A doctor and a nurse meeting with a lawyer

Privacy Policy

Table of Contents

  1. What Personal Information do We Collect?

  2. How do We Collect Personal Information?

  3. How We Use the Information We Collect

  4. How We Disclose Information

  5. Children

  6. Third-Party Links

  7. Do Not Track

  8. Patient Information

  9. Data Security and Retention

  10. Nevada Residents

  11. California Residents

  12. Colorado, Connecticut, Virginia and Utah Residents

  13. EU Residents

  14. Representative for data subjects in the EU and UK – Data Subject Requests

  15. Notification of Changes

  16. Compliance, Questions and Concerns

Effective Date: May 9, 2023

This policy explains how NextGen Healthcare, Inc. (“NextGen”, “we”, “us” or “our”) treat personal information we collect, including personal information collected through our various company websites, including but not limited to www.nextgen.com (collectively, the “Company Site”).

Please note that this Privacy Policy does not apply to personal information collected and processed about NextGen employees, job applicants or independent contractors. If you are a NextGen employee, job applicant or independent contractor, please contact NextGen at hrdept@nextgen.com to obtain our privacy practices pertaining to you.

We use the Company Site to make information, products and services available to you. The term “personal information” means information that you provide to us which identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you, such as your name, phone number, email address, and any other data that is tied to such information.

  1. What Personal Information do We Collect?

    We collect the personal information when you use our Company Site or obtain information, products and services from us. This may include your name, address, email address, phone number, organization name, specialty, the number of providers in your organization, and any other information you provide to us when you contact us. If you or your organization purchases a product or service from us, creates an account with us, or are an end user of our products and services, we may also collect username and password, ICD codes, social security numbers, DEA registration numbers and medical account identifiers. For payment purposes, we may collect credit card number, security code, expiration date, shipping address and billing address.

    No one is required to provide any information to us at any time. However, if you do not provide us with the information we request, we may be unable to provide you with the information, products or services you have asked for. In other cases, your decision not to provide us with information may preclude your access to certain features and functions of our products and services we offer.

  2. How do We Collect Personal Information?

    1. Information You Give us

      We obtain personal information in a number of ways. For example, we obtain personal information when you provide it to us through the Company Site by using forms such as our “Contact us” form that seek information including your interests and concerns, preferences for products and services, or contact information. We also collect information through email and other communications, and in other routine operations in the ordinary course of our business.

    2. Information We Collect From Other Sources

      If an organization you are affiliated with purchases our Products and Services, we may obtain personal information about you for account creation and maintenance purposes, such as name, email, username, and password. From time to time we may obtain business contact information you make publicly available, including from third parties, for our marketing purposes.

    3. Information We Collect Automatically

      We, and certain third party analytics and digital advertising vendors we engage, may also collect information automatically as you use the Company Site and our products and services through the use of common data gathering technologies, such as cookies. Cookies and other technologies collect certain information about the web browsers and devices of users of the Company Site and our products and services, such as IP addresses, access times, and what web pages they visit.

      We use cookies and other data collection tools to operate and improve the Company Site and our products and services, for technical troubleshooting, to better understand how the Company Site and our products and services are used, to personalize your visit to the Company Site and use of our products and services, and to display advertisements to you. For more information on the types of cookies we use and to manage your cookie preferences, please visit our cookie preference tool here.

      We use Google Analytics™ web analytics services on some Company Site. Google Analytics is a service provided by Google LLC (“Google”). To opt-out of Google Analytics’ use of your information, please use Google Analytics’ opt-out browser add on designed for this purpose at https://tools.google.com/dlpage/gaoptout.

