R1 RCM Privacy Policy

Last Updated: January 1, 2023

This Privacy Policy describes how R1 RCM and its subsidiaries and affiliates (“R1”, “us”, “we”, or “our”) collect, use, store, and share your information when:

You use our websites, applications, and other digital properties where this Privacy Policy is posted, including but not limited to www.r1rcm.com , www.cloudmed.com , www.tonicforhealth.com , and www.datstat.com (collectively, “Sites”);
You engage with our products and/or services (“Products”);
You communicate with us, whether online or offline (“Communications”); and
We engage with certain third-party partners, providers, and governmental agencies (“Third Parties”).

Please note, additional privacy policies and notices may apply and be provided depending on the nature of your interaction with R1.

Information Practices

If you are a California resident, click here for specific disclosures about how we collect, use, and share your personal information.

How Do We Collect Your Information?

Depending on where you live, how you interact with our Sites and/or Products, the nature of your Communications, and the types of Third Parties with which we may engage, we may collect the following pieces of information from and about you:

Name;
Signature;
Mailing address;
Shipping address;
City, state, and zip code;
E-mail address;
Employer and job title;
Telephone number;
Birthday;
Information you provide to us in response to surveys and contests;
Information you provide to us on forms available on our Sites;
Certain information about your physical and medical condition;
Responses generated in connection with participation in online research;
Photographs of you;
History of your interactivity with our Sites and Products;
Reports of issues with our Sites and Products;
Correspondence (including email);
Submissions and voting and polling activities;
Usage and activity information relating to the Sites and Products;
Search queries on our Sites, including through certain forms;
Information about your interests; and/or
Technical information gathered automatically when you use the Sites and/or Products, including:
Device information.
Browser information.
Internet service provider or mobile carrier.
Referring and exit pages.
Date and time stamps.
Clickstream data (including page clicks and scrolls).
Location (for access and use verification).
Bandwidth speed.
IP address and device ID.
Information from cookies and similar technologies (see below for more information).

How Do We Use Your Information?

Depending on where you live, how you interact with our Sites and/or Products, the nature of your Communications, and the types of Third Parties with which we may engage, we may use your information for a variety of purposes, including to:

Perform a contract with you to :
- Provide our Sites and Products to you;
- Notify you about changes to our Sites and Products;
- Enforce our terms, conditions, and policies;
- Administer the Sites and Products; and
- Personalize content you receive and provide you with tailored content.

Use internally to :
- Perform data analytics (including market research, trend analysis, financial analysis);
- Operate, evaluate, develop, manage and improve our Sites and Products (including operating, administering, analyzing, and improving our Sites and Products, developing new Sites and Products, managing and evaluating the effectiveness of our Communications, performing accounting, auditing, and billing reconciliation and collection activities and other internal functions);
- Protect against, identify and prevent fraud and/or other criminal activity, claims and other liabilities; and
- Comply with and enforce relevant industry standards and policies, including this Privacy Policy and other related terms of use.

Comply with a legal obligation and/or protect the vital interests of our customers and employees by:
- Preventing and responding to abuse and fraud;
- Preventing and responding to illegal activity;
- Preventing and responding to other harmful content distributed through our Sites and/or Products;
- Prevent the unlawful use and/or selling of our Sites and/or Products; and
- Enforcing our terms, conditions, and policies.

How Do We Share Your Information?

With Your Consent . We may, from time to time, disclose or share your information with your consent. We may obtain your consent in writing, online through “click-through” or related agreements, when you accept terms of service on our Sites and/or through our Products, orally, in person, on the telephone, or by other means. We may share your information in these circumstances to complete a transaction, perform a service, or offer you a Product.

With Our Subsidiaries and Affiliates . We may, from time to time, disclose your information to our subsidiaries and affiliates for organizational and internal purposes.

With Third Parties . We may share your information with certain Third Parties, such as business partners, advertising networks, marketing partners, data analytics providers, online and offline data collectors, operating systems and platforms, and service providers who provide us a service (e.g., credit / debit card processing, billing, customer service, auditing, marketing, debugging to identify and repair error and/or protecting against malicious, deceptive, fraudulent, or illegal activity).

