Privacy Policy

  1. Purpose of This Privacy Policy And Consent.

This Privacy Policy explains how information is collected, used and disclosed by ravkoo Health Inc. (ravkoo) with respect to your access and use of our Services through our website located at https://ravkoohealth.com/ (“Site”) and our mobile application (“App”).  To make this Privacy Policy easier to read, the Site, our services and App are collectively called the “Services.”  This Privacy Policy doesn’t apply to any third-party websites, services or applications that can be accessed through our Services.

By using and/or consenting to you and your Authorized Provider’s (as defined in our Terms and Conditions) use of our services, you consent to the collection, use and disclosure of your Personal Information and your Personal Health Information (each as defined below) in accordance with this Policy.  We strongly recommend that you read this Policy carefully and retain it for future reference.  This Policy may change from time to time (see Section 13 “Changes to this privacy policy” below).  For this reason, please check this Policy periodically for updates.  Your continued use of our Website, App, and/or any of our Services, as defined in our Terms and Conditions, after we make changes to this policy, indicates that you accept and consent to those changes.  We will notify you in advance of any material changes to this Policy and obtain your consent to any new ways that we collect, use and disclose your Personal Information or Personal Health Information.

The application of this Policy is subject to applicable laws, regulations, and the orders or lawful requests of courts or legal authorities.

We take commercially reasonable steps to protect the integrity and confidentiality of personally identifiable and health information that you may share with us.  We comply with the HIPAA security rule for administrative, technical, and physical security safeguards and have third party assessments of our controls performed annually.  However, please be aware that no security measures are perfect or impenetrable and we cannot guarantee the absolute security of your information. 

We will do our part to protect your information, but it is important for you to protect your information as well.  Additionally, we do not control the actions of anyone with whom you or any other ravkoo user may choose to share information.  As such, you should be cautious about the access you provide to others when using ravkoo, and the information you choose to share when using the ravkoo Services.

  1. Categories of Information We May Collect From You.

Personal Information

“Personal Information” is anything that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, to you.  Examples of Personal Information include your:

Personal Information we collect might include, but is not limited to, your name, email address, telephone number, sex, date of birth, marital status, physical or emotional characteristics, bank account number, any identifier we may use to contact you, other personally identifiable information that you may choose to add to your User account profile in our App, records, and copies of your correspondence with us and with your Authorized Provider through our App.

Protected Health Information

“Protected Health Information” is a subset of Personal Information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). As stated above, we may receive Protected Health Information about you from Authorized Providers and the information you provide to us in connection with Services (such as the specific ravkoo MD services that you may receive from a ravkoo Health Authorized Provider) may be Protected Health Information.

Non-Personal Information

“Non-Personal Information” means information that does not permit us to identify, contact or locate you. For example, your device model number and manufacturer, and state of residence are Non-Personal Information unless linked to your Personal Information. If we combine or link your Non-Personal Information with Personal Information (such as combining your name with your device model), we will treat the combined information as Personal Information so long as it is combined.

  1. Information We Collect from You Automatically.

Cookies and IP Addresses

The Services may use “cookie” technology and similar technology to gather information from our visitors such as which pages are used and how often they are used, and to enable certain features on the Services.  In some jurisdictions, this is considered Personal Information.

We may collect information about your activities on our Services using technologies such as cookies, including third party cookies, web beacons, JavaScript code, HTML 5 databases, and server log files. The information we collect using these means may include your Media Access Control (MAC) address, operating system and version, screen resolution, device manufacturer and model, language, Internet browser type and version, the version of the Services you are using, the date and time you access the Services, pages visited, time spent on the Services, general location information, and other activity data. This information is automatically generated. Our third-party business partners and we may use this information to provide you with an optimal experience.

Your “IP Address” (a number that is automatically assigned to the computer or other device that you are using by your internet service provider) may be identified and logged automatically in our server log files whenever you access the Services, along with the time of the visit and the page(s) that were visited.  IP Addresses are automatically collected by many websites, applications, and other services.  We may use IP Addresses for purposes such as calculating usage levels of the Services, helping diagnose server problems, and administering the Services.

Location Information

“Location Information” is a subset of Personal Information that can be used to locate the device you use to access the Services.  Location Information may include: (i) with your consent, the location of the device you used to access the Services; (ii) the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user.  If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or delete the Apps.  Please note that disabling the location setting may affect certain features of the Services.

