EFFECTIVE DATE: January 1, 2023

LAST UPDATED: December 30, 2022

Vizient, Inc., including its subsidiaries and affiliates (collectively, "Vizient," "we," "us," or "our") values your privacy. In this Privacy Policy ("Policy"), we describe how we collect, use, and disclose information that we obtain about visitors to our website https://www.Vizientinc.com (the "Site") and corporate offices as well as through our products and services (collectively, the "Services"). We also provide legal Terms of Use for our Site, which are located below in (Section 2).

1. Scope and Consent

By visiting the Site, you acknowledge that your personal information will be handled as described in this Policy. As used herein, "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.

2. Terms of Use

These Terms of Use ("Terms") apply to your use of the Site and Services provided by Vizient. By accessing or using our services, you agree to these Terms. If you do not agree to these Terms, including the mandatory arbitration and class action waiver in Section 2(F), do not access or use our Services.

We may make changes to our policies, content and all other aspects of the operation of the Site at any time without notice to you. We will post any changes to the Site from time to time, and therefore you should periodically review the Terms when accessing the Services.

A. Disclaimers

These web pages contain confidential and/or proprietary information and are provided "as is" and "as available." VIZIENT MAKES NO WARRANTY, EXPRESS OR IMPLIED, OF THE VALIDITY OF SERVICES OR ITS APPROPRIATENESS FOR USE IN ANY MANNER, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE OR NONINFRINGEMENT. BY ACCESSING THE SERVICES, YOU ASSUME THE ENTIRE RISK. VIZIENT DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS CONCERNING THE USE OF THESE DOCUMENTS OR THE ACCURACY, COMPLETENESS, RELIABILITY OR USEFULNESS OF ANY INFORMATION IN THEM. WHILE VIZIENT ATTEMPTS TO MAKE YOUR ACCESS TO AND USE OF OUR SERVICES SAFE, WE CANNOT AND DO NOT REPRESENT OR WARRANT THAT OUR SERVICES OR SERVERS ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.

Vizient neither warrants nor represents that your use of content on this Site will not infringe rights of third parties not affiliated with Vizient.

B. Information Not Legal Advice

This Site makes use of licensed stock photography that is intended for illustrative purposes only. The professional services depicted are not necessarily services provided by Vizient. The information contained in these web pages and in material referenced by these web pages, is intended for informational and educational purposes only, and does not constitute legal, financial, accounting, medical or other professional advice.

C. Limitation of Liability

The information herein should not be considered a substitute for your independent professional judgment or expert advice from a competent professional. Under no circumstances shall Vizient, its subsidiaries or affiliates, or any copyright holder, be liable for any actual, incidental, indirect, special, punitive, or consequential damages arising from or related to this Site or the Services, even if Vizient, or its subsidiaries or affiliates, have been advised of the possibility of such damages.

The Site and its content will be transmitted over a medium that may be beyond the control and jurisdiction of Vizient. Accordingly, Vizient assumes no liability for or relating to the delay, failure, interruption, or corruption of any information transmitted in connection with your use of the Site.

D. Limited License

All content on the Site (including, without limitation, text, design, graphics, logos, icons, images, audio clips, downloads, interfaces, code and software, as well as the selection and arrangement thereof, collectively "Vizient Content"), is the exclusive property of and owned by Vizient, its licensors or its content providers and is protected by copyright, trademark and other applicable laws. As a visitor to the Site, you are our guest. Vizient and its third-party content contributors grant you a limited, nonexclusive, nontransferable, non-sublicensable, revocable license to access the Vizient Content. You may copy, download and print the Vizient Content solely for your personal, non-commercial benefit, provided that you shall not modify or delete any copyright, trademark or other proprietary notice that appears on the Vizient Content. However, such license is subject to these Terms and does not include any right to modify, distribute, transmit, perform, broadcast, publish, upload, license, reverse engineer, transfer or sell the Vizient Content. Any use of our Vizient Content, other than as authorized herein, without our prior written permission, is strictly prohibited and will terminate the license granted herein. You agree to abide by all additional restrictions displayed on the Site as it may be updated from time to time.

Except as explicitly stated in these Terms, Vizient and our licensors reserve all rights, title, and interest in and to our Services and the Vizient Content. Vizient reserves the right to prohibit any person from using the Site for any reason, at its sole discretion.

E. Prohibited Uses

We reserve the right to deny access to you at any time if you engage in prohibited activity, such as posting copyright-protected content without approval from the author, unauthorized copying or use of information or functionality on the Site, attempting to obtain unauthorized access to restricted areas of the Site, using slanderous, profane or inappropriate language in communications involving or in the Website, or infecting the Website with computer viruses or other destructive functionality.

