Effective as of March 12, 2021
1. What Is Personal Information?
“Personal Information” is information that identifies or relates to a particular individual. Examples of Personal Information include, among others, name, email address, phone number, mailing address, and online identifiers.
2. How We Use Personal Information
We use Personal Information for purposes including :
- Providing our Site and Services to you;
- Analyzing, administering, and improving the Site and Services;
- Enabling secure use of the Site and Services;
- Billing and payment (including processing payments) for Services;
- Sending information and promotional materials;
- Protecting our rights or our property;
- Meeting legal obligations; and
- For other purposes related to the reasons for which you provide Personal Information.
3. Types Of Personal Information We Collect And Use
A. Information that You Provide Us
In various places on the Site and Services, we request information from you via forms. The exact information we need to collect (including Personal Information) will depend on the purpose of the form. For example, when you open an account on the Site (“Account”), we collect your name, email address, and phone number. As another example, if you purchase services from your provider through the Site, we may collect payment information (e.g., credit/debit card numbers, expiration date, and CVV); information about your health; and behavioral information (e.g., eating habits, mood and demeanor information, etc.). We will indicate on the form whether a particular field of information is mandatory or optional. If you choose not to provide certain information, we may not be able to provide requested services.
B. Information We Automatically Collect from You
We collect the following types of information automatically through your use of the Site and Services:
Cookies, Device Identifiers, and Similar technologies
Most browsers provide you with the ability to block, delete, or disable cookies, and your mobile device may allow you to disable transmission of unique identifiers and location data. If you choose to reject cookies or block device identifiers, some features of the Site and Services may not be available or some functionality may be limited or unavailable. Please review the help pages of your browser or mobile device for assistance with changing your settings.
To assist us with analyzing our website traffic through cookies and similar technologies, we use analytics services, including Google Analytics. For more information on Google Analytics’ processing of your information, please see “How Google uses data when you use our partners' sites or apps.”
Log File Information
When you use our Site, our servers automatically record information, including your Internet Protocol address (“IP Address”), browser type, referring URLs (e.g., the site you visited before coming to our Site), domain names associated with your internet service provider, information on your interaction with the Site, and other such information (collectively, “Log File Information”). We may also collect similar information from emails sent to you which then help us track which emails are opened and which links are clicked by recipients.
We use Log File Information collected from our implementation of the Site to help secure the Site by identifying potential threats and vulnerabilities and in analyzing the effectiveness of our Site to improve the Site’s function and content.
4. Disclosure of Personal Information
Providers. The Site and Services support the treatment relationship between you and your Provider. For us to provide our Services, we must confidentially disclose Personal Information to your Provider and/or your Provider’s third-party service providers. Our use and disclosure of any Personal Information collected on behalf of the Provider, including PHI, is limited in accordance with applicable privacy laws and our agreements with the Provider.
Financial Institutions. When you make payments or request a statement through the Site or through our Services, we may provide your Personal Information to your bank, credit card company, or other financial institution (“Financial Institutions”) in order to process such payments or statements. Our use and disclosure of any Personal Information to Financial Institutions is limited in accordance with applicable privacy laws and our agreements with the Financial Institutions.
Our Service Providers. We engage service providers to perform tasks on our behalf and to assist us in operating the Site and Services or providing our products and services. For example, Healthie may use third-party vendors and hosting companies to provide the necessary hardware, software, networking, storage, and related technology required to operate the Site and Services. We may store encrypted database backups off site with a third-party storage provider to ensure data security in the case of an emergency or catastrophe. We take commercially reasonable steps to help ensure our service providers provide at least the same level of protection for Personal Information as we do.
Companies Involved in Mergers and Acquisitions Transactions. If we sell or otherwise transfer part or the whole of our business or assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, or liquidation), any information collected through the Site and Services, including Personal Information, may be among the items sold or transferred.
Law Enforcement, Government Agencies, and Courts. We may disclose Personal Information at the request of law enforcement or government agencies; in response to subpoenas, court orders, or other legal process; to establish, protect, or exercise our rights; to defend against a legal claim; to protect the rights, property, or safety of any other person; or as otherwise required by law.
5. How We Protect the Confidentiality of Personal Information
We protect the confidentiality and security of Personal Information we obtain in the course of business. We use commercially reasonable safeguards, such as industry-standard encryption technology, to help keep the Personal Information collected through the Site and Services secure.
Despite these efforts to store Personal Information in a secure operating environment, we cannot guarantee the security of Personal Information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to Personal Information. We do not represent or warrant that Personal Information about you will be protected against, loss, misuse, or alteration by third parties.
6. Retention and Deletion
We will only retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. In some circumstances, we may de-identify, aggregate, or otherwise anonymize your Personal Information consistent with applicable laws and industry standards so that it can no longer be associated with you, in which case it is no longer treated as Personal Information. It is our policy to retain Personal Information for ten (10) years once such Personal Information is no longer necessary to deliver the Services and to delete such Personal Information thereafter. This means that, if you close your account with us, we will delete Personal Information associated with your account after ten (10) years. Regarding other types of information we collect as described in this policy it is our policy to retain such information for ten (10) years and to delete such Personal Information thereafter.