Usage Data

“Usage Data” is information that we automatically collect about your use of the Services and your device.  This type of information does not usually, by itself, uniquely identify an individual, and may include your web browser and operating system, device model and manufacturer, and your activity on the Services.  If Usage Data is combined with or linked to Personal Information, then we treat it as Personal Information.  If the Usage Data cannot be used to identify, contact or locate you, then it is Non-personal Information and will not be treated as Personal Information.

Do Not Track

Some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked.  Presently, the Services do not respond to “Do Not Track” signals and, consequently, the Services will continue to collect information about you even if your browser’s “Do Not Track” feature is activated.  The only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or mobile device to delete and disable cookies and other tracking/recording tools.

  1. Third-Party Service Providers.

ravkoo uses a third-party service provider, Amazon Web Services (“AWS”) to host servers; track and prevent errors in our software; and to send, receive and track emails and User login invitations.  These third-party service providers may have access to Personal Information and Personal Health Information as an incidental result of the services provided by such third parties to ravkoo, but the access of such third parties to such information is strictly controlled in accordance with the safeguards detailed below.

While using our platform, you may choose to authorize ravkoo and its third-party contractors or affiliates to retrieve and disclose your health records and protected health information.  These records may not be a complete 100% comprehensive record, and these records may not be useful for diagnostic purposes.  These health records will be shared with Authorized Providers to ensure great healthcare services.  ravkoo does not alter or modify medical records received from its third parties.  If at any time you wish to revoke this authorization, you may do so by deleting your profile on the ravkoo app.

  1. Information Provided By Your Authorized Provider.

Your Authorized Provider may record in our Platform, information such as interactions with you, test results, evaluations, records and notes consistent with treatment and other information related to your mental health. By using our Platform, you agree that your chosen Authorized Provider are authorized to disclose your Personal Information and Personal Health Information to us.

  1. Purpose for Collecting Information.

We may use information you provide for various purposes, which include:

  • Providing you the Services and Fulfilling Your Requests: registering you, administering your account, and providing you the information, products, and services that you request.  For example, we respond to your questions when you contact us and assist with any problems you report about our Services;
  • Communicating with You.  For example, sending you information and promotional materials that we think might be of interest to you.  You may unsubscribe from receiving marketing emails from us by using the unsubscribe link in the marketing email or by sending an email to support@ravkoohealth.com
  • Providing, Maintaining, and Improving Our Business: Improving the functionality of our Services, such as data analysis, audits, developing new products, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities;
  • Enhancing Your Experience: Personalizing and enhancing your experience when you use the Services, such as tailoring content and advertising and remembering your preferences.
  • Legal and Other Business Purposes: Taking any action that we believe to be necessary or appropriate: (a) to investigate, prevent, and detect illegal activities; (b) under applicable laws, including laws outside your country of residence; (c) to comply with legal process; (d) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (e) to enforce our Terms of Use and Privacy Policy (f) to protect our operations or those of our affiliates; (g) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; (h) to detect, investigate, and prevent fraudulent transactions and other illegal activities, and to authenticate and confirm your identity when you return to the Services; and (i) to allow us to pursue available remedies or limit the damages that we may sustain;
  • Combine with Other Information: Linking or combining with information we get from other sources to help understand your needs and provide you with a better experience; and
  • At Your Direction: Carrying out any other purposes specifically disclosed at the time we request your information

We may also de-identify your information or aggregate your information with other users of the Services (“Aggregate Information”).  This Aggregate Information is not Personal Information, because it cannot be used to identify you and may be used by us for any lawful purpose.  If Aggregate Information is re-identified, it will be treated as Personal Information.

  1. Who We May Share Information With.

We may share your information with other parties for various business purposes:

  • Among our Affiliates:We may share your Personal Information internally among our business units, affiliates, parents, and subsidiaries.
  • Business Associates: We may also disclose Protected Health Information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. All business associates are obligated to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.
  • With Vendors: We may share your information with our vendors (including third party hosting providers) that provide services on our behalf, such as for online account access, email marketing, advertising, promotions, newsletters, and hosting for the Services.
  • With Authorized Providers to Provide Services: We may share your information with our Authorized Providers for whom we provide services or to provide you our Services, and generally to improve our service offerings.
  • In the Event of a Corporate Transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose your information to the party or parties of such transaction.
  • For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others or when otherwise required by law, regulation, subpoena, or court order, or if necessary to protect our rights.
  • At Your Direction: We will share your information with third parties if and when you direct us to. For example, if you request that we share your information with one of our business partners to take advantage of a product or service that partner offers, we will share your information with that business partner.

ravkoo does not sell any Personal Information we collect about you.  We may, however, share Aggregate Information about our users in all legally permissible ways.

