Document Icon

Netsmart Privacy Notice

NETSMART PRIVACY NOTICE

Effective/Last Updated December 11, 2025

SCOPE AND PURPOSE

Netsmart Technologies, Inc. and its affiliates (“Netsmart”, “we”, “us”, or “our”) respect your privacy and are committed to protecting it through our compliance with this privacy notice (“Privacy Notice”). This Privacy Notice is designed to provide transparency into our data practices in a format that is easy to read and navigate. It explains the type of personal information we may obtain from you in various contexts and how Netsmart collects, uses, protects, and discloses or otherwise processes that personal information. It also describes the rights and choices you have with respect to that personal information and provides methods for reaching us with questions about the information we may collect.

This Privacy Notice applies to the personal information we collect in various contexts, such as website visits (from a computer or mobile device), including websites of our affiliates (“Sites”), mobile applications, services, and social media pages that link to this Privacy Notice, or exchange email, text and other electronic messages between you and our Sites. This Privacy Notice also applies to any information we may collect offline, such as when you visit our offices, attend our events or programs, or interact with our representatives at other third-party events, and in the context of other online or offline sales and marketing activities (“Marketing Activities”).

This Privacy Notice does not apply to:

  • Our Technology Solutions & Third-Party Websites. This Privacy Notice does not apply to Netsmart technology solutions, software, products, or services (“Netsmart Solutions”) that have their own privacy notices or to websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of the websites of other entities and we urge you to review any applicable third-party privacy policies for yourself.
  • Our Clients. This Privacy Notice does not apply to our processing of data on behalf of our clients (“Clients”). The data we process on behalf of our Clients is governed by the Business Associate Agreement we enter into with our Clients, as applicable and required under the Health Insurance Portability and Accountability Act (HIPAA). Your healthcare provider may also have its own privacy practices and/or policies that govern its collection and use of your data. We are not responsible for how your healthcare provider treats your information, and we recommend you review their own privacy policies.
  • Minors & Children. Our Sites and Marketing Activities are intended for, and focused on, serving the needs of healthcare providers and our Clients and are not directed towards minors under the age of 16 or children under the age of 13. We do not intend, wish, or want to obtain any information from or about such minors or children through our Sites or Marketing Activities, and therefore, do not knowingly or intentionally collect or retain any information from or about minors or children. If you are a parent or guardian and you believe we have collected information from your child or minor in a manner not permitted by law, contact us using the information in the “How to Contact Us” section below. We will remove the data to the extent required by applicable laws.

We recommend reading our entire Privacy Notice so that you understand both our commitment to you and your privacy, and how you can participate in that commitment. However, if you want to skip to a particular section in the Privacy Notice, please refer to the table of contents below. Our privacy practices are subject to the applicable laws of the places in which we operate. You will see additional region-specific terms that only apply to those located within the geographic regions, or as required by applicable laws.

  1. Information We May Collect
  2. How We May Collect Your Information
  3. Cookies & Tracking Technologies
  4. How We May Use Your Information
  5. Third Parties & Selling or Sharing Your Information – Targeted Advertising
  6. Summary of Information Processed, By Whom & For What Purpose
  7. Retention of Your Information
  8. How We Protect Your Information
  9. Your Rights & Choices
  10. U.S. State Privacy Rights/Supplemental Notices
    1. California
    2. Colorado
    3. Delaware
    4. Maryland
    5. Minnesota
    6. New Jersey
    7. Oregon
  11. International Transfers
  12. Updates to This Privacy Notice
  13. Vulnerability Disclosure
  14. How to Contact Us

We may provide other privacy notices on specific occasions when we are using your information in ways that differ from what we have described here, so that you are aware of how and why we are using such information and what your rights are with respect to such use.

By consenting to our collection, use, and disclosure of your information through your use of our Sites and participation in our Marketing Activities, you allow us to fulfill the purposes for which we collect your information, as described above and in this Privacy Policy. For state-specific terms, rights, and protections, please see Section X.