You may not use contact information provided on the Site for unauthorized purposes, including marketing. You may not use any hardware or software intended to damage or interfere with the proper working of the site or to surreptitiously intercept any system, data or personal information from the Site. You agree not to interrupt or attempt to interrupt the operation of the Site in any way. Vizient reserves the right, in its sole discretion, to limit or terminate Your access to or use of the site at any time without notice. Termination of your access or use will not waive or affect any other right or relief to which Vizient may be entitled at law or in equity. Any content found to be in violation of these Terms will be removed.

F. Dispute Resolution; Binding Arbitration

Please read the following section carefully because it requires you to arbitrate certain disputes and claims, including all privacy related claims, with Vizient and limits the manner in which you can seek relief from us, unless you opt out of arbitration by following the instructions set forth below. No class or representative actions or arbitrations are allowed under this arbitration provision. In addition, arbitration precludes you from suing in court or having a jury trial.

  1. No Representative Actions. To the fullest extent permitted by applicable law, you and Vizient agree that any dispute arising out of related these Terms, including claims related to privacy and data security, is personal to you and Vizient and that any dispute will be resolved solely through individual action, and will not be brought as a class arbitration, class action or any other type of representative proceeding.

  2. Arbitration Disputes. Except for small claims disputes in which you or Vizient seeks to bring an individual action in small claims court located in the county of your billing address or disputes in which you or Vizient seeks injunctive or other equitable relief for the alleged infringement or misappropriation of intellectual property, you and Vizient waive your rights to a jury trial and to have any other dispute arising out of or related to these Terms, including claims related to privacy and data security, (collectively, “Disputes”) resolved in court. Instead, for any Dispute that you have against Vizient you agree to first contact Vizient and attempt to resolve the claim informally by sending a written notice of your claim ("Notice") to Vizient by email at legalprivacynotice@vizientinc.com or by certified mail addressed to 290 E. John Carpenter Fwy, Irving, TX 75062. The Notice must (a) include your name, residence address, email address, and telephone number; (b) describe the nature and basis of the Dispute; and (c) set forth the specific relief sought. Our notice to you will be similar in form to that described above. If you and Vizient cannot reach an agreement to resolve the Dispute within thirty (30) days after such Notice is received, then either party may submit the Dispute to binding arbitration administered by JAMS or, under the limited circumstances set forth above, in court. All Disputes submitted to JAMS will be resolved through confidential, binding arbitration before one arbitrator. Arbitration proceedings will be held in Dallas Texas unless you are a consumer, in which case you may elect to hold the arbitration in your county of residence. For purposes of this Section 2(F), a “consumer” means a person using the Services for personal, family or household purposes. You and Vizient agree that Disputes will be held in accordance with the JAMS Streamlined Arbitration Rules and Procedures ("JAMS Rules"). The most recent version of the JAMS Rules are available on the JAMS website and are hereby incorporated by reference. You either acknowledge and agree that you have read and understand the JAMS Rules or waive your opportunity to read the JAMS Rules and waive any claim that the JAMS Rules are unfair or should not apply for any reason.

  3. You and Vizient agree that these Terms affect interstate commerce, and that the enforceability of this Section 2(F) will be substantively and procedurally governed by the Federal Arbitration Act, 9 U.S.C. § 1, et seq. (the "FAA"), to the maximum extent permitted by applicable law. As limited by the FAA, these Terms and the JAMS Rules, the arbitrator will have exclusive authority to make all procedural and substantive decisions regarding any Dispute and to grant any remedy that would otherwise be available in court, including the power to determine the question of arbitrability. The arbitrator may conduct only an individual arbitration and may not consolidate more than one individual’s claims, preside over any type of class or representative proceeding or preside over any proceeding involving more than one individual.

  4. The arbitration will allow for the discovery or exchange of non-privileged information relevant to the Dispute. The arbitrator, Vizient, and you will maintain the confidentiality of any arbitration proceedings, judgments and awards, including information gathered, prepared and presented for purposes of the arbitration or related to the Dispute(s) therein. The arbitrator will have the authority to make appropriate rulings to safeguard confidentiality, unless the law provides to the contrary. The duty of confidentiality does not apply to the extent that disclosure is necessary to prepare for or conduct the arbitration hearing on the merits, in connection with a court application for a preliminary remedy or in connection with a judicial challenge to an arbitration award or its enforcement, or to the extent that disclosure is otherwise required by law or judicial decision.

  5. You and Vizient agree that for any arbitration you initiate, you will pay the filing fee (up to a maximum of $250 if you are a consumer), and Vizient will pay the remaining JAMS fees and costs. For any arbitration initiated by Vizient, Vizient will pay all JAMS fees and costs. You and Vizient agree that the state or federal courts of the State of Texas and the United States sitting in Dallas, Texas have exclusive jurisdiction over any appeals and the enforcement of an arbitration award.

