Privacy Policy

This notice describes the privacy policy of the Symbify Unified Referral System (“Symbify”).  Symbify is administered by We Are IT, operating on behalf of Ngage New Mexico (“Ngage”).  We Are IT administers Symbify on behalf of participating organizations and programs that are listed in the Share New Mexico resource directory - located at https://sharenm.org.  We Are IT may amend this Symbify Privacy Policy at any time, and will maintain record of any changes made, as well as post new versions on the Symbify website located at https://www.symbify.net/privacy-policy.

This notice applies to the personal information of individuals whose personal data is collected or maintained in electronic formats on Symbify. 

In relation to this personal information, users entering data in Symbify:

  • Collect personal client information only when appropriate or required by participating entities providing services;
  • May use or disclose information in order to facilitate service delivery;
  • May also use or disclose information to comply with legal requirements or other obligations as described in the notice;
  • Will not disclose personal information without written consent unless specifically stated within the notice; and
  • Assume that, unless stated otherwise, persons applying for or receiving services from one of the Symbify participating agencies agree to allow users of Symbify to collect, use, or disclose information as described in this notice.

Each person providing personal information may:

  • Inspect his/her personal information this is maintained in Symbify, with the exception of case notes;
  • Ask the agency entering data for Symbify to correct inaccurate or incomplete information within the record;
  • Ask about Symbify privacy policies or practices;
  • File a grievance regarding Symbify’s privacy policies and practices. We Are IT will respond to questions and compaints;
  • Request a copy of this full notice for more details.

A.  What this notice covers

  • This notice describes the privacy policy and practices of Symbify, administered by We Are IT, which is a social enterprise of Ngage New Mexico. We Are IT’s main office is located at 3880 Foothills Rd, Ste A, Las Cruces NM 88011.  We Are IT’s phone number for purposes of Symbify is (575)521-0111.  Information about Symbify is on the Symbify website located at: https://www.symbify.net

  • The policy and practices in this notice cover the processing of protected personal client information by users of Symbify within participating agencies. This notice covers all personal information policies set forth by We Are IT in its role as the administrator of Symbify.  Symbify participating agencies may have additional privacy policies on information entered and accessed by users.

  • Protected Person Information (PPI) is any information Symbify maintains about a client that:

  • Allows identification of an individual directly or indirectly; and

  • Can be manipulated by a reasonably foreseeable method to identify a specific individual; Or

  • Can be linked with other available information to identify a specific client.

When this notices refers to personal information, it means PPI.

  • We Are IT and each participating agency in Symbify have adopted this policy in accordance with policies and practices that are consistent with industry standard best practices. These policies are also consistent with requirements outlined in other applicable state and local laws.
  • This notice informs clients, staff, contractors, Symbify participating agency users, funders, and others how personal information is processed by Symbify.
  • We Are IT may ament this notice and change the policy or practices at any time. Amendments may affect personal information that Symbify participating agencies obtained before the effective date of the amendment.  Any changes to this privacy policy will be posted as a notice at https://www.symbify.net/privacy-policy.
  • We Are IT and/or Symbify participating agencies will provide a written copy of this notice to any individual or organization that request one. We Are IT also maintains a copy of this notice on the Symbify website located at https://www.symbify.net/privacy-policy.

B.  How and Why We Collect Personal Information

  • We Are IT (including We Are IT’s contractors), Ngage programs and partner agencies, and Symbify participating agencies may collect and/or maintain personal information for some or all of the following purposes:

  • To provide or coordinate services to clients;

  • To locate other programs that may be able to assist clients;

  • To carry out administrative functions, including legal, audit, personnel, oversight, contract monitoring, program evaluation, and other management functions;

  • To comply with government and Funder reporting obligations;

  • For research, data analysis, and community reporting purposes, including reporting to the SUCCESS Partnership In Education to inform policy decisions; and

  • When required by law.

  • We Are IT (including We Are IT’s contractors), Ngage, and Symbify participating agencies use only lawful and fair means to collect and/or maintain personal information.

  • By seeking assistance at one of the Symbify participating agencies and providing personal information, it is assumed that a person consents to the collection of information as described in this notice and that the collected information may be entered into Symbify.

  • We Are IT (and We Are IT’s contractors), Ngage, and Symbify participating agencies may also obtain information about those seeking services from:

  • Other individuals who are accompanying the person seeking services, such as a guardian, caretaker, or advocate;

  • Referring organizations and/or service providers (with proper consent);

  • We Are IT’s contractors, Ngage, and/or Symbify participating agency users that are providing services.