Business Transfers / Bankruptcy . We may transfer your information as part of a corporate business transaction, such as a merger or acquisition, joint venture, corporate reorganization, financing, or sale of company assets, or in the unlikely event of insolvency, bankruptcy, or receivership, in which to any successor or to any person or entity that acquires ownership or control of the Sites and/or Products. This may occur in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets. Other than to the extent ordered by a bankruptcy or other court proceeding, the use and disclosure of all transferred information will be subject to this Privacy Policy, unless otherwise provided.

By Law Or To Protect Rights . We may share your information to satisfy any law, regulation, legal process, governmental request, or where we have a good belief that access, use, preservation or disclosure of such information is reasonably necessary to: (1) enforce or apply agreements; (2) protect our rights or interests, property or safety or that of others; (3) in connection with claims, disputes, or litigation (in court or elsewhere); or (4) protect users of our Sites.

Do We Transfer Your Information To Other Countries?

The information we collect from and/or about you may be stored on servers and with Third Parties in the United States (where we are headquartered) or other countries, and whose laws may differ from the jurisdiction in which you live. Any transfer of your information is done with reasonable consideration of the applicable laws in the jurisdictions in which we operate.

How Do We Store & Protect Your Information?

Although no system can guarantee the complete security of your information, we take commercially reasonable steps, appropriate to the nature of information at issue, to ensure your information is subject to appropriate organizational, technical, and physical safeguards in alignment with applicable laws and regulations.

How Long Do We Keep Your Information?

We keep your information for as long as necessary in accordance with the purposes for which it was collected, our business needs, and applicable legal and regulatory obligations. If we dispose of your information, we will do so in a way that is secure and appropriate to the nature of the information subject to disposal, consistent with applicable laws and regulations.

Links To Other Sites

We may, from time to time, offer links to other websites from our Sites and through our Products. These third parties may have terms of use and privacy policies that are different than ours. We recommend you review such site’s terms of use and privacy policies prior to use or submitting any information to them. We cannot verify, warrant, endorse or take responsibility for the availability, accuracy, completeness, quality, practices, or policies of such sites or content available from such sites. We do not make any representations or warranties as to the security of any information (including, without limitation, credit card and other personal information) you might be requested to give any third party.

Cookies, Advertising, & Tracking

From time to time, our Sites may collect and share your information through the use of cookies, pixels, and related technologies for the purpose of identifying and authenticating users, preventing fraud, enhancing our Sites, and to tailor content to you.

Cookies are small information files that our Sites place on your computer or other devices. Some cookies are temporary. Others are permanent. And there are different types of cookies that serve different purposes, such as functionality and targeting (marketing / advertising).

Our Sites may also use embedded scripts and/or web beacons. An embedded script is programming code used to collect information about how you interact with our Sites. The embedded script is temporarily downloaded onto your device from our, or a third party web server and is active only while you are connected to the Sites. A web beacon is a small graphic image or programming code that may be included in our Site pages and email messages.

Our Sites may also use data analytics vendors to monitor the performance of our Sites, enhance and provide a more relevant browsing experience for our users, personalize the content on our Sites, and better understand our users’ needs and optimize our Sites. To help us accomplish these goals, our data analytics vendors may use cookies, identifiers for mobile devices and other technologies to collect and store data about our users’ behavior and their devices, such as how much time users spend on which pages, which links they choose to click, what users do and do not like, etc. This data may include a device’s IP address, device screen size, device type (unique device identifiers), and browser information. For further details about our data analytics vendor, Google Analytics, please see How Google uses data when you use our partners’ sites or apps , www.google.com/policies/privacy/partners/ and visit Google’s Privacy Policy at https://policies.google.com/privacy .

To learn more about your choices as it relates to our use of cookies and related technologies, please see Your Choices .

Your Choices

We provide you the ability to exercise certain controls and choices regarding your information. To exercise any of the rights described below, send your request to privacy@R1RCM.com . We will respond to your request as soon as possible and in accordance with applicable laws and regulations.

You may submit your request directly, or through an authorized agent, subject to additional verification of your identity and/or the agent’s authorization. To protect your identity, we may also use reasonable efforts, consistent with applicable law, to verify your identity before responding to your request.

Correct Your Information . Depending on where you live, you may have a right to request that we correct incorrect or inaccurate information about you. If appropriate, we will use reasonable efforts to allow you to update or correct the information we collect from and about you.

