Data Privacy Policy

Effective Date: January 1, 2022

Welcome to the Birmingham Surgery Center website, (the "Site"), where we provide general information and education about our surgical facilities, physician practices, ancillary services and other offerings (collectively, the "Services"). This Data Privacy Policy describes information that we receive from you when you interact with the Site and our Services, how we use and process the information that we receive, if and why Personal Information may be disclosed to third parties, and your choices regarding the collection and processing of your Personal Information.

Please note that this Data Privacy Policy does not apply to information collected through third-party websites or services that you may access through the Services.

PLEASE REVIEW THIS DATA PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection and processing of your information as described in this Data Privacy Policy. By using the Services, you accept the terms of this Data Privacy Policy and consent to our collection, use, disclosure, and retention of your information as described in this Data Privacy Policy.

IF YOU DO NOT AGREE WITH ANY PART OF THIS DATA PRIVACY POLICY, PLEASE DO NOT USE ANY OF THE SERVICES.

The Effective Date of this Data Privacy Policy is set forth at the top of this Policy. Whenever possible, we will provide you with advance written notice of any material changes to this Data Privacy Policy. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Data Privacy Policy. The amended Data Privacy Policy supersedes all previous versions.

Types of Information We Collect

We collect various kinds of information that you provide to us as well as information we obtain from your use of the Services. Some of the types of information that we collect include:

"Personal Information" means information associated with or used to identify or contact a specific person. Personal Information includes but is not limited to: (1) contact information (such as first and last name, e-mail address, telephone number, mailing address, and any other information supplied by you); (2) demographic data (such as zip code, gender, and age); and (3) certain Usage Data (defined below).

"Usage Data" means information about an individual's online activity that, by itself, does not identify the individual, such as:

  • technical information, time of visit, pages visited, time spent on each page, whether you are a new versus returning visitor, visitor frequency, browser type, service provider, operating system and webpages visited, referring/exit pages and date/time stamps, general geography and language;
  • information about what you’ve searched for and looked at while using the Site and Services;
  • metadata; and
  • "Location Data" which includes:
    • the location of the mobile device or computer used to access the Services derived from GPS or WiFi use; and
    • other information made available by a user or others that indicates the current or prior location of the user.

In addition, our third-party vendor, Google Analytics, collects IP address information in accordance its terms of service, which are available here.

Generally, we do not consider Usage Data as Personal Information because Usage Data by itself is de-identified so that it does not identify an individual. Personal Information and Usage Data may be linked together. Different types of Usage Information also may be linked together and, once linked, may identify an individual person. Some Usage Data may be Personal Information under applicable law.

We do not sell Personal Information.

How We Collect Information

Whether we collect certain types of information and how we process it depends on how you use and access the Services. Some information is collected automatically through use of cookies and similar data collection tools. We collect information about you in the following ways:

  • Use the Services. We collect Personal Information from you when you contact us for help or information, or otherwise voluntarily provide your Personal Information. We collect the information and content that you submit to us.
  • Connect with social media though the Services. The Services may offer you the ability to use Facebook or other social media services (collectively, "social media") in conjunction with certain Services. When you access the Services through your Facebook or other social media account, the Services may, depending on your privacy settings, have access to information that you have provided to the social media platform. We may use this information for the purposes described in this Data Privacy Policy or at the time the information was collected.
  • From Our Business Partners and Service Providers. Third parties that assist us with our business operations also collect information (including Personal Information and Usage Data) about you through the Services and share it with us. For example, our vendors collect and share information with us to help us detect and prevent fraud. We may combine the information we collect from you with information from other sources and use the information as described in this Data Privacy Policy.
  • Usage Data. We also automatically collect Usage Data when you interact with the Services.
  • From cookies and other data collection tools. We, along with the service providers that help us provide the Services, use small text files called "cookies," which are small computer files sent to or accessed from your web browser or your computer’s or tablet’s hard drive that contain information about your computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable, but may be linked to Personal Information that you provide to us through your interaction with the Services. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the "lifetime" of the cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.

Cookies help us improve the Services by tracking navigation and analyzing technical and navigational information about the Services.

We also use other cookies and other data collection tools (such as web beacons and server logs), which we collectively refer to as "data collection tools," to help improve your experience with the Services. For example, data collection tools help us remember users and make the Services more relevant to them. The Services also may use data collection tools to collect information from the device used to access the Services, such as operating system type, browser type, domain and other system settings, as well as the operating system used and the country and time zone in which the computer or device is located.

