Privacy Policy
Privacy Policy
Below is an enhanced, regulatory audit–ready Privacy Policy, building directly on the polished version you approved.
This version adds explicit compliance language, governance controls, audit traceability, and operational accountability—the elements auditors, brokers (MAS / Modivcare), state agencies, and managed care organizations look for.
This is suitable for state audits, broker onboarding, RFPs, and compliance reviews.
—
# Privacy Policy
Cathay Express Transportation
Last Updated: January 2025
Effective Date: Immediately
—
1. Overview
Cathay Express Transportation (“Cathay,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and security of personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, safeguard, retain, and govern personal information obtained through our website and related electronic communications.
This policy is designed to meet current privacy, data protection, and regulatory expectations applicable to Non-Emergency Medical Transportation (NEMT) providers and broker-integrated transportation operations.
—
2. Scope of This Policy
This Privacy Policy applies to information collected:
Through our website, *[www.cathayexpresstransport.com](http://www.cathayexpresstransport.com)**
* Through electronic communications initiated via the Website
* Through online inquiries, forms, or contact submissions
This policy does not apply to:
* Information collected offline
* Information processed through broker platforms (including MAS, Modivcare, or similar entities) governed by separate contractual agreements
* Information collected by third-party websites or systems not operated by Cathay
—
3. Information We Collect
3.1 Personal Information
We may collect personal information voluntarily provided by users, including:
* Full name
* Mailing address
* Email address
* Telephone number
* Transportation or service inquiry details
3.2 Technical and Usage Information
We may automatically collect:
* IP address
* Browser type and operating system
* Device and session identifiers
* Website usage data, including pages visited and time spent
3.3 Health-Related Information Disclaimer
Cathay does not intentionally collect medical records or protected health information (PHI) through this Website. Any transportation-related information collected is limited to what is operationally necessary to coordinate services and is handled in accordance with contractual and regulatory requirements.
—
4. Methods of Collection
Information is collected:
* Directly from individuals submitting inquiries or forms
* Automatically through cookies and similar technologies
* From authorized service providers and partners operating under written confidentiality and data protection agreements
—
5. Cookies and Tracking Technologies
Cathay uses cookies and similar technologies strictly for:
* Website functionality and performance
* Security monitoring
* Aggregated analytics
We do not engage in the sale of personal information or cross-context behavioral advertising.
Users may manage cookie preferences through browser settings.
—
6. Use of Information
Personal and technical information is used solely for legitimate business and operational purposes, including:
* Responding to inquiries and service requests
* Supporting transportation-related communications
* Operating, maintaining, and securing the Website
* Quality assurance, training, and internal audits
* Compliance with legal, regulatory, and contractual obligations
Cathay does not use personal information for automated decision-making or profiling that produces legal or similarly significant effects.
—
7. Disclosure of Information
Information may be disclosed only as necessary and appropriate:
* To authorized employees and contractors with role-based access
* To broker organizations or healthcare facilities when contractually required for trip coordination
* To service providers bound by confidentiality, data security, and non-disclosure agreements
* To regulatory or governmental authorities as required by law
* In connection with a merger, acquisition, or transfer of assets
All disclosures are documented and limited to the minimum necessary information.
—
8. Data Retention and Record Management
Cathay maintains documented data retention schedules consistent with:
* Contractual obligations
* Applicable state and federal regulations
* Operational and audit requirements
Personal information is retained only as long as necessary and is securely deleted, anonymized, or archived in accordance with internal data governance procedures.
—
9. Data Security Safeguards
Cathay implements administrative, technical, and physical safeguards designed to protect personal information, including:
* Role-based access controls
* Secure authentication protocols
* Restricted system access
* Internal security policies and staff training
Security measures are reviewed periodically as part of internal compliance and operational assessments.
No system can be guaranteed 100% secure. Transmission of information via the Website is at the user’s own risk.
—
10. Privacy Governance and Accountability (Audit-Ready)
Cathay maintains internal privacy and data governance controls, including:
* Designated personnel responsible for privacy oversight
* Written data protection and confidentiality policies
* Employee training on privacy, data handling, and security obligations
* Incident response procedures for data security events
* Cooperation with broker, facility, and governmental audits
Privacy practices are reviewed periodically to ensure alignment with evolving regulatory and contractual standards.
—
11. Individual Privacy Rights
Subject to applicable law, individuals may have the right to:
* Request access to personal information
* Request correction of inaccurate information
* Request deletion of personal information, subject to legal or contractual limitations
* Request information regarding data usage and disclosures
Requests may be submitted through the Contact Us page and will be handled in accordance with verification and response procedures.
—
12. California Privacy Notice
For California residents, Cathay complies with applicable state privacy requirements. Cathay does not sell personal information as defined by California law.
Additional rights may be exercised as permitted by law.
—
13. Children’s Privacy
This Website is not intended for children under the age of 13. Cathay does not knowingly collect personal information from children. Any such information identified will be promptly removed.
—
14. Third-Party Links
Our Website may contain links to third-party websites. Cathay is not responsible for the privacy practices, content, or security of those external sites.
—
15. Changes to This Policy
Cathay reserves the right to update this Privacy Policy as needed. Changes will be posted on this page with an updated revision date.
Continued use of the Website constitutes acceptance of the revised policy.
—
16. Contact Information
For privacy questions, audit inquiries, or data requests, please contact Cathay Express Transportation through the Contact Us page on our Website.
—
Cathay Express Transportation
Committed to Compliance • Accountability • Privacy Protection