  1.   How We Protect Your Personal Information and Personal Health Information.

The safety and security of your Personal Information and Personal Health Information is very important to ravkoo.  While we cannot guarantee complete protection of your Personal Information or Personal Health Information, we follow commercially reasonable practices to protect Personal Information and Personal Health Information collected from you against accidental loss and unauthorized access, use, alteration, disclosure, and destruction. 

We store all Personal Information and Personal Health Information with AWS.  AWS is responsible for the hosting and security of all servers, databases and applications in a secure cloud and AWS is certified as compliant with ISO Standard 27018 Code of Practice for personal identifiable information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the ISO Standard also includes the right to audit AWS for compliance.

When you purchase our App, Braintree may collect your credit card information (“Payment Information”) to process your payments on our behalf. 

For more information on Braintree and how it stores your Personal Information, visit Braintree’s Terms and Conditions and Privacy Policy.

Because the transmission of information via the Internet is not completely secure, any transmission of Personal Information or Personal Health Information is at your own risk.  Although we maintain security measures to maintain the integrity of the data in our care, including the encryption of all Personal Information and Personal Health Information, while in transit or at rest, we are not responsible for circumvention of any of our privacy settings or security measures.  Your Personal Information and Health Information may be transmitted over various networks and may be subject to changes to confirm and adapt to technical requirements of connected networks or devices. We urge you to be cautious about giving out information in any public areas of our Platform.

Safeguard measures to ensure authorized access to your account on our Platform include the use of a username and a password for authentication.  You are responsible for keeping your personal password and username private.  Please contact us immediately if you believe that your password has been compromised or misused.

Access to private, sensitive and confidential information, including your Personal Information and Personal Health Information, is restricted to ravkoo, Authorized Providers, and other independent contractors or employees of ravkoo, who are required to abide by our privacy standards. 

Our Services may contain links or references to other websites and services owned or operated by third parties.  These third-party platforms and websites are not governed by this policy.  This policy does not extend to the collection of information by third parties, and we are not responsible for the privacy practices, policies, or actions of third parties.  When visiting third-party websites or platforms, you do so at your own risk, and you assume all responsibility associated with the same.  We encourage you to review the privacy policies and terms and conditions of each website and platform visited prior to using them or disclosing information to third parties.

  1. Opting out of Marketing Communication.

You may opt out of receiving email marketing by unsubscribing using the unsubscribe link provided in all of our marketing email communications.

  1. Advertising and Analytics Services Provided By Others.

We may allow others to provide analytics services and serve advertisements on our behalf across the Platform.  These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information.  This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests in our Services and other websites, and better understand your online activity.  For more information about interest-based ads, or to opt out of having your web browsing information used for behavioral advertising purposes, please visit www.aboutads.info/choices.  We may also work with third parties to serve ads to you as part of a customized campaign on other websites or platforms. To opt out of having information about you used in this way, please email us at support@ravkoohealth.com.

  1. Online Privacy Policy for Children.

ravkoo believes it is particularly important to protect the privacy of minors online.  ravkoo defines a “minor” as any person less than 13 years of age.  ravkoo does not knowingly collect Personal Information about minor users without a parent’s or legal guardian’s permission or knowingly share Personal Information about minor users with third parties without a parent’s or legal guardian’s permission.  If we learn we have received Personal Information directly from a child under age 18, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and will make commercially reasonable efforts to delete such information.

  1. Your California Privacy Rights.

The California Consumer Privacy Act (CCPA), effective January 1, 2020, grants California residents certain privacy rights with respect to their Personal Information.  If you are a California resident subject to the protections of the CCPA, you have the following rights to the extent required by law:

The right to know.   You have the right to know (i) the Personal Information that we collect, use, disclose or sell; and (ii) the categories of Personal Information that we collected about you in the preceding 12 months, the sources for that Personal Information, the business purpose for which that Personal Information was collected, the categories of such Personal Information that was shared or sold, the categories of third parties with whom that Personal Information was shared or sold, and the business purpose for which that Personal Information was shared or sold.

The right to access. You have the right to access a copy of the specific Personal Information that we have collected about you to the extent required under the CCPA. You may request this copy to be delivered either by mail or electronically.

The right to deletion.  You have the right to request that we delete the Personal Information that we or a third party with whom we shared your Personal Information maintain about you to the extent required under the CCPA. There may be circumstances under which we or the third party are unable to delete your Personal Information, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected or we cannot verify your identity. If we are unable to comply with your request for deletion, we will let you know the reason why.