Access Your Information . Depending on where you live, you may have a right to know what information we have collected about or from you, how that information is being used, and with whom it is being shared.

Delete Your Information . Depending on where you live, and subject to certain exceptions recognized by applicable law, you may have a right to ask that we delete your information.

Withdraw Consent . You may withdraw your consent at any time.

Control Cookies Through Your Browsers . You may be able to disable and manage some cookies through your browser settings. If you use multiple browsers on the same device, you will need to manage your settings for each browser.

Analytics Provider Opt-Outs . To disable analytics cookies you can use the browser controls discussed above or, for some of our providers (e.g. Google), you can use their individual opt-out mechanisms.

Interest-Based Advertising . For more information or to opt-out of receiving interest-based advertising from participating third-party advertisers please visit:

Digital Advertising Alliance: https://optout.aboutads.info/?c=2&lang=EN
Digital Advertising Alliance App Choices Application: www.aboutads.info/appchoices
Network Advertising Initiative: https://optout.networkadvertising.org/?c=1

Email Opt-Out . If at any time you wish to opt out or “unsubscribe” from receiving commercial emails related to our Sites or Products, you may use the unsubscribe link at the bottom of each commercial email you receive or respond to the e-mail with “unsubscribe” written into the body of the reply email. Please note that even if you opt-out of receiving commercial emails from us, we reserve the right to send transactional or relationship communications to you (e.g., if we need to contact you regarding your account status, technical support, changes to our Sites or Services, etc.).

Non-Discrimination . We will not discriminate against you for exercising any of your rights under applicable law and this section. That means if you exercise any of your rights in connection with your information, we will not deny you access or use of our Sites or our Products, charge you a different price or rate for any Products, or provide you a different level of service, subject to exceptions under applicable law.

If you have questions or complaints about how we have handled your information, or responded to any requests above, please contact us below. You also have the right, depending on where you live, to file a complaint with any competent data protection authority, regulator, or governmental agency, where appropriate.

Notice To California Residents

California Consumer Privacy Act (CCPA) Disclosures

The following disclosures are made pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its implementing regulations (“CCPA”).

Relevant CCPA Definitions

Term	Definition
Personal information	Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household.
Sensitive personal information	Social security number, driver’s license number, state identification card, passport number, account log-in and password, financial account and password, debit or credit card number and access code, precise geolocation information, race, ethnic origin, religious or philosophical beliefs, union membership, the content of your mail, email or texts other than those communications with us, genetic data, biometric information, health information, and information that concerns your sex life or sexual orientation.
Sell, sale, or sold	Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or other means, your personal information to a third party for money or other valuable consideration.
Share or shared	Sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by other means, your personal information to a third party for “cross-context behavioral advertising,” whether or not for money or other valuable consideration.

Notice at Collection

Below is a summary of the categories of personal information we have collected from and about you in the twelve months preceding the date this Privacy Policy was last updated. Also included in this description is information about: (1) why the information is collected and used; (2) whether the information is “sold” or “shared” to third parties; (3) whether the information is disclosed for a business purpose to third parties; (4) whether the information includes “sensitive personal information”; (4) and a description of how long we may keep your information.

Category: Identifiers (Includes Sensitive Personal Information)

This category includes information such as your name, alias, postal address, and telephone number, unique personal identifier, online identifier, IP address, account log-in, email address, account name, social security number, driver’s license number, passport number, financial account information, and account information.

Question	Answer
When do we collect this information?	When you visit our Sites, sign up for our Products, submit requests for quotes and pricing, and when you utilize our Sites and Products.
Who do we collect this information from?	We collect this category of information from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our business purpose for collecting this information?	See How Do We Use Your Information .
Do we sell or share this information?	No.
Does this include sensitive personal information? If so, do we process such sensitive personal information outside of the purposes permitted under the CCPA?	Yes. Sensitive personal information can include information that reveals your social security number, driver’s license number, state identification card number, and passport number. We do not process your sensitive personal information other than for the purposes permitted under the CCPA.
Is this information disclosed to a third party for a business purpose? If so, what types of third parties receive this information?	See How Do We Share Your Information .
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Personal Characteristics (Includes Sensitive Personal Information)