  6. Any Dispute must be filed within one year after the relevant claim arose; otherwise, the Dispute is permanently barred, which means that you and Vizient will not have the right to assert the claim.

  7. You have the right to opt out of binding arbitration within 30 days of the date you first accepted the terms of this Section 2(F) by contacting us at legalprivacynotice@vizientinc.com. In order to be effective, the opt-out notice must include your full name and address and clearly indicate your intent to opt out of binding arbitration. By opting out of binding arbitration, you are agreeing to resolve Disputes in accordance with Section 2(F).

  8. If any portion of this Section 2(F) is found to be unenforceable or unlawful for any reason, (a) the unenforceable or unlawful provision shall be severed from these Terms; (b) severance of the unenforceable or unlawful provision shall have no impact whatsoever on the remainder of this Section 2(F) or the parties’ ability to compel arbitration of any remaining claims on an individual basis pursuant to this Section 2(F); and (c) to the extent that any claims must therefore proceed on a class, collective, consolidated, or representative basis, such claims must be litigated in a civil court of competent jurisdiction and not in arbitration, and the parties agree that litigation of those claims shall be stayed pending the outcome of any individual claims in arbitration. Further, if any part of this Section 2(F) is found to prohibit an individual claim seeking public injunctive relief, that provision will have no effect to the extent such relief is allowed to be sought out of arbitration, and the remainder of this Section 2(F) will be enforceable.

G. Guidelines for Linking

If you wish to link to Vizient's Website, you must request permission to do so in writing, either by contacting us by e-mail at publicrelations@vizientinc.com or by U.S. mail at Vizient, Inc., 290 E. John Carpenter Freeway, Irving, Texas 75062, listing the URL of your site. Anyone linking to Vizient's Website must comply with these guidelines for linking to Vizient's Site and all applicable laws. A site that links to Vizient's Site:

  • May link to, but not replicate, Vizient content
  • Should not create a browser, border or frame environment around Vizient content
  • Should not imply that Vizient is endorsing it or its products
  • Should not misrepresent its relationship with Vizient
  • Should not present false information about Vizient products or services
  • Should not use the Vizient logo without written permission from Vizient
  • Should not contain content that could be construed as distasteful, offensive or controversial
  • Should contain only content that is appropriate for all age groups.

H. Member Contributed Content

Within the member-only area of vizientinc.com are many documents and discussions contributed by individuals within our member organizations. This content is for information sharing purposes only and should not be construed as clinically proven, endorsed, or recommended by Vizient or contributors. Posting of copyrighted materials, in whole or in part, is EXPRESSLY PROHIBITED without the prior written permission of the copyright holder and may subject the user and their employer to legal liability for copyright infringement, and a denial of further access to this Site. Users may post hypertext links to, or URLs for, copyrighted materials already on the Internet unless prohibited by the copyright holder or applicable law. Users may also refer to copyrighted materials by title and/or author or publisher but may not actually post the materials without prior written permission of the copyright holder. Site visitors agree to not disclose information in this Site to any third party, other than Vizient, Inc., its regional offices, subsidiaries and health care members. Site visitors agree to not submit information to this Site that is covered by the Health Insurance Portability and Accountability Act of 1996 as amended ("HIPAA"), such as patient identifiable information (i.e. "Protected Health Information").

The appearance of any information or materials on this Site does not constitute an endorsement or recommendation by Vizient or its affiliates or subsidiaries. This Site contains copyrighted materials and proprietary materials owned by either Vizient or third parties who have given their permission to post their materials to this Site. These materials are protected by the United States copyright laws and international treaty provisions and may be downloaded and/or printed for personal use only. Any posting of information, or any other use of information or materials on this Site, including, but not limited to, reproducing, copying, transmitting, or distributing, in whole or in part, is EXPRESSLY PROHIBITED without the prior written consent of the copyright holder. Information, comments, discussions, and materials on this Site may be discoverable in response to a valid request by a court of competent jurisdiction or governmental agency.

3. Vizient Data Practices and Consumer's Rights:

A. Information Practices: How We Collect, Use, Retain, and Disclose Personal Information

The information we collect through the Site, including all of its web pages, is controlled by Vizient, including its subsidiaries and wholly owned affiliates, which is headquartered in the United States at 290 E. John Carpenter Fwy, Irving, TX 75062.

California Consumers should see Sections 3.K and 3.L. for a detailed description of the information we collect, the business purposes for collection, and the categories of third parties with whom we may disclose, sell, or share your information as well as a description of your rights with regard to your personal information including your rights to know, access, delete, correct inaccuracies, opt-out of the sale or sharing, limit the use of sensitive personal information, and non-discrimination.

B. The Information We Collect About You

We collect information about you directly from you and from third parties, as well as automatically through your use of our Services.