7. Accessing, Updating, or Deleting Personal Information
If you would like to otherwise access, update, or delete Personal Information about you, you may submit a request to firstname.lastname@example.org. We will promptly review all such requests in accordance with applicable law.
If you are a resident of California or the European Union, please see the information below in Section 10 (California Residents) and Section 11 (EU Residents) for more information regarding your rights.
8. Opting Out of Receiving Electronic Communications
With your permission, we may send notifications, promotions, or other information via email or text message (“Communications”). You may choose to stop receiving Communications by indicating your preference in your account profile or settings. Please note that certain Site and Services-related Communications are necessary for the proper functioning and use of the Site and Services (e.g., to verify the phone number associated with your account) and you may not have the ability to opt out of those Communications.
9. International Use of the Site and Services
If you are using our websites from outside the United States, please be aware that Personal Information may be collected, stored, and processed in the United States. If we transfer Personal Information internationally, we take steps to provide adequate safeguards, such as entering into standard contractual clauses (as approved by the European Commission) with our service providers. For such international transfers of Personal Information, we have adopted reasonable physical, technical, and organizational safeguards against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, access, use, or processing of the Personal Information in our possession that substantially mirror protections available to users located within the United States. Please be aware that the data protection laws of the United States might not be as comprehensive as those in your country.
10. California Residents
This section applies to our collection and use of “Personal Information” as defined under California law, if you are a resident of California.
A. Categories of Personal Information Collected, Used, and Disclosed
In accordance with California law, we collected the following categories of Personal Information within the preceding twelve (12) months:
- Identifiers such as your name, email address, IP address, and online identifiers;
- Certain categories of Personal Information described in subdivision (e) of California Civil Code Section 1798.80;
- Internet or other electronic network activity information, including information on your usage of our Website (“Usage Information”);
- Information used to create a profile about a consumer reflecting the consumer’s preferences or behavior;
- Location data such as the GPS coordinates of a mobile device;
- Commercial information, including records of products or services purchased or other purchasing histories; and
- Professional or employment-related information.
We share each of these categories of Personal Information with our service providers to the extent necessary for them to facilitate our business purposes (including any purpose specified in Section 2, above).
Additionally, within the past twelve (12) months, some of our online advertisers may have used and disclosed Usage Information collected automatically from the Service. This may be a “sale” as broadly defined under the CCPA. Therefore, we provide you the right to opt out of this “sale” of Personal Information as described, below.
B. Your California Privacy Rights
If you are a resident of the California, you have the following rights:
Right to Know. You may have the right to request information on the categories of personal information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such personal information is collected and shared. You also have the right to request information on the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your personal information.
Right to Delete. You may have a right to request us to delete Personal Information that we collected from you.
Right to Opt-Out. You have a right to opt-out of certain disclosures of Personal Information to third parties, if such disclosures constitute a “sale” under California law. As noted above, in the past twelve (12) months we enabled advertisers to collect certain information from the Site and Services, which the advertisers may use to improve their interest-based advertising networks. Regardless of whether this is a “sale,” you may opt-out of interest-based advertising as described in Section 3(B), above.
If you would like to exercise your rights listed above, please contact (or have your authorized agent contact) us at email@example.com. When doing so, please tell us which right you are exercising and provide us with contact information to direct our response.
We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
You have a right not to receive discriminatory treatment by any business when you exercise your California privacy rights.
11. Individuals in the EU
In this section, we provide additional information relating to how we process Personal Information of individuals in the EU, in accordance with the General Data Protection Regulation (GDPR). If you need more information or would like to exercise your rights under the GDPR, you may contact us at firstname.lastname@example.org.
A. Basis for Processing
- Where we need Personal Information to perform a contract with you;
- Where the processing is in our legitimate interests (including the purposes described, above, in Section 3);
- Where the processing is necessary for us to meet our applicable legal obligations; or
- If we otherwise have your consent.
B. Your Privacy Rights
Depending on applicable law, you may have the right to:
Request access to Personal Information about you.
Request correction of the Personal Information that we hold about you.
Request erasure of Personal Information about you. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of Personal Information about you where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
Request restriction of processing of Personal Information about you. You can ask us to suspend the processing of Personal Information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of Personal Information to you or to a third party.
Withdraw consent at any time where we are relying on consent to process Personal Information about you.
If you wish to exercise any of these applicable rights, please contact us at email@example.com.
Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we have violated any of the rights concerning Personal Information. We encourage you to first reach out to us at firstname.lastname@example.org, so we have an opportunity to address your concerns directly before you do so.
C. Our EU Representative
You may contact our EU representative at email@example.com with the subject line “EU Representative Contact Request.”
12. Children’s Privacy
We do not knowingly collect or solicit any Personal Information from children. In the event that we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information.
13. Other Websites and Sites, Including Social Media
We are not responsible for the practices employed by any websites or services linked to or from our Site and Services, including the information or content contained within them. A link to a third party’s website should not be construed as an endorsement. We encourage you to investigate and ask questions before disclosing Personal Information to third parties.
15. How to Contact Us