BerkOne is a privacy conscious organization and is committed to your right to privacy and safeguarding the privacy of visitors to our website and users of our services. We recognize that consumer information is valuable, and we take reasonable measures to protect your information while it is in our care.
This Privacy Notice explains how BerkOne handles and protects information provided to us by our clients, customers and prospective customers. It also explains the rights of individuals to their information under certain US and foreign laws.
Our Privacy Notice is the complete agreement between you, as an individual, and BerkOne with respect to our use of your information. You agree to the most recent version of our Privacy Notice by using our website(s) or portals(s). We encourage you to read this Privacy Notice each time you visit our website. BerkOne may change this Privacy Notice any time and for any reason. The current version supersedes all prior versions.
You may be subject to additional Terms of Service that may apply when you access particular materials in this website, follow a link from this website or use a BerkOne service.
Throughout this statement, “we”, “us” and “our” refers to BerkOne, Inc.
The remainder of this Privacy Notice is arranged as follows:
- Section 1: How information is provided to BerkOne
- Section 2: What kind of information is provided to BerkOne
- Section 3: How BerkOne handles information
- Section 4: Children Under 16
- Section 5: Contacting BerkOne
- Section 6: Privacy Regulations
Section 1: How information is provided to BerkOne
BerkOne provides business services to entities of all types: for-profit companies across all industries; governments and their agencies, departments and bureaus; school districts; and non-profit organizations. We define these entities as BerkOne’s “clients”. Consequently, BerkOne is primarily considered a business-to-business (“B2B”) / business-to-government (“B2G”) company. As a B2B / B2G company, BerkOne provides services to our clients and does not directly communicate with our client’s customers. Direct contact between our clients and their individual customers is solely and completely managed by BerkOne’s client organizations.
BerkOne is provided information in four ways:
- BerkOne’s clients provide information regarding their customers, suppliers, vendors or other stakeholders. BerkOne’s clients are companies, governmental units, school districts, non-profits or similar organizations. BerkOne provides our clients with specific agreed to services.
- Individuals representing our clients and individual customers may access BerkOne’s website(s) or portal(s) in the course of receiving services and may choose to provide personally identifiable information (“PII”) (defined in Section 2), organizational information or information regarding stakeholders.
- Visitors to our website may choose to voluntarily provide PII in order to request more information regarding BerkOne’s products and services.
- BerkOne may acquire information from third parties to assist BerkOne in sales, marketing, promotional, analytical or other activities.
Section 2: What kind of information is provided to BerkOne
BerkOne may receive the following types of information in a variety of formats, both electronically and via paper:
- Personally Identifiable Information (“PII”) which is information that may uniquely identify a single individual, including information defined in the California Consumer Protection Act of 2018 (“CCPA”) as personal consumer information.
- Protected Health Information (“PHI”) which is health or medical information that pertains to an individual.
- Payment Card Information (“PCI”) which is cardholder information.
Section 3: How BerkOne handles information
BerkOne adheres to high standards of integrity in the performance of our business services. We continually take steps to ensure that our software, networks, policies, and procedures comply with the applicable legal and regulatory requirements. BerkOne has established administrative, physical, and technical safeguards to reasonably protect the confidentiality, integrity, and availability of consumers’ personally identifiable information PII that is created, received, maintained, or transmitted on behalf of BerkOne or our clients, including:
- When information is provided to BerkOne, we use it only for the purposes for which it was provided.
- BerkOne prohibits the sale or unauthorized distribution of personally identifiable information to third parties, unless explicitly authorized by that person.
- We process information in accordance with our Information Security Policy which is reviewed and updated annually.
- An external auditing firm performs an annual SSAE18 Audit Type II “Report on Controls at a Service Organization Relevant to Security, Availability, and Processing Integrity”, commonly referred to as a SOC2 Report. BerkOne has been certified as SOC2 compliant since 2012. Prior to SOC2, BerkOne was certified compliant with the previous standard – SAS070 – since 2002.
- An external security firm performs an annual external penetration test to assess our cyber-security controls.
In the course of providing services to BerkOne’s clients: Our clients may provide records containing personal consumer information to BerkOne. Once BerkOne receives the records containing personal consumer information provided by our clients, our usage is directed exclusively by our clients and governed by our information security policies. We would only contact you if directed by our client. Any request for “no further contact” from BerkOne or our client should be sent to BerkOne’s client who would, in turn, communicate to BerkOne concerning the client’s directives. Note: “Records” means any material, regardless of the physical form, on which information is recorded or preserved by any means, including in written or spoken words, graphically depicted, printed, or electromagnetically transmitted. “Records” does not include publicly available directories containing information an individual has voluntarily consented to have publicly disseminated or listed, such as name, address, or telephone number.
For marketing purposes: BerkOne may receive or acquire personal identifiable information of B2B / B2G contacts solely for marketing purposes, which may take the form of direct mail, email, telephone or other communication. To request no further communication from BerkOne, a contact may submit a website contact form or reply to an email with an unsubscribe notice. See Section 5.
BerkOne will comply with requests for information required by law.
If your communication requests a response from BerkOne, we will send you a response via e-mail.
Section 4: Children Under 16
BerkOne cares about protecting the online privacy of children. We will not intentionally collect any personal information, such as a child’s name or email address, from or about children under the age of 16. If you believe that BerkOne has collected personal information from or about a child under the age of 16, please contact us. See Section 5.
Section 5: Contacting BerkOne
Section 6: Privacy Regulations
BerkOne is subject to privacy regulations, such as HIPAA and CCPA.
The U.S. Department of Health and Human Services (“HHS”) issued the Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) to implement requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Organizations subject to the Privacy Rule — called “covered entities” must follow the Privacy Rule standards regarding the use and disclosure of individuals’ health information—called “protected health information” (“PHI”). BerkOne is considered a covered entity, because we have entered into a HIPAA Business Associate Agreement with certain clients and handle PHI on their behalf. For more information on HIPAA, please visit this Health and Human Services website.
The California Consumer Privacy Act (“CCPA”) applies to anyone who is a California resident according to California tax law. If CCPA applies to you, BerkOne provides additional information about our compliance with CCPA at this link: Privacy Notice For California Residents.