C. Information We Collect Directly From You through the Site. The information we collect from you depends on how you use our Site. To request more information from us, you must provide us with identifiers or employment-related information such as your name, your job title and the name of the customer company you work for, your contact information, such as your business email and phone number, and your reason for contacting us.

D. Information We Collect Through Our Corporate Customer Relationships. In order to manage our customer relationships with our corporate customers, we collect identifiers and employment-related information about and from our corporate customers' employees and workforce. This information may include names, titles, business email addresses and phone numbers, work location, and information about an employee or workforce member’s role at the corporate customer (such as the department they work in, products or issues worked on, and other similar information). We use this information to administer our corporate customer contracts and to market our Services to corporate customers. When you/your employer are subscribed to one of our Services, listservs or community portals, we may collect information such as your name, email address, profession, and customer affiliation.

E. Information Collected and Used in Vizient Services. Vizient collects medical information, called "protected health information" under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), in Vizient's role as a business associate to health care providers. The protected health information is used to support Vizient customers’ health care operations and is received by Vizient in its capacity as a business associate to its members. The privacy of such data is governed by HIPAA rather than any state privacy law. Similarly, Vizient may collect other information that may be exempt from state privacy laws, such as information to help its corporate customers obtain insurance or reinsurance insurance benefits, and information known as Patient Safety Work Product, or PSWP which is governed by the Federal Patient Safety and Quality Improvement Act of 2008.

F. Collection of Employment Related Information. Vizient also collects identifiers and employment related information, about consumers that are health care practitioners ("practitioners") directly from our corporate health care customers as noted above or from third party providers of data, such as health care claims data aggregators, its vendors, and governmental sources, in order to provide Services to our customers in the health care industry. For practitioners, this information can include DEA numbers and National Practitioner Identifiers, in addition to the information noted above. In some cases, this information may be provided to Vizient’s customers. Vizient’s customers can include health care providers and health systems, data aggregators working in the health care industry, pharmaceutical manufacturers and general medical supply vendors. If the practitioner data in question is not otherwise subject to an exemption from state privacy laws such as the California Consumer Practice Act (“CCPA”) (e.g. as Protected Health Information under HIPAA), the transfer from Vizient to some customers can be considered a sale of personal information under the CCPA. California Consumers may review the chart showing Vizient’s practices in the past 12 months with respect to such personal information in Sections L.(i). and L.(ii). below.

G. Information We Collect Automatically. We automatically collect the following identifiers and internet or other electronic network activity information about your use of our Site through cookies, web beacons, and other technologies: your domain name; country of origin, your browser type and operating system; Vizient web pages you view; links you click on the Vizient website; your IP address; the length of time you visit our Site; and the referring URL or webpage that led you to our Site. We may combine this information with other information that we have collected about you, including, where applicable, your username, name, business email and other personal information. Please see the Our Use of Cookies and Other Tracking Mechanisms section below for more information.

H. How We Use Your Information

We use your information, including your personal information, for the following purposes:

  • To provide our Services, to communicate with you about your use of our Site or Services, to respond to your inquiries, and for other customer service purposes.
  • To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Site.
  • For marketing and promotional purposes. For example, we may use your information, such as your email address, to send you a welcome email, news, and newsletters when your organization subscribes to our programs, special offers, and promotions, or to otherwise contact you about products or information we think may interest you.
  • To better understand how users access and use our Site, both on an aggregated and individualized basis, in order to improve our Site and respond to user desires and preferences, and for other research and analytical purposes.
  • To administer surveys and questionnaires.
  • To administer our customer contracts. For example, we will use a customer's employee's contact information to send our invoices or to send out service communications.
  • To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal processes; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
  • To protect the safety, rights, property, or security of Vizient, our services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity that Vizient, in its sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; to conduct audits; and to enforce this Policy or our Terms of Use.

I. How We Share Your Information

We share your information, including personal information, as follows:

  • Affiliates. We may disclose the information we collect on the Site to our affiliates or subsidiaries for the purposes described in this Policy; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.
  • Other Providers. We may disclose the information we collect from you to third-party vendors, service providers, contractors or agents who perform functions on our behalf. We also may share information provided to us by our members to third parties as described in the charts in L.(i). and L.(ii). below.

J. We also may disclose information in the following circumstances.

  • Business Transfers. If we are or may be acquired by or merged with another company, if any of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company.
  • In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal processes, such as in response to a court order or a subpoena.
  • To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, or as evidence in litigation in which Vizient is involved.
  • Aggregate and De-Identified Information. We may share aggregate or de-identified information about users with third parties for marketing, advertising, research or similar purposes.