      On some Company Site and products or services we may use Mixpanel provided by Mixpanel Inc. To opt-out of Mixpanel’s use of your information, please visit Mixpanel’s opt-out page: https://mixpanel.com/optout/. For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel: https://mixpanel.com/terms/

  3. How We Use the Information We Collect

    We use the information we obtain to:

    • Provide and improve the Company Site

    • Provide our products and services and information resources;

    • Develop new and updated products, services and information resources;

    • Administer, protect and manage the Company Site, our products, services and information resources

    • Provide customer service;

    • Communicate with individuals concerning our products and services, including marketing and promotional communications and, where applicable, fulfillment of promotional offers;

    • Enable you to log in to your account to use and access the sections of the Company Site reserved for customer use;

    • Process orders and payment;

    • Investigate, enforce, and apply our contractual terms;

    • Protect against and prevent fraud and other criminal activity, claims and other liabilities;

    • Comply with and enforce applicable legal requirements, relevant industry standards and policies; and

    • Fulfill other purposes we disclose to you when we collect your personal information.

    We may use information we collect to create aggregated data sets that are not identifiable to an individual. We may use and disclose this aggregated data for a variety of development, promotional, communications, and other business purposes.

  4. How We Disclose Information

    We may disclose information we obtain to our third party vendors who provide us with services to assist us in providing, developing, promoting, marketing and supporting our products, services and information resources and in running our day to day business activities. For example, we use third party vendors to provide infrastructure hosting, software, and payment processing services. We enter into contracts with our third party vendors that limit how they may use and disclosure of the information to the purposes for which we disclosed it to them.

    We may also disclose information as we believe necessary to:

    • Comply with applicable law and regulations, which may include disclosures made in response to any subpoena, document request, or other legal request seeking the disclosure of information that appears to have been lawfully issued;

    • Perform under and enforce the terms and conditions under which our products and services are provided;

    • Protect our rights, reputation, and property, or that of our users, affiliates, or the public or to pursue available remedies or limit damages we may sustain;

    • Support our auditing, compliance and corporate governance functions; and

    • Transfer or assign the information that we have collected from users in connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy, including in any diligence process related to such a transaction.

  5. Children

    The Company Site and our products and services are not directed to or designed to be used by children. We do not knowingly collect personal information online from children under the age of thirteen (13).

  6. Third-Party Links

    The Company Site may contain links to third-party sites to provide additional, value-added services. Except as set forth herein, we do not share Your personal information with those third parties, and are not responsible for their privacy practices. We therefore have no responsibility or liability for the content and activities of these linked sites. We suggest you read the privacy policies on all such third-party sites.

  7. Do Not Track

    The Company Site does not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us.

  8. Patient Information

    We do not request any patient information through the general Company Site, such as www.nextgen.com. Certain web-based services provided by us, such as NextGen Patient Portal, NextGen Health Quality Measures, NextGen Health Information Exchange and NextGen RCMS and certain support operations involve access to, and the processing of, patient information. This information is provided to us lawfully by: (i) medical professionals who have obtained their patients’ consent to provide us with their patient information or (ii) by the patient themselves (or, if the patient is a minor, through their parent or guardian).

    Such information may be considered Protected Health Information (“PHI”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”). Such information may also be regulated by certain state laws. We process PHI on behalf of our healthcare provider customers and subject to contractual agreements with such customers, including business associate agreements. This Privacy Policy does not apply to our use and disclosure of PHI. If you have any questions or concerns regarding PHI you believe may be processed by our products and services, please contact the health care provider customer with whom you have a relationship directly.

  9. Data Security and Retention

    We use reasonably and appropriate security measures designed to protect the personal information we obtain from unauthorized alteration, loss, disclosure, or use, including technological, physical and administrative controls over access to the systems we use to provide the Company Site and our products and services.

    However, please note that the security of information transmitted through the Internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data. Users of the Company Site are responsible for maintaining the security of any username, password or other form of authentication involved in obtaining access to password protected or secure areas of any of the

    Company Site. In order to protect us, you and your information, we may suspend your use of the Company Site, without notice if any breach of security is suspected.