Web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to manage and delete cookies, visit www.allaboutcookies.org. Some web browsers (including some mobile web browsers) provide settings that allow a user to reject cookies or to alert a user when a cookie is placed on the user's computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.

How We Use Your Information

We may use the information we collect for any of the following purposes:

  • to provide the Site and inform you of Services;
  • to operate, improve and personalize the services we offer, and to give each user a more consistent and personalized experience when interacting with us;
  • for customer service, security, to detect fraud or illegal activities, or for archival and backup purposes in connection with the provision of the Services;
  • to communicate with users by phone and/or email address to the extent provided;
  • to better understand how users access and use the Site and Services, for the purposes of trying to improve the Site and Services and to respond to user preferences, including language and location customization, personalized help and instructions, or other responses to users’ usage of the Services;
  • to help us develop and improve our services;
  • to provide users with advertising and direct marketing that is more relevant to you;
  • to enforce applicable policies; and
  • to assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services.

How We Share and Disclose Your Information

We may share and disclose information as described at the time information is collected or as follows:

  • When you consent. We may share Personal Information with third parties if you have given us your consent to do so.
  • To our Affiliates. We may share Personal Information with our affiliates for our business purposes and to perform services requested or functions initiated by users.
  • To perform Services. We may disclose Personal Information to third parties in order to perform services requested or functions initiated by users, such as payment. In addition, we may disclose Personal Information in order to identify a user in connection with communications sent through the Services.
  • With third party service providers performing services on our behalf. We share information, including Personal Information, with our service providers to perform the functions for which we engage them (such as hosting and data analyses). We may share information as needed to operate other related services. Specifically, but without limitation, we share Personal Information with Google Analytics in accordance with and subject to its Terms of Service, available here.
  • For legal purposes. We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance, and corporate governance functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain.
  • In aggregated form. We may share Personal Information about you in an aggregated form—that is, in a statistical or summary form that does not include any personal identifiers—with third parties in order to discover and reveal trends about how users like you interact with our Services.
  • During corporate changes. We may transfer information, including your Personal Information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify users before your information is transferred or becomes subject to a different privacy policy.

Information Storage and Security

We retain information as long as it is necessary and relevant for our operations. We also retain Personal Information from closed accounts to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and other actions permitted by law. After Personal Information is no longer relevant to our operations or the uses described above, we dispose of it according to applicable data retention and deletion policies.

We employ industry-standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of any of our Site.

In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Links to Third Party Services

The Services may contain links to third-party websites and services ("Third Party Services") with which we have no affiliation. A link to any Third Party Service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Service, you are subject to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all other digital services that you visit.

Disclaimer: Not Child-Directed

The Services and the Site are not intended for use by children. If you are under the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent's verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and subsequently we will delete that information.

California Privacy Rights - Marketing Information

California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests in connection with marketing may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to datasecurity@surgerypartners.com.

If you have any questions about this Data Privacy Policy, please contact us at datasecurity@surgerypartners.com or by mail at the following address:

340 Seven Springs Way, Suite 600

Brentwood, TN 37027

Rights of California Residents to Personal Information

If you are a resident of California, you have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request (see How to Make a Request, below), we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business or commercial purpose for collecting that Personal Information.
  • The categories of third parties with whom we share that Personal Information.
  • The specific pieces of Personal Information we collected about you (also called a data portability request).
  • If we disclosed your Personal Information for a business purpose, a separate list identifying the Personal Information categories that each category of recipient obtained.

a. Deletion Request Rights

You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, unless an exception applies, we will delete (and direct our service providers to delete) your Personal Information from our records.

b. How to Make a Request

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at datasecurity@surgerypartners.com or mailing us at the following address:

340 Seven Springs Way, Suite 600

Brentwood TN 37027

Attn: Data Security Officer

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. We may require proof from the agent that you have provided the authorized agent written permission to do so, and we may require that you verify your own identity directly with us. If you have provided the agent with power of attorney, that may be sufficient.

You may only make a verifiable consumer request for access or data portability twice within a twelve (12) month period.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. We verify requests by matching information you provide to information that we maintain in our records. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

We will not discriminate against you because you have exercised any of the rights described herein.

c. Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, up to an additional forty-five (45) days, we will inform you of the reason and extension period in writing.

We will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.