K. Children's Privacy

Our Site is not directed to children under the age of sixteen (16), nor do we market products or services to such children. We request that children (or a parent acting on a child's behalf) do not provide personally identifiable information through our Site. We do not knowingly collect, share, or sell Personal Information from children under sixteen (16) without parental consent. Nor do we sell or share the personal information of consumers if we have actual knowledge that the consumer is less than sixteen (16) years of age, unless the consumer, in the case of consumers at least thirteen (13) years of age and less than sixteen (16) years of age, or the consumer's parent or guardian, in the case of consumers who are less than thirteen (13) years of age, has affirmatively authorized the sale or sharing of the consumer's personal information.

L. Notices to and Rights of California Consumers

The following information is provided for the benefit of California Consumers, including Vizient job applicants, employees, directors, officers, and contractors who meet the definition of a Consumer under the CCPA/CPRA. Vizient collects, stores, processes, and retains the Personal Information of California Consumers in accordance with this Section L.

  1. Categories of Personal Information Vizient has Sold or Shared for a Business Purpose in the Last Twelve (12) Months

The following table summarizes (a) the categories of Personal Information/Sensitive Personal Information that Vizient collected, (b) the categories of sources from which Personal Information/Sensitive Personal Information was collected, (c) the business purpose for collection, (d) the categories of third parties with whom Vizient has shared or sold Personal Information/Sensitive Personal Information, and (e) the associated retention period for each category of Personal Information/Sensitive Personal Information for the preceding twelve (12) months. As reflected in this table, we may sell or share your Personal Information/Sensitive Personal Information with a variety of outside entities.

Please note, Vizient's ongoing collection, purposes for collection or use, sharing, selling, and retention of Personal Information/Sensitive Personal Information are performed in accordance with the disclosures in the table below.

Categories of Personal Information Collected Categories of Sources Commercial/Business Purpose for Collection Is the Personal Information Sold or Shared? Categories of Third Parties with Whom Vizient Sold or Shared PI

Identifiers

Examples: Full name, email address, phone number, account login, IP address

You; service providers; and other tracking technologies on our website

Processing or fulfilling transactions; debugging to identify and repair errors that impair existing intended functionality; providing internal analytic services; providing Customer services; protecting against malicious, deceptive, fraudulent or illegal activity

Yes

Service providers; payment processors; third parties that assume control over all or part of the business in connection with a merger, acquisition, bankruptcy, or similar event; affiliates, professional advisors; law enforcement authorities; those involved in legal proceedings, with consent.

 

Internet and other network activity

Example: Browsing activity

You, Your mobile devices and computers used to access our Site

Marketing, customer, or analytic services; enabling or effecting, directly or indirectly, a commercial transaction

Yes Vendors such as medical services providers, third-party marketers, cloud providers, and service providers in the online advertising industry.

Commercial Activity

Examples: Information about goods or services purchased, obtained, or considered

You, Your mobile device and computers used to access our site

Processing or fulfilling orders and transactions; marketing, customer or analytic services

Yes Vendors such as health care providers and systems, health care service providers, data aggregators, third-party marketers, cloud providers, service providers in the online advertising industry and other suppliers to the health care industry.

Professional or Employment-related Information

Examples: Job history, educational history

Applicants; corporate customers; and outside sources, such as credit bureaus. (e.g. National Practitioner Identifiers (NPIs), Drug Enforcement Administration (DEA) Numbers, office locations and addresses collected from our customers, governmental sources and health care claims aggregators

Process and evaluate applications for positions with Vizient; facilitate administrative purposes, such as payments to contractors, marketing, customer or analytic services; provide services for customers’ health care operations

Yes

Service providers, such as HR vendors or cloud providers

Social Security, Drivers License, State Identification Card, or Passport Number

Employment applications, resumes, HR documents, email, phone correspondence, documentation completed throughout the application and employment terms

Performing services on behalf of the business

No N/A

Account Login, in combination with the required security or access code, password, or credentials allowing access to an account

Vizient HR, Vizient IT Security

Performing services on behalf of the business, ensuring the security and integrity, undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Vizient, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Vizient

No N/A

Geolocation Data

Vizient IT Security

Performing services on behalf of the business, ensuring the security and integrity, undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Vizient, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Vizient

No N/A

Medical Information or Health Insurance Information

Vizient's employee health insurance plan documentation and associated forms, employee health applications

Performing services on behalf of the Vizient, or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, providing storage, or providing similar services. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

No N/A

Personal information collected and analyzed concerning a consumer's sex life or sexual orientation

Vizient's employee health insurance plan and associated forms, employee health applications

Performing services on behalf of the Vizient, or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, providing storage, or providing similar services. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

No N/A

Biometric Information

Examples: Image and video recording

Security systems, HR Documentation, IT Security

Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

No N/A

     ii. Categories of Personal Information Vizient has Sold or Shared for a Business Purpose in the Last Twelve (12) Months

The following table summarizes (a) the categories of Personal Information that Vizient collected, (b) the categories of sources from which Personal Information was collected, (c) the business purpose for collection, (d) the categories of third parties with whom Vizient has disclosed Personal Information, (e) the categories of third parties with whom Vizient discloses Personal Information, and (f) the associated retention period for each category of Personal Information over the preceding twelve (12) months. As reflected in this table, we may disclose your personal information to a variety of outside entities.