    We will retain the personal information we obtain for a period sufficient to provide the products and services that our customers request or as otherwise necessary to fulfill the purpose for which such information was collected and as necessary to comply with our legal obligations.

  10. Nevada Residents

    Under Nevada law, we do not sell your personal information. However, if you are a Nevada resident, you may submit a request that we not sell any personal information we have collected about you by contacting us as set forth below.

  11. California Residents

    The California Privacy Rights Act of 2020 (“CPRA”) provides California residents with specific rights regarding their personal information. This section describes those rights, how to exercise them, and provides additional information about the categories of personal information we collect, use, retain, disclose, sell, and share. Please note that PHI is not subject to the CPRA.

    Consumer Rights

    Right to Know. You have the right to request that we disclose what personal information we collect, use, disclose, sell or share. Specifically, you may request that we disclose to you the following:

    • The categories of personal information we have collected about you.

    • The categories of sources from which the personal information is collected.

    • The business or commercial purpose for collecting, selling or sharing personal information.

    • The categories of third parties with whom we disclose personal information.

    • The specific pieces of personal information we have collected about you.

    You may also request that we disclose to you:

    • The categories of personal information that we have sold or shared about you and the categories of third parties to whom the personal information was sold or shared, by category or categories of personal information for each third party to whom the personal information was sold or shared.

    • The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom it was disclosed for a business purpose.

    Right to Request Deletion. You have the right to request that we delete any personal information about you which we have collected from you. If it is necessary for us to maintain your personal information for certain purposes, we are not required to comply with your deletion request. If we determine that we will not delete your personal information when you request us to do so, we will inform you and tell you why we are not deleting it.

    Right to Opt-Out of Sale or Sharing of Personal Information. We do not sell your personal information for monetary consideration. However, as discussed in the section entitled “The Information We Obtain” above, we do use third-party cookies for website analytics and targeted advertising purposes. The collection of data through third-party cookies for our analytics purposes may be considered a “sale” and the collection of data through third-party cookies for targeting advertising purposes may be considered a “sharing” under the CPRA. To opt-out of having your information sold or shared with third-party website analytics and digital advertising service providers for this purpose, please visit our “Opt-Out” web page. To update your communication preferences, please visit our Preference Center here.

    Right to Correct Inaccurate Personal Information. You have the right to request that we correct inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.

    Right to Limit use and Disclosure of Sensitive Personal Information. You have the right to direct us to limit our use of your sensitive personal information (1) to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services; (2) for certain business purposes; and (3) as authorized by the implementing regulations of the CPRA. We do not use or disclose your sensitive personal information for purposes other than the aforementioned purposes.

    No Discrimination. You have the right not to be discriminated against because you exercised any of your aforementioned rights.

    How to Submit a Request

    To exercise the rights described above, you must submit a verifiable request to us. You can do so by calling us at 1-844-664-6941 or by visiting our data subject access request link here.

    If you maintain an online account with us, we will verify your identity for a request through the normal account authentication process, meaning you will need to sign on with your username and password.

    To submit a verifiable request, you will be asked to provide certain information to help us verify your identity. The information we ask you to provide to initiate a request may differ depending upon the type of request, the type, sensitivity and value of the personal information that is the subject of the request, and the risk of harm to you that may occur as a result of unauthorized access or deletion, among other factors.

    You may make a verifiable request on behalf of your minor child. You may also designate an authorized agent to make a request on your behalf by providing the agent with signed written permission to do so.

    If we cannot verify your identity or authority to make the request, we will not be able to comply with your request. We will inform you if we cannot verify your identity or authority. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.

    How we collect, use, disclose, sell and share personal information of Consumers

    We have collected the following categories of personal information and used, disclosed, sold or shared such information in the twelve (12) months prior to the effective date of this Privacy Policy.

    Category

    Disclosed for a Business or Commercial Purpose?

    Categories of Third Parties to Whom the Information was Disclosed

    Sold or Shared?

