Privacy Policy

Benchline Health ("Benchline", "we", "us", or "our") operates benchlinehealth.com (the "Site"). This Privacy Policy applies to personal information that we collect through the Site and through pages that link to this Policy.

This Policy does not apply to separate brand, provider, medical-group, pharmacy, laboratory, vendor, partner, applicant, payment, or patient-facing services that have their own privacy notices, terms, HIPAA notices, telehealth consents, payment terms, or other legal materials. If you are directed to another website, service, portal, platform, or care flow, review the notices that apply there.

To the extent another notice expressly says it applies instead of, or in addition to, this Policy, that separate notice controls for the service or data described in that notice.

The Site is designed for general corporate, business, recruiting, partnership, media, supplier, and counterparty communications. It is not designed to collect protected health information, consumer health data, medical records, prescription information, insurance information, treatment information, or patient care requests.

If you choose to send health, medical, prescription, insurance, payment, or other sensitive information to a general Benchline mailbox or through a general Site communication channel, we may receive and process that information to review the communication, route it, respond, protect our rights, comply with law, or delete, restrict, or decline to process it where appropriate. Submission of that information does not create a healthcare relationship with Benchline.

If a separate patient-facing service involves a covered entity, business associate, healthcare provider, pharmacy, laboratory, or regulated health service, that separate service may be subject to additional privacy, HIPAA, consumer health data, telehealth, prescribing, pharmacy, payment, or consent requirements.

Depending on how you interact with the Site, we may collect the following categories of personal information:

• Identifiers and contact information, such as name, email address, phone number, organization, role, address, and message content.
• Business relationship information, such as partnership, vendor, supplier, media, investor, legal, regulatory, recruiting, or other inquiry details.
• Communications information, such as emails, form submissions, calendar details, support messages, and other correspondence with us.
• Technical and usage information, such as IP address, browser type, device type, operating system, language, referring URLs, pages viewed, dates and times of access, campaign parameters, and Site interactions.
• Cookie and similar technology information, such as cookie identifiers, analytics identifiers, advertising identifiers, device identifiers, and information about how visitors use the Site over time.
• Approximate location information derived from IP address or similar technical signals. The Site is not intended to collect precise geolocation.
• Marketing and preference information, such as communication preferences, newsletter interests, email opens, link clicks, and interactions with company content.
• Applicant or recruiting information, if you communicate with us about employment or contractor opportunities.
• Sensitive information that you choose to provide despite our request that you not submit it through this corporate Site.

We may collect information directly from you, automatically from your browser or device, from service providers, from business partners, from affiliates, from public sources, and from other sources where permitted by law.

We do not intend for this corporate Site to collect or infer sensitive health information or consumer health data. Because privacy laws can define health-related data broadly, information related to health topics, attempts to seek healthcare services, reproductive or sexual health, gender-affirming care, medication use, symptoms, diagnoses, precise location near healthcare facilities, or similar matters may be treated as sensitive or specially regulated in some circumstances.

If applicable law treats information we collect through this Site as consumer health data, sensitive personal information, or another specially protected category, we will process it only as permitted by applicable law and this Policy. Where required, we will provide additional notices, obtain consent, honor deletion or withdrawal rights, restrict sale or sharing, and use reasonable safeguards.

We do not sell consumer health data for money. We also do not intend to use geofencing around healthcare facilities through this corporate Site. If a future service changes that posture, it should be governed by separate notices and controls before launch.

We may use personal information to:

• operate, maintain, secure, troubleshoot, and improve the Site;
• respond to inquiries and communicate with you;
• manage partnerships, supplier diligence, vendor discussions, media requests, recruiting inquiries, legal notices, and other business relationships;
• understand how the Site is used and improve content, navigation, design, performance, accessibility, and security;
• measure the effectiveness of communications, content, campaigns, and referrals;
• send company updates or marketing communications where permitted by law and honor opt-out requests where required;
• evaluate, document, and support compliance, legal, privacy, security, payment-processor, insurance, audit, diligence, or risk requirements;
• detect, prevent, investigate, and respond to fraud, abuse, security incidents, misuse of the Site, unlawful activity, and violations of our terms;
• comply with legal, regulatory, contractual, reporting, tax, accounting, audit, and law-enforcement obligations; and
• protect our rights, users, personnel, partners, affiliates, service providers, and business.

We may use cookies, pixels, tags, scripts, analytics tools, advertising tools, log files, and similar technologies for site operation, analytics, security, fraud prevention, debugging, measurement, marketing, and compliance.

These tools may help us understand how visitors use the Site, which pages perform well, how users arrive at the Site, whether communications and campaigns are effective, and how to secure and improve the Site. Some tools may support advertising measurement, remarketing, audience analysis, or attribution if enabled.

This Site is not intended to use tracking technologies to collect or disclose protected health information. If a separate regulated entity, business associate, patient portal, authenticated care flow, or health service uses tracking technologies, that environment requires separate legal, privacy, HIPAA, vendor, and consent review.

You can control cookies through your browser settings and, where available, through cookie or privacy controls that we make available. Blocking some cookies may affect Site functionality. Browser-based choices may apply only to the browser or device you used.

We do not sell personal information for money. If our use of analytics, advertising, measurement, or similar technologies is considered a "sale", "sharing", targeted advertising, or similar activity under applicable privacy law, you may have the right to opt out through our Your Privacy Choices page.

We may disclose personal information to:

• hosting, cloud, security, analytics, IT, site operations, and infrastructure providers;
• customer relationship management, email, communications, form, calendar, recruiting, and document-management providers;
• advertising, measurement, attribution, campaign, and cookie-management providers where permitted by law and applicable settings;
• payment processors, banks, insurers, auditors, and other financial or risk counterparties if needed for business operations or future services;
• professional advisers, such as lawyers, auditors, insurers, accountants, consultants, compliance advisers, and diligence providers;
• regulators, courts, law enforcement, payment networks, processors, dispute-resolution bodies, or other authorities where required or permitted by law;
• potential or actual buyers, investors, lenders, financing sources, insurers, acquirers, successors, or counterparties in connection with a financing, investment, merger, acquisition, restructuring, sale of assets, bankruptcy, diligence process, or similar corporate transaction; and
• affiliates, related entities, brands, medical groups, pharmacies, laboratories, vendors, or partners where appropriate for the purposes described in this Policy and permitted by law.

Where appropriate, we take steps designed to require service providers to handle personal information only for authorized purposes and with reasonable safeguards. These steps may vary by vendor, relationship, data type, legal requirement, and service.

We may use personal information to create deidentified, anonymized, or aggregated information, and we may use and disclose that information for lawful business, analytics, research, security, diligence, and compliance purposes. Where applicable law imposes requirements for deidentified data, we will maintain and use it in deidentified form and will not attempt to reidentify it except as permitted by law.

We keep personal information for as long as reasonably necessary for the purposes described in this Policy, including to operate and secure the Site, respond to inquiries, manage business relationships, comply with legal obligations, resolve disputes, enforce agreements, conduct audits, maintain records, and protect rights.

Retention periods vary depending on the type of information, the purpose for which it was collected, legal requirements, operational needs, security needs, and whether deletion has been requested. We may keep information longer where necessary for security, fraud prevention, legal, regulatory, tax, accounting, audit, litigation, payment, insurance, or compliance reasons.

Depending on where you live and how we process your information, you may have rights to:

• know or confirm whether we process your personal information;
• access or receive a copy of personal information;
• request deletion of personal information;
• request correction of inaccurate personal information;
• opt out of sale, sharing, targeted advertising, or certain profiling activities;
• limit or restrict certain uses of sensitive personal information where applicable;
• withdraw consent where processing is based on consent and withdrawal is legally available; and
• appeal a refusal to act on your request where the law gives you that right.

To exercise a privacy right, contact us at privacy@benchlinehealth.com with the subject line "Privacy Request". We may need to verify your identity, authority, state of residence, or request before completing it. We will respond within the time required by applicable law.

You may use an authorized agent where applicable law permits. We may require proof of authorization and may ask you to verify your identity directly where permitted by law.

Where required by law, we will honor applicable browser-based opt-out preference signals, such as Global Privacy Control, for the browser or device from which the signal is sent.

If you are a resident of California or another U.S. state with an applicable privacy law, you may have specific privacy rights under that law. This Policy is intended to describe the categories of personal information we collect, the purposes for which we use it, the categories of recipients to whom we disclose it, and the rights that may be available to you.

We do not discriminate against you for exercising privacy rights. We do not use or disclose sensitive personal information for purposes that would require a right to limit under California law unless we provide the required notice and choice.

If we later add features that collect, infer, use, share, or sell consumer health data or similar regulated health-related information, we will provide additional notices, consents, and controls where required by law.

We use reasonable administrative, technical, and organizational measures designed to protect personal information. No method of internet transmission, electronic communication, or electronic storage is completely secure, so we cannot guarantee absolute security.

The Site is intended for adults and business users. It is not directed to children, and we do not knowingly collect personal information from children under 13 through the Site. Do not use the Site to submit information about a minor patient or child.

Benchline is based in the United States, and the Site is intended for U.S. corporate audiences. If you access the Site from outside the United States, your information may be processed in the United States or other jurisdictions that may have privacy laws different from those in your location.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on this page and update the "Last updated" date. Your continued use of the Site after an updated Policy is posted means the updated Policy applies to information collected after the updated date, subject to applicable law.

Questions or requests about this Privacy Policy may be sent to privacy@benchlinehealth.com.

Questions about HIPAA, patient-facing services, provider notices, or pharmacy notices should be directed through the applicable patient-facing service, provider, pharmacy, laboratory, or partner channel, not through this corporate Site.