Please note, Vizient's ongoing collection, use, disclosure, and retention of Personal Information are performed in accordance with the disclosures in the table below.

Categories of Personal Information Collected Categories of Sources Commercial/Business Purpose for Collection Is the Personal Information Disclosed to third parties? Categories of Third Parties with Whom Vizient Disclosed PI Categories of Third Parties with Whom Vizient Discloses PI

Identifiers

Examples: Full name, email address, phone number, account login, IP address

You; service providers; and other tracking technologies on our website

Processing or fulfilling transactions; debugging to identify and repair errors that impair existing intended functionality; providing internal analytic services; providing Customer services; protecting against malicious, deceptive, fraudulent or illegal activity

Yes

Service providers; payment processors; third parties that assume control over all or part of the business in connection with a merger, acquisition, bankruptcy, or similar event; affiliates, professional advisors; law enforcement authorities; those involved in legal proceedings, with consent.

 

Service providers; payment processors; third parties that assume control over all or part of the business in connection with a merger, acquisition, bankruptcy, or similar event; affiliates, professional advisors; law enforcement authorities; those involved in legal proceedings, with consent.

 

Internet and other network activity

Example: Browsing activity

You, Your mobile devices and computers used to access our Site

Marketing, customer, or analytic services; enabling or effecting, directly or indirectly, a commercial transaction

Yes Vendors such as third-party marketers, cloud providers, and service providers in the online advertising industry. Vendors such as medical services providers, third-party marketers, cloud providers, and service providers in the online advertising industry.

Commercial Activity

Examples: Information about goods or services purchased, obtained, or considered

You, Your mobile device and computers used to access our site

Processing or fulfilling orders and transactions; marketing, customer or analytic services

Yes Vendors such as health care providers and systems, health care service providers, data aggregators, third-party marketers, cloud providers, service providers in the online advertising industry and other suppliers to the health care industry. Vendors such as health care providers and systems, health care service providers, data aggregators, third-party marketers, cloud providers, service providers in the online advertising industry and other suppliers to the health care industry.

Professional or Employment-related Information

Examples: Job history, educational history

Applicants; corporate customers; and outside sources, such as credit bureaus. (e.g. National Practitioner Identifiers (NPIs), Drug Enforcement Administration (DEA) Numbers, office locations and addresses collected from our customers, governmental sources and health care claims aggregators

Process and evaluate applications for positions with Vizient; facilitate administrative purposes, such as payments to contractors, marketing, customer or analytic services; provide services for customers’ health care operations

Yes

Service providers, such as HR vendors or cloud providers. As part of its Services, Personal information including professional and employment related information of practitioners is provided to customers in the health care industry, including health care providers and systems, data aggregators in the health care industry, pharmaceutical manufacturers and other suppliers to the health care industry. These third party transfers may be considered disclosures of data under the CCPA.

Service providers, such as HR vendors or cloud providers. As part of its Services, Personal information including professional and employment related information of practitioners is provided to customers in the health care industry, including health care providers and systems, data aggregators in the health care industry, pharmaceutical manufacturers and other suppliers to the health care industry. These third party transfers may be considered disclosures of data under the CCPA.

Social Security, Drivers License, State Identification Card, or Passport Number

Employment applications, resumes, HR documents, email, phone correspondence, documentation completed throughout the application and employment terms

Performing services on behalf of the business

Yes Service providers, such as HR vendors or cloud providers N/A

Account Login, in combination with the required security or access code, password, or credentials allowing access to an account

Vizient HR, Vizient IT Security

Performing services on behalf of the business, ensuring the security and integrity, undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Vizient, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Vizient

No N/A N/A

Geolocation Data

Vizient IT Security

Performing services on behalf of the business, ensuring the security and integrity, undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Vizient, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Vizient

No Service providers such as cloud providers, security auditors, or IT consultants N/A

Medical Information or Health Insurance Information

Vizient's employee health insurance plan documentation and associated forms, employee health applications

Performing services on behalf of the Vizient, or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, providing storage, or providing similar services. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

Yes Service providers such as medical providers, medical services providers, payment processors Service providers such as medical providers, medical services providers, payment processors

Personal information collected and analyzed concerning a consumer's sex life or sexual orientation

Vizient's employee health insurance plan and associated forms, employee health applications

Performing services on behalf of the Vizient, or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, providing storage, or providing similar services. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

Yes Service providers such as medical providers, medical services providers, payment processors Service providers such as medical providers, medical services providers, payment processors