    Categories of Third Parties to Whom the Information was Sold or Shared

    Purpose(s) for Selling or Sharing

    Identifiers, including but not limited to name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security Number, medical account identifier or other similar identifiers

    Yes

    Customers, other authorized users, vendors that require the data in order to perform the functions for which we engage them, including payment processors and technology vendors.

    Affiliates, subsidiaries or other internal parties and service providers as needed to support our external auditing, compliance and corporate governance functions.

    Governmental / regulatory agencies, law enforcement and parties to court proceedings as necessary to: (a) comply with applicable law and regulations, or respond to subpoenas and other valid legal requests; (b) enforce the terms and conditions under which our products and services are provided; (c) exercise our legal rights and protect our assets; (d) protect our rights, reputation, and property, or that of our users, affiliates, or the public or to pursue available remedies or limit damages we may sustain.

    Buyers in connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

    No

    N/A

    N/A

    Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), including but not limited to name, address, telephone number social insurance number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information

    Yes

    No

    N/A

    N/A

    Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an Internet website, application, or advertisement

    Yes

    Yes

    Third-party website analytics and digital advertising service providers.

    To operate and improve the Company Site

    To investigate, enforce, and apply our Terms and Conditions and this Privacy Policy

    To analyze use of the Company Site

    To provide general statistics regarding use of the Company Site

    To personalize your visit to the Company Site

    To otherwise manage and enhance the Company Site and other aspects of our business

    To measure the effectiveness of our advertisements and to control and limit the frequency of advertisements and other information being displayed to you

    For technical troubleshooting

    To protect against and prevent fraud and other criminal activity, claims and other liabilities

    To comply with and enforce applicable legal requirements, relevant industry standards and policies

    Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

    Yes

    No

    N/A

    N/A

    Geolocation data, general

    Yes

    No

    N/A

    N/A

    Audio, electronic, visual, or similar information

    Yes

    No

    N/A

    N/A

    Professional or employment-related information

    Yes

    No

    N/A

    N/A

    We have collected the following categories of sensitive personal information and used, disclosed, sold or shared such information in the twelve (12) months prior to the effective date of this Privacy Policy.

    Category

    Disclosed for a Business or Commercial Purpose?

    Categories of Third Parties to Whom the Information was Disclosed

    Sold or Shared?

    Categories of Third Parties to Whom the Information was Sold or Shared

    Purpose(s) for Selling or Sharing

    Personal information that reveals social security number, driver’s license, state identification card

    Yes

    Customers, other authorized users, vendors that require the data in order to perform the functions for which we engage them, including payment processors and technology vendors.

    Affiliates, subsidiaries or other internal parties and service providers as needed to support our external auditing, compliance and corporate governance functions.

    Governmental / regulatory agencies, law enforcement and parties to court proceedings as necessary to: (a) comply with applicable law and regulations, or respond to subpoenas and other valid legal requests; (b) enforce the terms and conditions under which our products and services are provided; (c) exercise our legal rights and protect our assets; (d) protect our rights, reputation, and property, or that of our users, affiliates, or the public or to pursue available remedies or limit damages we may sustain.

    Buyers in connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

    No

    N/A

    N/A

    Personal information that reveals account log-in in combination with any required password allowing access to an account

    Yes

    No

    N/A

    N/A

    We collect the personal information, including sensitive personal information, described above from or through the following categories of sources:

    • From you directly and indirectly, including but not limited to when you complete forms posted on or linked to the Company Site that seek information including your interests and concerns, preferences for products and services or contact information, or when you request information, products or services from us; and

    • From service providers, including those that provide analytics services to help us understand the activity on the Company Site.

    We collect and disclose the personal information described above for a variety of business purposes as described in the section entitled “How We use the Information We Collect” above.

    We will retain the personal information we obtain for a period sufficient to provide the products and services that our customers request or as otherwise necessary to fulfill the purpose for which such information was collected and as necessary to comply with our legal obligations.

