request from a California Consumer within 45 days of receipt as instructed under Your Privacy Rights
. If we require more time, we will notify you in writing of the reason and extension period. We will deliver our written response by mail or electronically, at your option. If we cannot comply with part or all of your request, we will explain the reasons in our response.
Cookies are small text files downloaded and stored on your device (such as a computer or smartphone) when you visit a website or other platform. Cookies can be recognized by the website that downloaded them — or other websites that use the same cookies. This helps websites know if the browsing device has visited them before. Cookies are used to recognize your device and to store your preferences.
Cookies serve a variety of purposes, for example analyzing use of a website or platform, navigating between pages efficiently, remembering your preferences, and generally improving your browsing experience. Cookies are generally used for functionality, security, analytics, or advertising. Some cookies are strictly necessary to the function of the website or other platform, while others enable certain features.
Third parties that set cookies on NurseGrid may use tracking technologies to collect information about you when you use NurseGrid. The information they collect may be associated with your Personal Information, including your internet or similar activities across different online platforms. These third parties may use this information to provide you with interest-based (behavioral) advertising or other targeted content according to such third parties privacy policies. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
Cookies We Use.
The table below provides details about the cookies we use on NurseGrid. Note that the names of cookies and their use can change from time to time as necessary to ensure that NurseGrid functions as intended and, for third party cookies, as determined by the third-party cookie host.
Controlling Cookies and Other Tracking Technologies.
- Functionality cookies to improve user experience on NurseGrid and the Site. These cookies are provided by third parties, such as HubSpot Forms, Adobe Typekit, Google Fonts and Font Awesome. We use these cookies to display certain fonts on the user interface and to enable freeform typing, form submission, and to provide you with other functions.
- Analytics cookies to help us learn more about how you use NurseGrid and opportunities to improve. We use various cookie series from third parties like Google Analytics, HubSpot, Intercom, and Hotjar to track and analyze content use, web traffic, your sessions, and to generate heatmaps based on use of NurseGrid and the Site.
- We do not currently deploy any strictly necessary cookies or security
You may see a cookie consent notice on the Site or NurseGrid that lists the categories of cookies we use and provides the option to accept or reject different types of cookies. When you consent to cookies on our cookie consent banner, we may set cookies in correspondence with your selections. You may adjust your cookie selections at any time, and we will display the cookie consent notice to you periodically.
We implement reasonable and appropriate security procedures and practices to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. We maintain internal policies to govern the collection, processing, access, and handling of data. NurseGrid employees responsible for handling user inquiries are informed of applicable privacy law requirements. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions are processed on a PCI-compliant third-party application. Please note, however, that no transmission of data over the Internet or mobile platforms is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes. The information you share in public areas may be viewed by any NurseGrid user. We urge you to be careful about giving out Personal Information in public areas of NurseGrid.
When you sign up to use NurseGrid, you will have a login and password. We encourage you to take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your login and password private. We are not responsible for any lost, stolen, or compromised passwords, or for any activity on your profile via unauthorized activity.
Consent to Transfer Personal Information from Outside the United States.
NurseGrid is owned and operated by HealthStream in the United States and is intended for use by users living in the United States. We do not warrant that NurseGrid is appropriate or authorized for use in any other country. If you live outside of the United States, you are responsible for determining whether this Privacy Notice and NurseGrid comply with the laws that apply to you. If you use NurseGrid from outside of the United States, Personal Information we collect about you will be transferred to our servers in the United States and maintained there indefinitely. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction. By allowing us to collect Personal Information about you, you consent to the transfer and processing of your Personal Information as described in this paragraph.
Third Party Websites.
This Privacy Notice applies only to information collected by us when you use NurseGrid. We may provide links to third-party platforms for your convenience, but we have no ability to control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third-party platforms, including Business Subscribers’ platforms. Any access to and use of linked websites is not governed by this Privacy Notice, but instead is governed by the privacy notices of those platforms. HealthStream is not responsible for the privacy practices of any third party. We encourage you to review and understand the privacy notices of such websites before providing them with any information.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time. If we make material changes to how we treat your Personal Information, we will post the revised Privacy Notice on this page. Your continued use of NurseGrid after we make changes is deemed to be your acceptance of those changes. The date that this Privacy Notice was last revised is identified at the top of the page. You are responsible for periodically visiting this Privacy Notice to check for any changes.
If you have questions about our privacy practices or would like to make a complaint, please contact us at firstname.lastname@example.org
or toll free at 1-866-635-8151.