Biometric Information

Examples: Image and video recording

Security systems, HR Documentation, IT Security

Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

Yes Service providers, such as HR vendors or cloud providers Service providers, such as HR vendors, security auditors, or cloud providers


     iii. Data Retention

Vizient retains each category of Personal Information for the time period required to fulfill the business purpose for which it was collected and to conduct the activities contemplated in this Privacy Policy, unless a different retention period is required by applicable law, or to otherwise fulfill a legal obligation or protect our legal rights. Our data retention policy is designed to retain data for as long as needed for us to comply with our contractual obligations, employment obligations, and other business purposes, including legal obligations to retain data. We may retain some information from closed accounts so that we can comply with law, prevent fraud, assist with investigations, resolve disputes, analyze or troubleshoot programs, enforce our Terms of Use, or take other actions permitted by law.

     iv. Sale of Personal Information.

Except as specified in this Section 3.L., for each of the Categories of Personal Information Collected above, we do not sell your Personal Information for money, but we and our business partners use tracking technologies to help us understand our customers and visitors use of the Services, enhance your online experience, and customize our offerings in ways that may be deemed a "sharing" or "sale" of personal information under the CCPA. This includes working with third parties, such as ad networks, which collect personal information via tracking technologies to serve personalized advertisements on and off our Services, provide us with data collection, reporting, and ad response measurement. To the extent we or our partners use such technologies on the Services, we offer an opt-out as discussed below.

     v. Consumer Rights.

If you are a California Consumer as defined by the CCPA and CPRA, you have the certain rights with regard to your personal information, including (a) the right to know what personal information we collect about you and access such information, (b) the right to know what personal information is sold or shared, and to whom, (c) the right to correct inaccurate personal information, (d) the right to delete your personal information, (e) the right to opt-out of the sale or sharing of your personal information, (f) the right to limit the use and disclosure of sensitive personal information, and (g) the right to no retaliation following opt-out or exercise of other rights.

To exercise these rights and choices, please follow the instructions below:

  • How to request the right to know: You may request to know the (i) categories of personal information we have collected about you; (ii) categories of sources from which your personal information is collected; (iii) business or commercial purpose for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we disclose personal information; (v) the specific pieces of personal information we have collected about you. Please note, this information is available in Sections 3.L.(i)-(ii) of this Privacy Policy. You may exercise your right to know twice in a 12-month period. To do so, please complete the online form by clicking here or calling 1-800-842-5146. The Right to Know Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request; for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
  • How to request access to your personal information: You may request access to your personal information twice in a 12-month period. You may request (i) the categories of personal information Vizient has collected about you; (ii) the categories of sources from which the personal information is collected; (iii) the business or commercial purpose for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom the business discloses personal information; (v) the specific pieces of personal information Vizient has collected about you. To do so, please complete the online form by clicking here or calling 1-800-842-5146. The Access Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request; for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
  • How to request the right to know what personal information is sold or shared and to whom: You may request to know the (i) the categories of personal information we have collected about you, (ii) the categories of personal information about you that we have sold or shared and the categories of third parties to whom your personal information was sold or shared, by category or categories of personal information for each category of third parties to whom the personal information was sold or shared, (iii) the categories of your personal information we have disclosed for a business purpose and the categories of persons to whom it was disclosed. To do so, please complete the online form by clicking here or calling 1-800-842-5146.
  • How to correct inaccurate Personal Information: You may request that Vizient correct inaccurate Personal Information we've collected about you. Vizient will use commercially reasonable efforts to correct the inaccurate Personal Information as directed by you, taking into account the nature of the personal information and the purposes of the processing of the personal information. To do so, please complete the online form by clicking here or calling 1-800-842-5146.
  • How to request deletion of your personal information: You may request that Vizient delete the personal information it has collected and/or maintained about you. To do so, please complete the online form by clicking here or calling 1-800-842-5146. Upon receipt of a verifiable consumer request to delete your personal information, except as otherwise permitted by law, we will delete your personal information from our records, notify any service providers or contractors to delete your personal information, and notify all third parties to whom we have sold or shared your personal information to delete your personal information unless it proves impossible or involves disproportionate effort. Note, we may retain certain personal information as permitted by law, such as to complete the transaction for which the personal information was collected, provide a requested good or service, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, comply with legal obligations or to enable solely internal uses that are reasonably aligned with your expectations or lawful within the context in which you provided the information.
  • How to opt-out of the sale or sharing of personal information: You, or a person authorized by you, have the right to opt-out of the sale or sharing of your personal information. At any time, you may direct Vizient not to sell or share your Personal Information. We also offer an opt-out from the use of cookies and other tracking technologies in connection with our Services, which may in some cases constitute the sale of your personal information under the CCPA/CPRA or other privacy laws. To do so, please complete the online form by clicking our Do Not Sell or Share My Personal Information link or calling 1-800-842-5146. For cookies, this will cause information to cease to be added to any cookies or other tracking technologies that have been set on our Services or block them entirely; for our other programs, Vizient will cease providing your personal information to third parties. Please note that, as to cookies, you will need to opt out again if you visit one of our Services from a different device or browser of if you clear your cookies.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right, at any time, to direct Vizient to limit the use of your sensitive personal information to those uses that (i) are necessary to perform the services or provide the goods as reasonably expected by an average consumer who requests those goods or services; (ii) help ensure security and integrity to the extent the use of your personal information is reasonably necessary and proportionate to that purpose; (iii) are short term, transient use, including, but not limited to, non-personalized advertising as a part of your current transaction with Vizient, provided that your personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside your then current interaction with Vizient; (iv) are necessary to perform services on behalf of Vizient, including maintaining or servicing accounts, providing customer service, processing and fulfilling orders and transactions, verify customer information, process payment, provide financing, provide analytic services, provide storage, or provide similar services on behalf of Vizient; or (v) are undertaken to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by Vizient, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by Vizient.
  • Right to Non-Discrimination: You have the right to be free from discrimination in product quality, goods or services if you choose to exercise your privacy rights under the CCPA or CPRA. Vizient will not deny you goods or services, charge different prices or rates for goods or services, or retaliate against an employee, applicant, or independent contractor as a result of exercising any rights described in this Privacy Policy. Notwithstanding the above, Vizient may charge you a different price or rate, may provide a different level of quality or goods, or may not be able to provide certain goods or services if your personal information is required for such goods or services and you elect not to provide such personal information.