  • Symbify participating agencies are required to post a sign at their intake desks or offices explaining the reasons personal information is requested. Symbify participating agencies may have additional policies not required by We Are IT that they must follow, but at a minimum, they must adhere to this Notice.  While Symbify participating agencies are required to adopt their own privacy policies and postings for data collection unrelated to Symbify, We Are IT provides a posting template to Symbify participating agencies which reads:

 

Privacy Posting

Symbify Unified Referral System

 

**This agency is a participant in the Symbify Unified Referral System, a computerized system that collects and stores basic information about the persons who receive services from this Agency.  The goal of Symbify is to assist us in meeting your needs and to provide a record for evaluating the effectiveness of referrals made through the system.  **

 

We only collect information that is needed to provide you services, or that we consider relevant to helping us understand the scope and dimensions of your needs during the referral process in order to design effective service delivery.  We do not use or disclose your information without your consent, except when required by our funders or by law, or for specific administrative or research purposes outlined in our privacy policy.  By requesting and accepting referral services from this project, you are giving consent for us to enter your personal information into Symbify.

 

The collection and use of all personal information is guided by strict standards of confidentiality as outlined in our privacy policy.  A copy of our agency’s Privacy Policy and a copy of the Symbify Privacy Policy is available upon request for your review.

C.  Usage and Disclosure of Personal Information

  • We Are IT (and We Are IT’s contractors), Ngage, and Symbify participating agencies may use or disclose personal information for the following purposes:

  • To provide or coordinate services for individuals to help them meet certain needs. Symbify may be used to share portions of client records (with consent) with Symbify participating agencies that, at a minimum, must adhere to this notice and may have additional privacy policies and that may allow different uses and disclosures of the information;

  • To carry out administrative functions, such as legal, audit, personnel, oversight, contract monitoring, program evaluation, and other management functions;

  • When required by law to the extent that use or disclosure complies with and is limited to the requirements of the law;

  • To avert a serious threat to health or safety if:

  • It is believed in good faith that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public, and

  • The use or disclosure is made to a person reasonably able to prevent or lessen the threat, including the target of the threat.

  • To report about an individual that We Are IT (and We Are IT’s contractors), Ngage, or a Symbify participating agency reasonably believes to be a victim of abuse, neglect, or domestic violence to a governmental authority (including a social service or protective services agency) authorized by law to receive reports of abuse, neglect, or domestic violence under any of the following circumstances:

  • Where the disclosure is required by law and the disclosure complies with and is limited to the requirements of the law;

  • If the individual agency agrees to the disclosure; or

  • To the extent that the disclosure is expressly authorized by statute or regulation; and

  • We Are IT (and We Are IT’s contractors), Ngage, or a Symbify participating agency believes the disclosure is necessary to prevent serious harm to the individual or other potential victims; or

  • If the individual is unable to agree because of incapacity, then a law enforcement or other public official authorized to receive the report must represent that the PPI for which disclosure is sought is not intended to be used against the individual, and must represent that an immediate enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure; and

  • When We Are IT (and We Are IT’s contractors), Ngage, or a Symbify participating agency makes a permitted disclosure about a victim of abuse, neglect, or domestic violence, We Are IT, Ngage, or the Symbify participating agency will promply inform the individual who is the victim that a disclosure has been or will be made, except if:

    • In the exercise of professional judgement We Are IT, Ngage, or the Symbify participating agency believes informing the individual would place the individual at risk of serious harm, or
    • We Are IT, Ngage, or the Symbify participating agency would be informing a personal representative (such as a family member or friend) and reasonably believe the personal representative is responsible for the abuse, neglect, or other injury; such that informing the personal representative would not be in the best interests of the individual as We Are IT determines in the exercise of professional judgement.

  • To a law enforcement official for a law enforcement purpose (if consistent with applicable law and standards of ethical conduct) under the following circumstances:

  • In response to a lawful court order, court-ordered warrant, subpoena or summons issued by a judicial officer, or a grand jury subpoena;

  • If the law enforcement official makes a written request for PPI that:

  • Is signed by a supervisory official of the law enforcement agency seeking the PPI;

  • States that the information is relevant and material to a legitimate law enforcement investigation;

  • Identifies the PPI sought;

  • Is specific and limited in scope to the extent reasonably practicable in light of the purpose for which the information is sought; and ;

  • States that de-identified information could not be used to accomplish the purpose of the disclosure.

  • If it is believed in good faith that the PPI constitutes evidence of criminal conduct that occurred on the premises of a Symbify participating agency;

  • In response to a written request as described above for the purpose of identifying or locating a suspect, fugitive, material witness or missing person and the PPI disclosed consists only of name, address, date of birth, and distinguishing physical characteristics; or

  • If the official is an authorized federal official seeking PPI for the provision of protective services to the president or other persons authorized by 18 U.S.C. 3056, or to foreign heads of state or other persons authorized by 22 U.S.C. 2709(a)(3), or for the conduct of investigations authorized by 18 U.S.C. 871 and 879 (threats against the President and others); and if the information requested is specific and limited in scope to the extent reasonably practicable in light of the purpose for which it is sought.

  • We Are IT and Ngage may use or disclose personal information for activities set forth below and for activities We Are IT determines to be compatible with such activities. We Are IT assumes that you consent to the use or disclosure of your personal information for such purposes.