  1. INFORMATION WE MAY COLLECT

    Personal Information

    We, or Service Providers and Third Parties on our behalf, collect information and data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device in a household (“Personal Information”). The type of Personal Information we collect from or about you will vary depending on the context of your relationship with us and your interactions with our Sites and/or Marketing Activities. Within the last twelve (12) months, we may have collected the following categories of Personal Information:

    • Identifiers and Customer Records, such as your legal name, alias or nickname, signature, unique personal identifiers, online identifier, IP address, social media username or handle, and other contact information such as your mailing address, email address, phone or fax number.
    • Commercial Information such as your interest in and/or purchase history of Netsmart Solutions, and certain transaction information.
    • Internet or other Electronic Network Activity Information such as your browsing and search history; information regarding your interaction with our Sites, such as your Usage Data as defined below, or your interactions and engagement with our emails or other electronic messaging platforms, social media or advertisements.
    • Geolocation Data such as non-precise geographic location indicators from mobile or web devices;
    • Audio, electronic, visual, or similar information such as call recordings, chat transcripts, testimonials, recordings from webinars or other Netsmart programming or events, and pictures, videos, and content you upload, send, or share through our Sites or other Marketing Activities, including through email, text messages, chat, or other written/electronic communication methods.
    • Professional or Employment-Related Information such as employer name and contact information, professional licenses or certificates, and current or former job titles/roles and employment history;
    • Education Information such as education level and degrees, training, or certifications earned and from where; and
    • Inferences drawn from other Personal Information or data that create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

    The “Identifiers” and “Customer Records” category listed above includes information described in California Civil Code § 1798.80(e).

    For certain transactions, such as registering for or attending our conferences, we may use a third-party payment processor to securely process your credit card payment. When you submit payment information, it is provided directly to the payment processor. We do not store or retain your full credit card number, but we may maintain limited transaction details, such as the card type, the last four digits of the card number, and the payment amount, for recordkeeping, reconciliation, and fraud-prevention purposes. The payment processor uses your information solely to complete the transaction and handles it in accordance with applicable privacy and security requirements.

    Sensitive Personal Information

    We do not intend, wish, or want to obtain any information from or about you that may be considered “Sensitive Personal Information” under relevant privacy laws, and therefore, do not knowingly or intentionally collect or retain such information from or about you. Depending on your state of residence, “Sensitive Personal Information” may include your social security number, driver’s license or state identification card number, passport number, and other government identification card information; race, ethnicity, and religion; citizenship or immigration status; union membership; biometric or genetic information; sex life or sexual orientation; or precise geolocation. If you believe we have collected such Sensitive Personal Information from or about you, you may contact us using the information in the “How to Contact Us” section below.

    We do not use our Sites or Marketing Activities to obtain protected health information. If we receive protected health information on behalf of our Clients, our use and disclosure of that information is governed by our agreements with the Clients, including Business Associate Agreements.

    Usage Data

    We automatically collect certain Personal Information in connection with the actions you take on the Sites (“Usage Data”). For example, each time you use the Sites, we automatically collect the type of web browser you use, the type of device you use, your operating system and version, your IP address, the pages you view, referring and exit pages, the date and time of your visit, the number of clicks to, from, and within the Sites, searches you conduct on the Sites, and the duration of your visits to the Sites.

    If we can reasonably associate Usage Data with you, directly or indirectly, we treat it as Personal Information under the categories of Identifiers or Internet or other electronic network information, as appropriate. If we cannot reasonably associate this information with you, we treat it as anonymous Usage Data. We may use and disclose Usage Data for any purpose without restriction, to the extent permitted by law.

  2. HOW WE MAY COLLECT YOUR INFORMATION

    We may collect information from and about you in the following ways:

    Directly from You/Your Agents

    We collect Personal Information you (or your agent(s)) provide directly to us, such as when you voluntarily enter information into fields on the Sites; sign up for or request certain services or information; participate in our surveys; register for and/or attend our events, such as conferences and webinars; or exchange emails, or other messages or calls with us via live agents or an artificial intelligence chatbot.

    Using Cookies and Similar Technologies

    When you access or interact with our Sites, open or click on emails we send you, or interact with our advertisements, we, our service providers, or third parties may collect certain information about your visit and your device using automatic data collection technologies as described in the “Cookies and Tracking Technologies” section below (Section III).

    From Our Service Providers, Contractors & Other Third Parties

    We may collect Personal Information about you from third parties in connection with our Sites and Marketing Activities, including from service providers with whom we engage to provide functionality or features available through our Sites and help assist with our Marketing Activities; advertising providers, including online advertising and marketing networks and analytics vendors; social media platforms; and companies that facilitate emails, chats, and other online messages between you and us. We also may collect Personal Information from third party social media networks and lead-generation and marketing companies to enhance our data sets. We may also collect information from other users of our services or from publicly available sources.

    Some of our Sites and Marketing Activities may have social media and technology integrations that are operated or controlled by separate entities not governed by this Privacy Notice. Some examples include:

    • Links: Our Sites include hyperlinks to websites, platforms, and other services not operated or controlled by us.
    • Liking, Sharing, and Logging-In: We may embed a pixel or SDK on our Sites that allows you to “like” or “share” content on, or log in to, your account through social media. If you choose to engage with such integration, we may receive information from the social network that you have authorized to share with us. Please note that the social network may independently collect information about you through such integration.
    • Social Media Content: We may offer our content through social media. Any information you provide to us when you engage with our social media content is treated in accordance with this Privacy Notice. If you publicly reference our Sites on social media (e.g., by using a hashtag associated with Netsmart in a tweet or post), we may use your reference on or in connection with our Sites.

    If you interact with other entities, including when you leave our Sites, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

  3. COOKIES AND TRACKING TECHNOLOGIES

    We, our service providers and third parties may use cookies and other similar technologies to collect certain information about visitors to our Sites and interactions with our online content or applications, including advertisements. The information we collect may be associated with your Personal Information or we may collect information, including information about your online activities over time and across different websites.

    Our cookie compliance policy is based on cookie functionality and intended purpose, as defined by the following categories:

    • Essential Cookies. Essential cookies or strictly necessary cookies are cookies that are essential for a website to function correctly. These cookies are essential for you to browse our website and use its features, such as page navigation and accessing secure areas of the site. The website cannot function properly without these cookies.
    • Analytics & Customization Cookies. These cookies analyze usage for site optimization. These cookies collect information that is used either in aggregate form to help us understand how our website is being used, or to help us customize our website for you. Analytics cookies are used to understand how visitors interact with the website; they help provide information on metrics such as the number of visitors, bounce rate, and traffic source. Customization cookies help us to personalize your experience on the website with features like relevant content or products you could be interested in based on what you previously viewed. These cookies are set by us or by third parties who may add services and features to our website.
    • Advertising Cookies. These cookies help serve advertising content that is relevant to you. These cookies track your online activity to help advertisers deliver more relevant advertising, to limit how many times you see an ad, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests. These cookies can share that information with other organizations or advertisers. Without them you will still see ads, but they might not be as relevant to you.
    • Performance & Functionality. These cookies facilitate measurement and analytics for improved browsing experience. These cookies are used to enhance the performance and functionality of the website but are non-essential to their use. However, their sole purpose is to improve website functions. This includes cookies from third-party analytics services that we may use.

    We periodically scan and evaluate our Sites for cookie compliance against our defined policies and to block undesirable cookies. You can manage your Cookie Preferences by clicking “Cookie Preferences” in the footer of our Sites. Please note, that you cannot opt-out from essential cookies to use our Sites.

  4. HOW WE MAY USE YOUR INFORMATION

    We may use or disclose the Personal Information we collect, or you provide, as described in this Privacy Notice for business and commercial purposes only, such as:

    • To run and operate our Sites and the contents to you.
    • To market and promote Netsmart Solutions provided by Netsmart or our partners.
    • To provide you with information, products, or services that you request from us.
    • To communicate with you, including responding to your requests, questions, and feedback.
    • To verify your identity and/or affiliation with a Client and/or verify authorization rights.
    • To fulfill a purpose as described to you when collecting your information.
    • To provide you with notices about your account.
    • To carry out our obligations and enforce our rights arising from any agreements entered into between you and us.
    • To allow you to participate in interactive features on our website.
    • To improve our Sites, Marketing Activities, products, and services.
    • To conduct market research and other marketing activities, including targeted advertising and profiling.
    • To perform data analytics.
    • For security purposes, including protecting your account and the security of our Sites, products, and services.
    • For legal and compliance purposes.
    • To fulfill any other purpose for which you provide your Personal Information, with your consent.
    • To prevent fraud or illegal activity.
    • To our subsidiaries and affiliates.
    • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our Sites’ users is among the assets transferred.

    Service Providers

    We may disclose your Personal Information to third parties with whom we engage and contract (“Service Providers”) to provide services to us or to you on our behalf. Under applicable privacy laws, each Service Provider is expected to use reasonable security measures appropriate to the nature of the information involved to protect your Personal Information from unauthorized use, access, or disclosure, and are prohibited from using your Personal Information that we provide to them except as specified and instructed by us.

    Categories of Service Providers we use may include:

    • Marketing and communications vendors, which help us market our products/services to you, interact and communicate with you through our artificial intelligence chatbot, and conduct promotions, events, surveys and other outreach campaigns.
    • Data and business analytics vendors, which help us collect, analyze, and improve the accuracy of our data (including Personal Information), including through the use of artificial intelligence tools.
    • Client support and finance vendors, which help us provide products, services, and information to you; service your account or benefits, including processing payments; collect survey responses; and support our e-commerce service.
    • IT, security, and network administration vendors, which provide services such as data storage and management, website and meeting hosting, and data security.

    For example, we utilize certain Google services for analytics, functionality, and advertising purposes. Specifically, we use Google Analytics to analyze and improve site performance, Google Tag Manager to manage and deploy marketing and analytics tags, Google Ads to deliver relevant advertising, and Google reCAPTCHA v3 to protect against fraudulent activity and ensure site security. These Google services may collect and process data in accordance with Google’s privacy terms here.

    Anonymized Data

    We may anonymize, aggregate, or deidentify personal information such that we can no longer reasonably associate or link the data, directly or indirectly, with an identifiable person. We refer to this type of data as “Anonymized Data” because it no longer qualifies as Personal Information. We may use and disclose Anonymized Data for any purpose without restriction, to the extent permitted by law. We will not knowingly or intentionally attempt to reidentify Anonymized Data, except to check whether our deidentification processes satisfy the requirements of applicable law.

  5. THIRD PARTIES & SELLING OR SHARING YOUR INFORMATION - TARGETED ADVERTISING

    We may disclose your Personal Information or allow third parties to collect your Personal Information in limited situations that may qualify as “selling” or “sharing” your Personal Information under certain privacy laws. We may also “sell” or “share” your Personal Information or allow third parties to collect your Personal Information for cross-contextual behavioral or targeted advertising purposes and/or profiling. Third parties that collect your Personal Information directly from you may do so using cookies, pixels, and other similar tracking technologies.

    We may disclose your Personal Information to the following categories of third parties:

    • Marketing and communications vendors, which help us market our products/services to you, interact and communicate with you through our artificial intelligence chatbot, and conduct promotions, events, surveys and other outreach campaigns.
    • Data and business analytics vendors, which help us collect, analyze, and improve the accuracy of our data (including Personal Information), including through the use of artificial intelligence tools.
    • Government agencies or legal entities/personnel when appropriate or necessary to comply with legal requirements and corporate transactions, such as a court order, law, subpoena, or legal process, including to respond to any government or regulatory request, or for due diligence purposes; to protect the rights, property, or safety of Netsmart, our Clients, or others; to investigate fraud; or for national security and/or law enforcement purposes.

    Depending on your state of residence, you may have the right to opt out from us sharing your Personal Information to third parties for cross-contextual behavioral/targeted advertising and profiling purposes. For more information about the right to opt-out and how to do so, please review “The Right to Opt-Out of Selling/Sharing Personal Information (Do Not Sell or Share My Information Request)” and “Exercising Your Rights” sub-sections below (Section IX).

    Notwithstanding the above, we may share information that does not identify you and could not reasonably be used to identify you (including information that has been aggregated, anonymized, or de-identified) except as prohibited by applicable law. We do not attempt to reidentify such information, except to check whether our deidentification processes satisfy the requirements of applicable law.

  6. SUMMARY OF INFORMATION PROCESSED, BY WHOM & FOR WHAT PURPOSE

    As required by applicable privacy laws, the chart below sets forth:

    • the specific categories of Personal Information (described above) that has been collected in the last twelve (12) months;
    • the categories of third parties to whom the Personal Information is disclosed;
    • the categories of Personal Information that are used or disclosed for business and/or commercial purposes (described above in Section IV); and
    • the categories of Personal Information that are “shared” to third parties.
    Category of Personal Information (PI) Category of Third Parties to Whom PI is Disclosed or Shared Is PI Used or Disclosed for Business or Commercial Purposes? Is PI "Shared" with Third Parties?
    Identifiers and customer records legal name, alias, or nickname; signature; unique personal identifier; online identifier; IP address; social media username or handle; and other contact information such as your mailing address, email address, phone or fax number Our Service Providers Third parties for targeted advertising purposes Third parties as required by law Business Commercial Yes
    Commercial information your interest in and/or purchase information and history of Netsmart Solutions, including payment information Our Service Providers Third parties for targeted advertising purposes Third parties as required by law Business Commercial Yes
    Internet or other electronic network activity information browsing and search history; information regarding your interaction with our Sites, including Usage Data (defined above), or your interactions with our emails or other electronic messaging platforms, or advertisements Our Service Providers Third parties for targeted advertising purposes Third parties as required by law Business Commercial Yes
    Geolocation data non-precise geographic location indicators from mobile or web devices Our Service Providers Third parties for targeted advertising purposes Third parties as required by law Business Commercial Yes
    Audio, electronic, visual, or similar information call recordings, chat transcripts, testimonials, and pictures or videos you upload, send, or share through our Sites or other Marketing Activities Our Service Providers Third parties for targeted advertising purposes Third parties as required by law Business Commercial Yes
    Professional or employment-related information employer name and contact information, professional licenses or certificates, and current or former job titles/roles and employment history Our Service Providers Third parties for targeted advertising purposes Third parties as required by law Business Commercial Yes
    Non-public education information education level and degrees, training, or certifications earned and from where Our Service Providers Third parties as required by law Business Commercial No
    Inferences drawn from other PI or data data used to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes Our Service Providers Third parties as required by law Business Commercial No

  7. RETENTION OF YOUR INFORMATION

    We retain each category of Personal Information for the period reasonably necessary to fulfill the purposes outlined in this Privacy Notice, which typically means the duration of our relationship with you. We may also retain each category of Personal Information for a period of time after our relationship ends due to ongoing business needs to retain it. Relevant factors impacting our retention periods include the business purposes for which we collected the information; the amount, nature, and sensitivity of the Personal Information; the potential risk of harm from unauthorized use or disclosure; our legal, regulatory, tax, and/or accounting obligations and applicable statutes of limitations for claims to which the information may be relevant. We review our retention policies on an annual basis and routinely purge information when the retention period has been met.

  8. HOW WE PROTECT YOUR INFORMATION

    We have implemented measures designed to secure your information, including your Personal Information, from accidental loss and from unauthorized access, use, alteration, and disclosure. We use commercially reasonable physical, technical and electronic, organizational, and administrative safeguards designed to help protect your information, including Personal Information, against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Sites such as message boards. The information you share in public areas may be viewed by any user of the Sites.

  9. YOUR RIGHTS & CHOICES

    Rights You May Have

    You may have consumer rights related to accessing and controlling your Personal Information that we may process. Available consumer rights will vary depending on your state of residence and are subject to the exemptions and exceptions allowed by law, but may include:

    • The Right to Know You may have the right to confirm whether we process, sell, share, and/or disclose Personal Information about you and to know and/or access the Personal Information we have collected, used, disclosed, and sold about you, including the categories of Personal Information collected; the categories of sources from which the Personal Information is collected; the business or commercial purpose for collecting, selling, or sharing Personal Information; the categories of Personal Information that we have sold, shared, or disclosed, and whether it was done for a business purpose; the categories of third parties to whom we have disclosed, sold, or shared Personal Information; and the specific pieces of Personal Information we have collected about you.
    • The Right to Update & Correct Inaccuracies You may have the right to correct inaccuracies in your Personal Information.
    • The Right to Opt-Out of Selling/Sharing Personal Information (Do Not Sell or Share My Information Request)

      You may have the right to opt-out of the processing, selling, or sharing of your Personal Information, including for the purpose of cross-contextual behavioral or targeted advertising, as well as from automated decision-making, including profiling, where it would have a legal or similarly significant effect on you. Of note, we do not use, disclose, sell, or share your Personal Information for the purpose of profiling in furtherance of automated decisions that would have legal or similarly significant effects on you.

      You may opt out from us sharing your Personal Information via non-essential cookies and other similar online technologies by managing your Cookie Preferences by clicking “Cookie Preferences” in the footer of our Sites, or by submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request). You may also request to opt-out by calling us at (800) 842-1973 and selecting the “Privacy Office” option or writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA.

      If you would like us to make the connection between your browser or device and Personal Information obtained through other Marketing Activities, we recommend you submit a “Do Not Sell or Share My Information” request using the Privacy Rights Request form online.

    • The Right to Limit/Restrict Disclosure of Sensitive Personal Information

      You may have the right to limit the use or disclosure of your Sensitive Personal Information except as necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods and services. You may have the right to submit a verified request to us to limit the use or disclosure of your Sensitive Personal Information.

      At this time, we do not collect or obtain any Sensitive Personal Information, and therefore, there is no Sensitive Personal Information of which we could limit our use or disclosure.

    • The Right to Access You may have the right to access and/or obtain a copy of your Personal Information in a portable, and to the extent technically feasible, readily usable format that allows your data to be transmitted to another controller where the processing is carried out by automated means.
    • The Right to Delete You may have the right to request that we delete Personal Information we have collected about you. Exemptions may apply such as if we need the information to complete a requested or reasonably anticipated transaction, prevent security incidents or fraud, enable internal uses that are reasonably aligned with your expectations, or comply with legal obligations. To protect your Personal Information, we will take steps to validate your identity before your request is processed which may require you to provide additional information or documents.
    • The Right to Obtain a List of Categories of Third Parties You may have the right to obtain a list of the categories of third parties to which we have disclosed your Personal Information. This information is available in the above sections, “How We May Use Your Information” (Section IV) and “Third Parties & Selling or Sharing Your Information – Targeted Advertising” (Section X).

    Non-Discrimination/No Retaliation

    If you choose to exercise any of your afforded privacy rights, you have the right not to receive discriminatory treatment or be retaliated against for doing so. Netsmart does not discriminate or retaliate against those who exercise their privacy rights.

    Global Privacy Control (GPC) & Other Universal Opt-Out Mechanisms

    When required by law, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) associated with your browser and/or device. If a GPC signal or other UOOM is detected on your browser or device, only strictly necessary cookies will be enabled, if permitted.

    Exercising Your Privacy Rights

    You may exercise your rights in a variety of ways, including by:

    • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
    • Calling us at (800) 842-1973 and select the Privacy Office option
    • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

    You may opt-out of the selling or sharing of your Personal Information in relation to cookies and similar technologies by managing your Cookie Preferences by clicking “Cookie Preferences” in the footer of our Sites. Depending on your state of residence, you may also request to opt-out of the selling or sharing of your Personal Information by submitting a Do Not Sell or Share My Information request by submitting a Privacy Rights Request online.

    When contacting Netsmart, and where your request requires it, we may request more information from you, such as to verify identity, or indicate that a response will require additional time. You may at any time refer your complaint to the relevant regulator in your jurisdiction if you are unsatisfied with a reply received from us. If you ask us, we will endeavor to provide you with information about relevant complaint avenues which may be applicable to your circumstances.

    Appealing Our Decision

    You may have the right to appeal our decision if we deny, in full or in part, your request to exercise your privacy right(s). You may exercise your right to appeal our decision by submitting a Complaint through the Privacy Rights Request online.

    If we deny your appeal and/or if you are dissatisfied with the result of the appeal, you may also contact your state Attorney General and/or appropriate state agency to lodge a complaint, and we may provide you with an online mechanism to do so when we communicate our denial to you.

    Authorized Agent

    You may use an authorized agent when exercising your privacy rights. To do so, please have your authorized agent contact us at privacy@ntst.com, providing a signed document evidencing their authorization as your agent to operate on your behalf related to your requests. We may also ask to contact you to verify such request(s).

  10. U.S. STATE PRIVACY RIGHTS/SUPPLEMENTAL NOTICES

    There are several U.S. State Privacy Regulations from which Netsmart is exempt because it complies with the Health Insurance Portability and Accountability Act (HIPAA) and enters into a Business Associate Agreement with its Clients.

    Netsmart, however, is subject to and complies with the following U.S. State Privacy Regulations:

    1. California Supplemental Privacy Disclosure

      We collect and process the Personal Information of California residents as described in this Privacy Notice, including Personal Information collected in business-to-business transactions. The California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CPRA”), grants California residents certain rights related to their Personal Information. Please note that this section does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      The CPRA applies to Personal Information collected through our Sites and Marketing Activities, as well as Personal Information collected in the context of a business-to-business relationship (“B2B Data”). B2B Data refers to Personal Information about employees, contractors, or representatives of our Clients, business partners, and vendors that is collected when we interact with them to deliver or receive products or services, perform contractual obligations, or maintain business relationships. This B2B Data is used solely for business and commercial purposes.

      Under the CPRA, California residents have the following rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct Inaccuracies
      • Right to Opt-Out of Selling/Sharing Personal Information (Do Not Sell or Share My Information)
      • Right to Limit/Restrict Disclosure of Sensitive Personal Information
      • Right to Access
      • Right to Delete

      Pursuant to the CPRA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms or preference signals (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose or sell/share that Personal Information and if so, the categories of third parties to whom it is disclosed, shared, or sold.

      If you are a California resident and you or your authorized agent would like to exercise your rights under the CPRA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

    2. Colorado Supplemental Privacy Disclosure

      We collect and process the Personal Information of Colorado residents as described in this Privacy Notice. The Colorado Privacy Act (“CPA”), grants Colorado consumers certain rights related to their Personal Information. Please note that this section does not apply to the Personal Information of Colorado residents that we collect in the employment context or in certain business transactions. This section also does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      Under the CPA, Colorado consumers have the following consumer rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct
      • Right to Opt-Out of Selling/Sharing Personal Information (Do Not Sell or Share My Information)
      • Right to Access
      • Right to Delete

      Pursuant to the CPA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose that Personal Information and if so, the categories of third parties to whom it is disclosed.

      If you are a Colorado consumer and you or your authorized agent, would like to exercise your rights under the CPA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

    3. Delaware Supplemental Privacy Disclosure

      We collect and process the Personal Information of Delaware residents as described in this Privacy Notice. The Delaware Personal Data Privacy Act (“DPDPA”), grants Delaware consumers certain rights related to their Personal Information. Please note that this section does not apply to the Personal Information of Delaware residents that we collect in the employment context or in certain business transactions. This section also does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      Under the DPDPA, Delaware consumers have the following consumer rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct
      • Right to Opt-Out of Selling/Sharing (Do Not Sell or Share My Information)
      • Right to Access
      • Right to Delete
      • The Right to Obtain a List of Categories of Third Parties

      Pursuant to the DPDPA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose that Personal Information and if so, the categories of third parties to whom it is disclosed.

      If you are a Delaware consumer and you or your authorized agent, would like to exercise your rights under the DPDPA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

    4. Maryland Supplemental Privacy Disclosure

      We collect and process the Personal Information of Maryland residents as described in this Privacy Notice. The Maryland Online Data Privacy Act (“MODPA”), grants Maryland consumers certain rights related to their Personal Information. Please note that this section does not apply to the Personal Information of Maryland residents that we collect in the employment context or in certain business transactions. This section also does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      Under the MODPA, Maryland consumers have the following consumer rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct
      • Right to Opt-Out of Selling/Sharing (Do Not Sell or Share My Information)
      • Right to Access
      • Right to Delete
      • The Right to Obtain a List of Categories of Third Parties

      Maryland consumers have additional rights under the MODPA if their Personal Information is profiled in furtherance of decisions that produce legal effects concerning a consumer or similarly significant effects concerning a consumer. Netsmart does not profile Personal Information in furtherance of decisions that produce legal effects or similarly significant effects, and therefore, no such right is applicable here.

      Pursuant to the MODPA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose that Personal Information and if so, the categories of third parties to whom it is disclosed.

      If you are a Maryland consumer and you or your authorized agent would like to exercise your rights under the MODPA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

    5. Minnesota Supplemental Privacy Disclosure

      We collect and process the Personal Information of Minnesota residents as described in this Privacy Notice. The Minnesota Consumer Data Privacy Act (“MCDPA”), grants Minnesota consumers certain rights related to their Personal Information. Please note that this section does not apply to the Personal Information of Minnesota residents that we collect in the employment context or in certain business transactions. This section also does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      Under the MCDPA, Minnesota consumers have the following consumer rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct
      • Right to Opt-Out of Selling/Sharing (Do Not Sell or Share My Information)
      • Right to Access
      • Right to Delete
      • The Right to Obtain a List of Categories of Third Parties

      Pursuant to the MCDPA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose that Personal Information and if so, the categories of third parties to whom it is disclosed.

      If you are a Minnesota consumer and you or your authorized agent would like to exercise your rights under the MCDPA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

    6. New Jersey Supplemental Privacy Disclosure

      We collect and process the Personal Information of New Jersey residents as described in this Privacy Notice. The New Jersey Data Privacy Act (“NJDPA”), grants New Jersey consumers certain rights related to their Personal Information. Please note that this section does not apply to the Personal Information of New Jersey residents that we collect in the employment context or in certain business transactions. This section also does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      Under the NJDPA, New Jersey consumers have the following consumer rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct
      • Right to Opt-Out of Selling/Sharing (Do Not Sell or Share My Information)
      • Right to Access
      • Right to Delete

      Pursuant to the NJDPA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose that Personal Information and if so, the categories of third parties to whom it is disclosed.

      If you are a New Jersey consumer and you or your authorized agent would like to exercise your rights under the NJDPA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

    7. Oregon Supplemental Privacy Disclosure

      We collect and process the Personal Information of Oregon residents as described in this Privacy Notice. The Oregon Consumer Privacy Act (“OCPA”), grants Oregon consumers certain rights related to their Personal Information. Please note that this section does not apply to the Personal Information of Oregon residents that we collect in the employment context or in certain business transactions. This section also does not apply to any Personal Information that may be captured by end-users or our Clients using our products or services.

      Under the OCPA, Oregon consumers have the following consumer rights (each described above) related to their Personal Information:

      • Right to Know
      • Right to Correct
      • Right to Opt-Out of Selling/Sharing (Do Not Sell or Share My Information)
      • Right to Access
      • Right to Delete

      Oregon consumers also have the right to obtain a list of specific third parties. We have the option under the OCPA to provide you either (i) a list of specific third parties to which we have disclosed your Personal Information or (ii) a list of specific third parties to which we have disclosed any Personal Information, generally.

      Pursuant to the OCPA, we recognize Global Privacy Control (GPC) signals and other universal opt-out mechanisms (UOOM) sent by a platform, technology, or other mechanism. If a GPC signal or other UOOM is detected on a browser or device, only strictly necessary cookies will be enabled if permitted.

      We provide disclosure of our data practices in this Privacy Notice. This includes identifying what Personal Information is collected, the source of the Personal Information, and the purposes of use, as well as whether we disclose that Personal Information and if so, the categories of third parties to whom it is disclosed.

      If you are an Oregon consumer and you or your authorized agent, would like to exercise your rights under the OCPA, requests may be made by:

      • Submitting a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
      • Calling us at (800) 842-1973 and select the Privacy Office option
      • Writing to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

      Netsmart may ask you for information which we consider necessary to verify your identity for security and to prevent fraud. This information may include name, contact information, and information related to your transaction or relationship with Netsmart, but the specific information requested may differ depending on the circumstances of your request. If you request deletion of your personal data, please note that we will both render certain Personal Information about you permanently unrecoverable and also de-identify certain Personal Information.

      Netsmart Technologies, Inc. and its subsidiary Health Planning & Development LLC d/b/a Healthpivots are both registered with Oregon’s Secretary of State. Netsmart Technologies, Inc. (Netsmart), Health Planning & Development LLC d/b/a Healthpivots, and McBee, a division of Netsmart, are business names Netsmart has assumed while operating in Oregon.

  11. INTERNATIONAL TRANSFERS

    We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Sites or Marketing Activities from outside of the U.S., please be aware that information collected through the Sites or Marketing Activities may be transferred to, processed, stored, and used in the U.S. Data protection laws in the U.S. may be different from those of your country of residence. Your use of, or interactions with, the Sites, Marketing Activities, or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. as set out in this Privacy Notice.

  12. UPDATES TO THIS PRIVACY NOTICE

    This Privacy Notice sets out the essential details relating to your information, including Personal Information, and relationship with us. From time to time, we may develop new capabilities, features, or offer additional services, or change the purposes of our processing your information, which may require us to make material changes to this Privacy Notice. If we do update or revise this Privacy Notice, we will revise the “Effective Date” at the top of this Privacy Notice and will post the updated Privacy Notice on our Site.

  13. VULNERABILITY DISCLOSURE

    Netsmart is committed to protecting the security and privacy of our systems and data. If you identify a potential vulnerability in a Netsmart consumer facing product or service that is not subject to a master agreement between Netsmart and you, please report it to compliance@ntst.com. Our team will review and validate reported issues, address confirmed vulnerabilities in a timely manner based on risk and impact, and communicate updates as appropriate.

  14. HOW TO CONTACT US

    If you have any questions regarding this Privacy Notice, privacy related comments or concerns, or to submit a Privacy Rights Request (including a Do Not Sell or Share My Information request), please contact us using one of these methods:

    • Submit a Privacy Rights Request online (including a Do Not Sell or Share My Information request)
    • Email us at privacy@ntst.com
    • Call us at (800) 842-1973 and select the Privacy Office option.
    • Write to us at Netsmart Technologies, Inc., Attn: Privacy Office - 11100 Nall Ave, Overland Park, KS 66211, USA

    We will investigate and attempt resolve any concerns regarding use and disclosure of Personal Information in accordance with this Privacy Notice and in accordance with applicable law.