    Personal Information of Minors

    We do not have actual knowledge that we sell or share personal information about minors under the age of 16.

  12. Colorado, Connecticut, Virginia and Utah Residents

    The categories of personal information we process about you is set forth above in the section entitled “What Personal Information do We Collect?”. The purposes for processing such personal information are set forth above in the section entitled “How We Use the Information We Collect”. We share the personal information we process about you with the third parties and for the purposes set forth above in the section titled “How We Disclose Information”.

    If you are a resident of Virginia, Colorado, Connecticut and Utah, you have the rights to:

    • Confirm whether or not we are processing your personal information and access such personal information;

    • For Virginia, Colorado and Connecticut residents, correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes of the processing of your personal information;

    • Delete personal information provided by, or, for Virginia, Colorado and Connecticut residents obtained about, you;

    • Obtain a copy of your personal information we process, in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance, where the processing is carried out by automated means; and

    • Opt-out of the processing of personal information for purposes of:

      • Targeted advertising;

      • The sale of personal information; or

      • For Virginia, Colorado and Connecticut residents, profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

    You may exercise these rights by:

    • By Phone: 1-844-664-6941

    • By Website: Data Subject Access Request link

    • By Mail: NextGen Healthcare, Inc. Attn: Privacy and Security – 18111 Von Karman Ave. Suite 600, Irvine, CA 92612

    • By Email: privacy@nextgen.com

      Only you may make a verifiable request related to your personal information. The verifiable consumer request must:

    • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information; and

    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains and allow only those individuals to exercise rights with respect to that information. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. request, you may appeal our denial by contacting us in the same manner by which you submitted your request.

    We process your personal information for the purposes of targeted advertising, and under Colorado and Connecticut laws, our processing may qualify as a “sale”. We share your Internet activity, such as your Internet Protocol (“IP”) address, device information, browsing history, your search history and information on your interaction with the Company Site with our third- party website analytics and digital advertising service providers. To opt-out of such sharing of information with our third-party website analytics and digital advertising service providers, please visit our “Opt-Out” web page. If you are an authorized agent making a request to opt-out on behalf of a consumer, we may require and request that you provide us with written permission signed by the consumer to verify that you are authorized to make such request. To update your communication preferences, please visit our Preference Center here.

  13. EU Residents

    Regulation (EU) 2016/679 (“GDPR”) provides EU residents with specific rights regarding their “personal data”. The below describes such rights and how you may exercise such rights, and our information practices.

    With respect to personal data, we serve as the controller. We collect personal data when you visit and use the Company Site and when you request information, products and services from us. We collect the following types of information and process and disclose such information in the following ways:

    Categories of Personal Data Collected

    Purposes of Processing

    Legal Basis for Processing

    Categories of Recipients

    First name, last name, e-mail address, phone number, address, organization name, specialty, the number of providers your organization has and any other information you provide to us when you contact us

    To provide and improve the Company Site

    To provide our products and services and information resources;

    To develop new and updated products, services and information resources;

    To administer, protect and manage the Company Site, our products, services and information resources

    To provide customer service;

    To communicate with individuals concerning our products and services, including marketing and promotional communications and, where applicable, fulfillment of promotional offers;

    To enable you to log in to your account to use and access the sections of the Company Site reserved for customer use;

    To process orders and payment;

    To investigate, enforce, and apply our contractual terms;

    To protect against and prevent fraud and other criminal activity, claims and other liabilities;

    To comply with and enforce applicable legal requirements, relevant industry standards and policies; and

    To fulfill other purposes

    Performance of Contract. We may use your information to perform our contractual services or prior to entering into an agreement with you. If you use the Company Site or if you contact us to request information resources, products and/or services, we use your information to provide to you the features and functionality of the Company Site and the information resources, products and/or services, including for customer service.

    Legitimate Interest. We may use information for our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. For instance, we may use your personal data to contact you and respond to your requests and inquiries, to administer our business including by creating statistical analyses, to identify prevent and detect fraud or to pursue or defend ourselves against legal claims.

    Consent. We may use your information with your consent. In these instances, we will ask you to grant us consent to use your information. You are free to grant or deny permission. If you deny permission, we will not be able to process your information to conduct the activity to which the consent relates. For example, we will not be able to send you electronic marketing materials that you request. You are also free to withdraw your consent at any time. A withdrawal of consent will not affect processing that has been completed during the time in which the consent was valid. If you have granted us consent to use your information, we will use it only for the purposes specified when we request your consent.

    Fulfillment of Legal Obligations. We may use your information to comply with our legal obligations. To comply with regulations, laws or any authority requests, we may disclose your information to authorities or other officials or otherwise process your information pursuant to legal obligations we are subject to (e.g., retain certain information according to tax or commercial laws, respond to your requests to exercise your rights under the GDPR).

    Customers, other authorized users, vendors that require the data in order to perform the functions for which we engage them, including payment processors and technology vendors.

    Affiliates, subsidiaries or other internal parties and service providers as needed to support our external auditing, compliance and corporate governance functions.

    Governmental / regulatory agencies, law enforcement and parties to court proceedings as necessary to: (a) comply with applicable law and regulations, or respond to subpoenas and other valid legal requests; (b) enforce the terms and conditions under which our products and services are provided; (c) exercise our legal rights and protect our assets; (d) protect our rights, reputation, and property, or that of our users, affiliates, or the public or to pursue available remedies or limit damages we may sustain.

    Buyers in connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

    E-mail address

    To send you information about our products and services that we think may be of interest to you and to provide you with promotional offers.

    To respond to your inquiries and communicate with you about our products, services and the Company Site.

    To otherwise manage and enhance the Company Site and other aspects of our business.

    To maintain and enhance the safety and security of the Company Site and prevent misuse.

    To protect against and prevent fraud and other criminal activity, claims and other liabilities.

    To comply with and enforce applicable legal requirements, relevant industry standards and policies.

    First name, last name, social security numbers, DEA registration numbers and medical account identifiers

    To provide customers and authorized users with: (i) products, services and information resources; (ii) the development of new and updated products, services and information resources; (iii) the administration of, protection of, and management of our products, services and information resources, including for customer service.

    To protect against and prevent fraud and other criminal activity, claims and other liabilities.

    To comply with and enforce applicable legal requirements, relevant industry standards and policies.

    First name, last name, e-mail address, phone number, credit card number, security code, expiration date), shipping address, billing address

    To fulfill your order, including processing your order and payment.

    To otherwise manage and enhance the Company Site and other aspects of our business.

    To protect against and prevent fraud and other criminal activity, claims and other liabilities.

    To comply with and enforce applicable legal requirements, relevant industry standards and policies.

    Username and password

    To enable you to log in to your account to use and access the sections of the Company Site reserved for customer use.

    To otherwise manage and enhance the Company Site and other aspects of our business.

    To protect against and prevent fraud and other criminal activity, claims and other liabilities.

    To comply with and enforce applicable legal requirements, relevant industry standards and policies.

    IP address and device’s unique identifier

    To operate and improve the Company Site.

    Cookie information, including but not limited to access times and experience using one or more of the Company Site

    To investigate, enforce, and apply our Terms and Conditions and this Privacy Policy.

    To perform analytics on the Company Site.

    To provide general statistics regarding use of the Company Site.

    To personalize your visit to the Company Site.

    To otherwise manage and enhance the Company Site and other aspects of our business.

    To measure the effectiveness of our advertisements and to control and limit the frequency of advertisements and other information being displayed to you.

    For technical troubleshooting.

    To maintain and enhance the safety and security of the Company Site and prevent misuse.

    To protect against and prevent fraud and other criminal activity, claims and other liabilities.

    To comply with and enforce applicable legal requirements, relevant industry standards and policies.

    We collect health data of patients of our customers that our customers enter into our products and services. We process such health data on behalf of our health care provider customers, who are the controllers of that personal data. As the controllers of such data, our health care provider customers are responsible for responding to rights requests and other inquiries regarding such personal data. If you have any questions or concerns regarding health data you believe may be processed by our products and services, please contact the health care provider customer with whom you have a relationship directly.

    The personal data we collect as mentioned above is currently processed in the United States by us or by a party acting on our behalf. When you provide personal data to us, you consent to the transfer of your data to, and processing of your data in, the United States. The Company Site and our products and services are currently hosted in the United States. We will transfer your personal data to the United States through the use of appropriate safeguards as required by the GDPR.

    We will retain the personal information we obtain for a period sufficient to provide the products and services that our customers request or as otherwise necessary to fulfill the purpose for which such information was collected and as necessary to comply with our legal obligations.

    We employ technical and organizational security measures designed to protect your personal data. However, please note that the security of information transmitted through the Internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of data. users of the Company Site are responsible for maintaining the security of any username, password or other form of authentication involved in obtaining access to password protected or secure areas of any of the Company Site. In order to protect us, you and your information, we may suspend your use of the Company Site, without notice if any breach of security is suspected.

    If you are an EU resident, under the GDPR, you have the following privacy rights

    • Right of Access. You have the right to obtain confirmation as to whether your personal data is being processed, as well as access to the personal data along with certain information, including the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipients to whom the personal data have been or will be disclosed.

    • Right to Rectification. You have the right to rectify your inaccurate personal data and to complete any incomplete personal data, including by means of providing a supplementary statement.

    • Right to Erasure or Right to be Forgotten. You have the right to erase your personal data under certain circumstances.

    • Right to Restrict Processing. You have the right to restrict our processing of your personal data under certain circumstances.

    • Right to Object. You have right to object, on grounds relating to your particular situation, at any time to our processing of your personal data, which is based on public interest or our legitimate interests, including the profiling of data. In this case, we will stop processing your data, except for where we have compelling legal grounds for the processing which override your interests, rights and freedoms, or for the exercise or defense of possible legal claims. You also have a right to object to the processing of your personal data for direct marketing purposes.

    • Right Not to be Subject to Automated Decision Making. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

    • Right to Data Portability. Under certain circumstances, you have the right to receive your personal data that you provided to us in a structured, commonly used and machine- readable format, and have the right to transmit such data to another controller without hindrance from us.

    • Right to Withdraw Consent. If you have provided us with your consent for the processing of your personal data, you may withdraw your consent at any time to stop any further processing.

    • Right to Lodge a Complaint. You have a right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the GDPR. We, however, would appreciate the opportunity to address your concerns first. If you have any concerns about our processing of your personal data, please contact us at privacy@nextgen.com.

    • To update your communication preferences, please visit our Preference Center here.

  14. Representative for data subjects in the EU and UK – Data Subject Requests

    We have appointed Prighter Group with its local partners as our privacy representative for individuals residing in the EU and UK. If you want to lodge a data subject request, you may exercise by contacting us at privacy@nextgen.com with “GDPR Request” on the subject line and in the body of your message or by visiting our data subject access request link here.

    To verify the representation and for the contact details please visit https://prighter.com/q/18956663852.

  15. Notification of Changes

    Any changes to this Privacy Policy will be posted to this page so users are always aware of the information we collect and how we use it. Accordingly, please refer back to this Privacy Policy frequently as it may change.

  16. Compliance, Questions and Concerns

    We monitor our compliance with this policy. You may reach our Data Protection Officer or contact us with questions or concerns by contacting us at privacy@nextgen.com.

    PDF Version

PrighterUKRep certificate of Art 27 representation Prighter certificate of Art 27 representation