The right to opt out of the sale of your Personal Information. Please note that ravkoo does not and will not sell any Personal Information we collect about you.

The right to equal service. If you choose to exercise any of your rights under the CCPA, we will not discriminate against you in any way. If you exercise certain rights, such as deleting your account, you may be unable to use or access certain features of the Services.

If you are a California resident and would like to exercise any of these rights, please send an email to support@ravkoohealth.com.  An authorized representative may exercise these rights on your behalf so long as they present a power of attorney or other legally binding document evidencing the representative’s authority.  Please note that we will require you or your authorized representative to provide us with certain personal identifiers to verify your/your representative’s identity when your rights are exercised.  Please note further that: (a) if we maintain your Personal Information on behalf of a third party, we may refer you to that third party to exercise your rights; and (b) certain health care providers and information, such as Protected Health Information and “Medical Information” (as defined under California’s Confidentiality of Medical Information Act), may be exempted from the CCPA.  This means that we and certain health care providers may not be required to honor the above rights and instead we comply with our obligations under other laws, such as HIPAA and the Confidentiality of Medical Information Act.  We will respond to a request to exercise rights under the CCPA in accordance with the timeframe and process required under the CCPA.  If we deny a request, we will explain the basis for the denial.

ravkoo does not offer financial incentives or price differences in exchange for retention or sale of Personal Information.

  1. Changes to this Policy.

We reserve the right to amend this Policy at any time.  The Policy posted on our Website and in our App shall be deemed to be the policy in effect.  A current Policy can also be obtained by contacting us.  If we make any material changes to this Policy regarding how we treat your Personal Information or Personal Health Information, we will notify you through a notice on our website and on our App, and/or by email to your last known email address and will obtain your express consent as required under applicable privacy laws.  We also include the date this Policy was last revised at the top of the Policy.  The revised Privacy Policy will supersede all previous versions.  

By continuing to access or use the Services following such changes, you will be deemed to have agreed to such changes.  You are responsible for ensuring that we have an up-to-date, active, and deliverable email address for you and for periodically visiting this Policy to check for any changes. 

  1. Correcting or Updating Information and Withdrawing Consent.

It is important that the Personal Information and Personal Health Information we hold about you is accurate and current.  The accuracy, integrity and completeness of your Personal Information and Personal Health Information you input into our App or allow someone to input into our App on your behalf, is your responsibility.  Please keep us informed if your information changes.  By law, you have the right to request access to and to correct the Personal Information and Personal Health Information that we hold about you.  You may contact us if you would like to review, verify, correct, or withdraw consent to the use of your Personal Information or Personal Health Information.  We may request certain Personal Information for the purposes of verifying the identity of the individual seeking access to their Personal Information or Personal Health Information records. 

We may not accommodate a request to view or change information if we believe that:

  • The identity of the person requesting access cannot be confirmed;
  • The information is not readily retrievable, and the burden or cost of providing it would be disproportionate to the nature or value of the information;
  • The requested information does not exist, is not held or cannot be found;
  • Disclosure of the information would compromise the confidentiality of another individual or threaten the safety of another person; and/or
  • Non-disclosure of the information is required or permitted by law.

Where a request for access to information is made, to protect vulnerable populations, ravkoo reserves the right to verify communications, including with your Authorized Provider, before taking action.  Where a request for access or alteration of Personal Information or Personal Health Information is declined, the individual making the request will be provided with the reason(s) for declining the request, subject to any legal or regulatory restrictions.

  1. Cross Borders Transfers.

The Services are intended for use in the United States of America only.  ravkoo is located in, and operates in, the United States of America (U.S.), and U.S. law governs all matters relating to our services. If you visit our Services or contact us from outside of the U.S., please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the U.S.; and (ii) that by using our Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the U.S. in accordance with U.S. law and this Privacy Policy.

  1. Contacting Us.

ravkoo has appointed a designated privacy contact who acts as Chief Privacy Officer (“CPO”) responsible for information system monitoring and information security policy and procedure management by (i) undertaking privacy impact assessment and threat and risk assessments on a regular basis and (ii) adopting policies and procedures based on privacy impact assessment and threat and risk assessments to mitigate all identified risks, updated as necessary.

A copy of this Privacy Policy may be obtained in an alternate format or language by emailing  support@ravkoohealth.com.  If you have questions about this policy or would like to submit a request, you may contact our CPO by e‑mail at  support@ravkoohealth.com.