  • To carry out maintenance and operation of Symbify;

  • To create de-identified (anonymous) information that can be used for research and statistical purposes without identifying clients.

  • For academic research purposes, release of PPI will be allowed if research is:

  • Conducted by an individual or institution that has or enters into a formal relationship with We Are IT and/ or with Ngage, if the research is conducted by either:

    • An individual employed by or affiliated with the organization for use in a research project conducted under a written research agreement approved in writing by We Are IT and/or Ngage, (other than the individual conducting the research); or
    • An institution for use in a research project conducted under a written research agreement approved in writing by We Are IT and/or Ngage; and

  • The formal relationship is contained in a written research agreement that must:

    • Establish rules and limitations for the processing and security of PPI in the course of the research;
    • Provide for the return or proper disposal of all PPI at the conclusion of the research;
    • Restrict additional use or disclosure of PPI, except where required by law;
    • Require that the recipient of data formally agree to comply with all terms and conditions of the agreement;

  • The written research agreement is not a substitute for approval (if appropriate) of a research project by an Institutional Review Board, Privacy Board, or other applicable human subjects protection institution

  • Before We Are IT, Ngage, or the Symbify participating agencies make any use or disclosure of your personal information that is not described herein and above, we will seek your consent.

D.  How to Inspect and Correct Personal Information

  • Clients may inspect and have a copy of their PPI that is maintained in Symbify, with the exception of case notes. We Are IT, Ngage, and/or the Symbify participating agency, will respond to any such request made by a client within a reasonable time frame, usually 2-3 business days. Symbify participating agency staff will offer to explain any information in the file. For data that is maintained by We Are IT as the administrator of Symbify but was not entered by the We Are IT staff or contractors, We Are IT may require that the request for inspection be managed through the Symbify participating agency that entered the information.

  • We Are IT, Ngage, and/or the Symbify participating agency will consider requests for correction of inaccurate or incomplete personal information from clients. If We Are IT, Ngage, and/or the Symbify participating agency agrees that the information is inaccurate or incomplete, the personal information may be deleted or supplemented with additional information.

  • To inspect, get a copy of, or ask for correction of personal information, a client can contact any Symbify participating agency staff member at the Symbify participating agency at which he or she received services. The appropriate Symbify participating agency staff member will be located to assist with the review and/or correction of the file within a reasonable time period, usually 2- 3 business days.

  • We Are IT, Ngage, and/or the Symbify participating agency may deny a direct request for inspection or copying of personal information if:

  • The information was compiled in reasonable anticipation of litigation or comparable proceedings;

  • The information is about another individual;

  • The information was obtained under a promise of confidentiality and if the disclosure would reveal the source of the information; or

  • Disclosure of the information would be reasonably likely to endanger the life or physical safety of any individual.

  • If a request for access or correction is denied, the organization that denies the request (We Are IT, Ngage, and/or the Symbify participating agency) will explain the reason for the denial. We Are IT, Ngage, and/or the Symbify participating agency will also include, as part of the personal information that is maintained, documentation of the request and the reason for the denial.

  • We Are IT, Ngage, and/or the Symbify participating agency may reject repeated or harassing requests for access or correction

E.  Data Quality

  • Symbify collects only personal information that is relevant to the purposes for which it plans to use it or as required for reporting to our Funders. To the extent necessary for those purposes, Symbify seeks to maintain only personal information that is accurate, complete, and timely.
  • We Are IT may implement a plan to dispose of personal information not in current use seven years after the information was created or last changed. As an alternative to disposal, We Are IT may choose to remove identifiers from the information so that the data can be maintained for analysis purposes.
  • We Are IT may keep information for a longer period if it chooses or if it is required to do so by statute, regulation, contract, or other requirement.

F.  Complaints and Accountability

  • We Are IT, on behalf of Symbify, accepts and considers questions or complaints about Symbify’s privacy and security policies and practices. To file a complaint or question, a person should do the following:

  • If the complaint is about one of the Symbify participating agencies using Symbify, the client should first follow the questions and/or grievance procedure of that organization. If the grievance cannot be resolved at the Symbify participating agency level, the question/complaint should be addressed to We Are IT in writing or in person for resolution. We Are IT’s main office is located at 3880 Foothills Rd, Ste A, Las Cruces NM 88011. We Are IT’s phone number for purposes of Symbify is (575) 521-0111;

  • If the complaint is received by We Are IT, in writing or in person, about a Symbify participating agency or about an internal program, it will be reviewed by the staff responsible for administering Symbify first. If the question or complaint cannot be resolved at that level it will be brought to the attention of Symbify’s General Counsel;

  • All members of We Are IT (including employees, volunteers, affiliates, contractors and associates), Ngage, and Symbify participating agencies are required to comply with this notice. Each individual with access to Symbify must receive and acknowledge receipt of a copy of this notice and pledge to comply with this notice in writing.

G.  Privacy Policy Change History

Each copy of this notice will have a history of changes made to the document. This document’s change history is as follows:

  • Version 1 – 01/27/2021 - Initial Policy