Privacy Policy

Effective Date: July 11, 2011
Last Updated: November 3, 2025

Entity: Acute Technology Solutions, Inc. (“ATSI,” “we,” “our,” or “us”)
Website: www.acute-techsolutions.com

1. Scope of This Privacy Policy

This Privacy Policy describes how ATSI collects, uses, discloses, and safeguards personal information obtained through:

• Our website(s) and online properties 
• Contact forms, email communications, and downloadable resources 
• Advisory, consulting, and technology services (including security, AI enablement, data analytics, and CX advisory services) 
• Interactions with prospective or current clients, vendors, and partners
   

This policy covers compliance with U.S. federal and state privacy laws, HIPAA (when applicable), GDPR for EU/EEA residents, and the NIST Privacy Framework.

2. Types of Information We Collect

We may collect:

2.1. Personal Information (PI/Personal Data)

• Name, job title, employer 
• Email address, phone number 
• Contact preferences 
• IP address, device identifiers, and online activity metadata 
• Billing and transaction information (for paid services)
   

2.2. Protected Health Information (PHI)

ATSI does not operate as a Covered Entity.  However, when providing advisory or consulting services to healthcare organizations, ATSI may function as a Business Associate under HIPAA.

PHI is only collected, accessed, or processed:

• Under a valid Business Associate Agreement (BAA) 
• For the specific purpose of delivering contracted services 
• Under strict security and confidentiality controls
   

2.3. Sensitive Information

We do not intentionally collect sensitive data (race, religion, biometrics, etc.) unless contractually required and explicitly permitted under applicable law.

2.4. Website Usage Information

We may collect:

• Browsing behavior 
• Cookies and analytics 
• Device and network metadata
   

You may control cookies through your browser settings.

3. How We Use Personal Information

ATSI uses information to:

• Provide advisory, assessment, and consulting services 
• Communicate with prospective and current customers 
• Improve website performance and user experience 
• Deliver resources, content, and newsletters (opt-in) 
• Ensure information security and compliance 
• Meet legal, regulatory, and contractual obligations
   

We do not sell personal information, PHI, or any user data.

4. Legal Bases for Processing (GDPR)

For individuals in the EU/EEA or UK, ATSI processes data under:

• Performance of a contract 
• Legitimate interests 
• Compliance with legal obligations 
• Consent (for marketing, cookies, optional data)
   

5. HIPAA Compliance (If Applicable)

When acting as a Business Associate, ATSI:

• Signs a HIPAA-compliant Business Associate Agreement
• Implements NIST CSF-aligned security controls 
• Restricts PHI access to least privilege 
• Encrypts PHI in transit and at rest 
• Ensures third-party vendors meet HIPAA requirements 
• Does not use PHI for marketing or analytics without authorization 
• Reports breaches consistent with HIPAA/HITECH
   

PHI is never used for website analytics, advertising, or unrelated business purposes.

6. NIST Privacy Framework Compliance

ATSI aligns to NIST guidelines, including:

• Identify: Governance, purpose, roles, risk assessments 
• Govern: Policies, BAAs, compliance reviews 
• Control: Consent, access rights, data minimization 
• Communicate: Transparency and privacy notices 
• Protect: Safeguards, encryption, monitoring, incident response
   

7. U.S. State Privacy Rights

Residents of CA, CO, CT, VA, UT (and others as they enact privacy laws) may have rights to:

• Access personal information 
• Delete personal information 
• Correct personal information 
• Opt out of: 
  • Data sales (ATSI does not sell data) 
  • Targeted advertising (ATSI does not engage in targeted ads) 
• Limit use of sensitive personal data 
• Obtain a copy of their data
   

Requests may be sent to: privacy@acute-techsolutions.com

8. Data Sharing & Disclosure

ATSI may share information with:

• Service providers (cloud, security, analytics, email systems) 
• Contracted vendors supporting advisory services 
• Legal authorities (only when required by law) 
• Business Associates/Subcontractors (under signed BAAs for PHI)
   

We do not share data with advertisers or data brokers.

9. International Transfers

ATSI may process data in the U.S. or other jurisdictions.

We use:

• Standard Contractual Clauses (SCCs) 
• EU/UK-approved safeguards 
• Vendor due diligence
   

to ensure GDPR-compliant transfers.

10. Data Retention

We retain data only as long as necessary for:

• Contractual obligations 
• Legal requirements 
• Security and operational purposes
   

PHI retention follows HIPAA and contractual mandates.

11. Security Measures

ATSI uses administrative, physical, and technical safeguards including:

• NIST CSF and NIST 800-53 aligned controls 
• Encryption in transit (TLS 1.2+) and at rest 
• Zero Trust-aligned architecture 
• Access controls and multi-factor authentication 
• Network segmentation and monitoring 
• Regular audits and risk assessments 
• Secure data disposal procedures
   

12. Your Rights

Depending on your jurisdiction, you may request:

• Access to your personal data 
• Correction or deletion 
• Restriction of processing 
• Data portability 
• Withdrawal of consent 
• Objection to processing 
• A copy of a BAA (if applicable)
   

Submit requests at: privacy@acute-techsolutions.com

13. Children’s Privacy

ATSI does not intentionally collect personal information from children under 13 (or 16 where applicable).

14. Third-Party Websites

Links to external sites are not under ATSI control. Review their privacy policies prior to use.

15. Changes to This Policy

We may update this Privacy Policy periodically. Changes take effect upon posting.

16. Contact Information

Acute Technology Solutions, Inc.
Pembroke Pines, FL 33028
Email: privacy@acute-techsolutions.com