This category includes information such as your signature, race, color, national origin, sex, sexual orientation, gender, gender identity, gender expression, religious creed, mental disability, physical disability, medical condition, military / veteran status, marital status, age, genetic characteristics, ancestry, or reproductive health decision making.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	Yes. Sensitive personal information can include information pertaining to your race, ethnicity, religious beliefs, philosophical beliefs, sex, sex life, union membership, and health. We do not process your sensitive personal information other than for the purposes permitted under the CCPA.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Financial Information (Includes Sensitive Personal Information)

This category includes information such as your bank account number, credit card number, debit card number, or any other financial information with a required access or security code, password, or credentials.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	Yes. Sensitive personal information can include information that reveals your account log-in with password, and financial or payment account with password. We do not process your sensitive personal information other than for the purposes permitted under the CCPA.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Network Activity

This category includes information such as your network activity information, browsing history, search history, and information regarding a consumer’s interaction with a website, application, or advertisement.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, our service providers, and our affiliates and subsidiaries.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	No.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Commercial Information

This category includes information such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	No.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Biometric Information (Includes Sensitive Personal Information)

This category includes information such as fingerprints, handprints, facial recognition data, face scan, hand scan, voice recordings.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	Yes. Sensitive personal information can include your biometric information. We do not process your sensitive personal information other than for the purposes permitted under the CCPA.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Professional and Educational Information

This category includes information such as information that is not “publicly available personally identifiable information,”, current or prior job history or performance evaluations.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	Yes. Some employment information may include sensitive personal information. We do not process your sensitive personal information other than for the purposes permitted under the CCPA.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Category: Audio, Electronic, Visual, Thermal, Olfactory Information

This category includes information such as photographs, video recordings, and recorded messages., videos, personal temperature.

Disclosure	Description
Who do we collect this information from?	We collect this category from you directly, service providers, our affiliates and subsidiaries, clients, and governmental agencies.
What is our purpose for collecting, using, or disclosing this information?	See How Do We Use Your Information .
Is this information “sold” or “shared” as those terms are defined under the CCPA?	No.
Does this include “sensitive personal information” as that phrase is defined under the CCPA? If so, do we process sensitive personal information outside of the purposes permitted under the CCPA?	No.
What categories of third parties receive this information?	Services providers, clients, affiliates and subsidiaries, and governmental agencies.
How long do we keep this information?	We keep this category for so long as is reasonably necessary and proportionate to the original purpose for which we collected the information. We base our criteria in determining appropriate retention periods on regulatory and legal requirements, contractual requirements, business needs, and the expectations of our consumers.

Notice of Disclosure For A Business Purpose

To learn more about the categories of personal information we have disclosed for a business purpose about California residents in the past 12 months, please see What Information Do We Collect About You and How Do We Share Your Information sections above.

Notice of Sale or Sharing

R1 does not sell or share the personal information of California residents. We also do not have any actual knowledge of selling or sharing the personal information of any California resident who is 16 years or younger.

Notice of Processing Sensitive Personal Information

R1 does not process your sensitive personal information outside of the permissible purposes set forth in the CCPA.

Rights

California residents have certain rights under the CCPA, including the right to access, correct, delete, and to non-discrimination. To learn more about these rights, please see Your Choices above.

Do Not Track

Our Sites may, from time to time, collect information about your online activities, over time and across different sites and applications. When you use our Sites, Third Parties may also collect information about your online activities, over time and across different websites, online or cloud computing services, online applications, or mobile applications. Some browsers support a “Do Not Track” feature, which is intended to be a signal to websites that you do not wish to be tracked across different websites you visit. Our Sites currently do not change the way they operate based upon a “Do Not Track” or similar signal. You may, however, disable certain tracking as discussed in Your Choices section.

Children

Our Sites are not intended for children under the age of 18. We do not knowingly collect or use any information from individuals under the age of 18. If you are a parent or guardian who has discovered that your child under the age of 18 has submitted his or her information without your permission or consent, you can ask us to remove your child’s information by contacting us at privacy@r1rcm.com

Changes

We may change this Privacy Policy from time to time. Any and all changes will be reflected on this page, and where appropriate and consistent with applicable law and regulation, provided to you in person or by another electronic method. The last updated date will be stated at the top of this Privacy Policy. You should regularly check this page for any changes to this Privacy Policy.

Accessibility

To request a copy of this Privacy Policy in an alternative format, please contact us at the information provided below.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: privacy@r1rcm.com .