If you have any questions on the Facility’s privacy practices or for clarification on anything contained within the Notice, please contact:

ravkoo Health

5908 Breckenridge Pkwy

Tampa, FL 33610

Email Address: support@ravkoohealth.com

Phone: (813) 278-7729

Fax: (813) 944-6356

type your search

The ravkoo Health mobile app is a secure, HIPAA-compliant platform, offering you all essential healthcare services at one place and providing you access to your personal health records. Soon to be available on App Store and Play Store.

ravkoo Notifies Patients of Data Security Incident

Auburndale, Florida: January 3, 2022 – ravkoo recently discovered that a data security incident on ravkoo’s AWS hosted portal may have resulted in the unintentional exposure of personal information. ravkoo sent notification of this incident to potentially impacted individuals and has provided resources to assist them.  Please be assured that ravkoo takes the protection and proper use of personal information very seriously, and we sincerely apologize for any inconvenience this may cause.

What Happened:  ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, ravkoo detected that this portal was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate the portal. ravkoo immediately engaged outside cybersecurity experts to conduct an investigation and to assist in its mitigation, restoration, and remediation efforts.  ravkoo’s responsive forensic investigation subsequently revealed that certain prescription and health information could have been compromised. Notably, we have found no evidence that any individual’s Social Security Number was accessed or compromised as ravkoo does not maintain this information within the impacted portal.  Further, ravkoo does not have any evidence to indicate that any information involved in the incident has been or will be misused as a result of this incident. 

What We Are Doing:  ravkoo worked with forensic experts to assess and increase the security of its AWS hosted portal.  Further, ravkoo reported the incident to the Federal Bureau of Investigation and is committed to assisting the FBI’s investigation into this matter.

As a safeguard, we have arranged for the potentially impacted individuals to enroll in a complimentary, online credit monitoring service provided by Kroll.  With this protection, Kroll will help resolve issues if your identity is compromised.

What You Can Do:  The notification letters that were sent to potentially affected individuals include resources and steps that they can take to help protect their personal and protected health information.  Security recommendations include the following:

  • Credit Report – Obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account.
  • Security Freezes – You have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent.
  • Fraud Alerts – Fraud alerts tell creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts.
  • Monitoring – Remain vigilant and monitor your accounts for suspicious or unusual activity.

Again, at this time, there is no evidence that any sensitive information has been misused.  However, we encourage the potentially impacted individuals to take full advantage of this service offering.  Kroll representatives have been fully versed on the incident and can answer questions or concerns regarding protection of personal information.

For More Information:  Please know that the protection of your personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause you. If you have any questions, please do not hesitate to call Kroll at 1-855-545-2509, Monday – Friday, 9:00am to 6:30pm Eastern Standard Time.

Sincerely,

Alpesh Patel

Alpesh Patel

CEO

Additional Information

Credit Reports: You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free credit report, please visit www.annualcreditreport.com, or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at https://www.consumer.ftc.gov/articles/0155-free-credit-reports ) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.

Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse or a minor under the age of 16, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As of September 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze for children under the age of 16. You may obtain a free security freeze by contacting any one or more of the following national consumer reporting agencies:

Equifax Security FreezeExperian Security FreezeTransUnion Security Freeze
P.O. Box 105788P.O. Box 9554P.O. Box 160
Atlanta, GA 30348Allen, TX 75013Woodlyn, PA 19094
1-800-349-99601-888-397-37421-800-909-8872
https://www.equifax.com/personal/credit-report-services/credit-freeze/www.experian.com/freeze/center
.html
www.transunion.com/credit-
freeze

Fraud Alerts: You can place fraud alerts with the three credit bureaus by phone and online with:

A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years. The phone numbers for all three credit bureaus are at the bottom of this page.

Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.

File Police Report: You have the right to file or obtain a police report if you experience identity fraud. Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide proof that you have been a victim. A police report is often required to dispute fraudulent items. You can generally report suspected incidents of identity theft to local law enforcement or to the Attorney General.

FTC and Attorneys General: You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.

The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338), TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement. This notice has not been delayed by law enforcement.

For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743- 0023, and www.oag.state.md.us.

For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the Fair Credit Reporting Act not summarized here.

Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act at www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.

For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877- 566-7226 or 1-919-716-6400, and www.ncdoj.gov.

For New York residents, the Attorney General may be contacted at Office of the Attorney General, The Capitol, Albany, NY 12224- 0341, 1-800-771-7755, and https://ag.ny.gov/.

For Rhode Island residents, the Rhode Island Attorney General can be reached at 150 South Main Street, Providence, Rhode Island 02903, www.riag.ri.gov, and 1-401-274-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident.