Your California Privacy Rights

Who this notice applies to

This notice applies to California residents whose personal information is collected by ASP-RCM Solutions through this website or our prospect / client relationship. Personal information that we process as a HIPAA Business Associate on behalf of a covered-entity client is governed by the Business Associate Agreement and our HIPAA program, not by this notice.

Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information about California residents from this website and our outreach activities:

• Identifiers. name, business email, phone, employer, job title
• Commercial information. services you've inquired about, audit results we've prepared for you, contract terms
• Internet activity. pages viewed, time on page, referrer, device type, IP address (anonymized)
• Professional information. specialty, NPI, organization size, payer mix (when you choose to share it on a form)
• Inferences. fit and intent scoring derived from the above to qualify outreach

Where we get it

Directly from you (forms, calls, email), from publicly available sources (NPI registry, state license boards), and from our analytics tools (GA4, Microsoft Clarity).

Why we use it

To respond to your inquiries, deliver requested audits and proposals, perform our services, communicate about ongoing engagements, improve our website, and operate our business. We do not use personal information for purposes incompatible with the reason we collected it.

Who we share it with

We share personal information only with service providers that process it on our behalf under written contracts (CRM, email delivery, analytics, hosting, payroll). These are listed at /subprocessors. We do not sell personal information. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under CPRA.

Your rights

• Right to know what personal information we have collected, where it came from, why we have it, and who we've shared it with.
• Right to delete personal information, subject to limited exceptions (e.g., when retention is required by law or by an active contract).
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell or share, but you may still exercise this right and we will confirm.
• Right to limit use of sensitive personal information. We do not collect SPI from this website beyond what's incidental to a HIPAA-covered engagement, which is governed by your BAA.
• Right to non-discrimination for exercising any of these rights.

How to exercise your rights

Email [email protected] with the subject "California Privacy Request" and tell us which right you're exercising. We may need to verify your identity before fulfilling the request. usually a confirmation email plus two pieces of information already in our records.

We respond within 45 calendar days (extendable to 90 with notice if the request is complex). There's no charge.

Authorized agents

You may designate an authorized agent to make a request on your behalf. The agent must provide a signed written authorization and we will verify it directly with you.

Do Not Track and Global Privacy Control

We honor Global Privacy Control (GPC) signals as a valid opt-out request when received. Browser-level "Do Not Track" headers are not currently a recognized standard and we do not act on them, but our cookie banner gives you the same control directly.

Changes

If this notice changes materially, we'll post the updated version here with a new "effective" date and, where required, notify affected California residents directly.

Contact

Email [email protected] or write to ASP-RCM Solutions, Attn: Privacy Officer, 3201 Dallas Pkwy, Suite 200, Frisco TX 75034.