     vi. Responses to Requests from California Consumers.

We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. We will request a copy of your identification with your California residency as well as request you to verify through an authentication e-mail. We may also require other authentication that is reasonable in light of the nature of the personal information requested.

Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your or your minor child's personal information. In order to designate an authorized agent to make a request on your behalf, you or your authorized agent must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. If you are submitting a request via an authorized agent, please direct your authorized agent to submit its attestation/power of attorney to Vizient using the email CCPACompliance@vizientinc.com. You must also verify your identity directly with us by providing a copy of your government issued identification.

Response Timing and Format: We will respond to a verified consumer request for personal information within 45 days of receipt. If we require more time (up to 90 days), we will notify you of the reason and extension period in writing. Disclosure of required information will be made in writing and delivered to you through your account with Vizient, if you maintain an account with Vizient, or by mail or electronically at your election, in a readily usable format that allows you to transmit the information from one entity to another without hindrance. The disclosure of the required information will cover the twelve (12) month period preceding Vizient’s receipt of your verified request provided that, you may request that Vizient disclose the required information beyond the twelve (12) month period and Vizient will provide that information unless doing so proves impossible or would involve disproportionate effort. Your right to request information beyond the twelve (12) month period shall only apply to personal information collected on or after January 1, 2022.

Do Not Track: Your browser may deliver a "Do-Not-Track ('DNT') signal" to this Site. We will honor a "Do-Not-Track" signal as a valid opt-out request.

M. Our Use of Cookies and Other Tracking Mechanisms

We and our third-party service providers may use cookies and other tracking mechanisms to track information about your use of our Site.

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser for record-keeping purposes. Some cookies allow us to understand aggregated activities at our Site.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

Service Provider Analytics. We use automated devices and applications, such as Google Analytics and Terminus, to evaluate usage of our Site. We also may use other analytic means to evaluate our Site. We use these tools to help us improve our Site, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services. To learn more about Google's and Terminus’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/ and Terminus Privacy Policy at https://terminus.com/privacy-policy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout. You can further manage your browser’s ability to accept cookies or remove persistent cookies by following directions provided in your internet browser’s "help" file. These entities may collect certain non-PII regarding your use of the Vizient website, such as IP addresses, browser types, domain names, internet-service provider(ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

4. Third-Party Links

Our Site may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

5. Security of Your Personal Information

We have implemented reasonable security measures to protect the information we collect from unauthorized access, exfiltration, theft, loss, misuse, disclosure, alteration, or destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

6. Additional Choices

Promotional Emails

We may send periodic promotional emails to you. You may opt-out of such promotional emails by following the opt-out instructions contained in the email. Please note that it may take up to 15 business days for us to process such opt-out requests. If you opt-out of receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.

7. Contact Us

If you have questions, comments, or concerns about the privacy aspects of our Site or if you have a disability and need access to this privacy/legal policy, please email us at legalprivacynotice@vizientinc.com or call us at 1-800-842-5146. If you are a California consumer exercising one of your rights under CCPA/CPRA, you may call us at 1-800-842-5146 or contact us at CCPACompliance@vizientinc.com.

8. Changes to this Policy and Terms of Use

This Policy and Terms of Use is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy or our Terms of Use on our Site.