Last Revised: February 29, 2020
WHAT INFORMATION DO WE COLLECT?
Name, Contact, and Demographic Data. We may collect information such as your name, date of birth, gender, e-mail address, phone number, billing and physical addresses, and company information. If you are a Registered User, we may also collect your username and password.
Health and Wellness Data. We may also collect certain information related to your wellness background, weight, height, lifestyle information, medication history, healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, images or videos, diagnoses, treatment plans, prescription information, laboratory results, and other health-related information in order to provide the Service (“Health and Wellness Data”). Please see the following section for information regarding the collection of special categories of Personal Data.
Payment and Insurance Data. We may collect payment data and insurance information, such as insurance eligibility and coverage and information regarding your dependents, if applicable, in order to provide the Service.
Location Data. We may obtain information regarding your location or the location of your device through which you access our Service. For example, we collect general location data when you provide us with your zip code. In addition, if you use our mobile applications, our Service may obtain precise information about the location of your device with your express consent. Once you have consented to the collection of the precise location of your device, you may revoke this consent by managing your location services preferences through the settings of your device.
Special Categories of Personal Data. We generally do not require you to submit special categories of Personal Data in order to visit our Site. However, as our Service provides general information on health care and other general content pertaining to health and wellness topics, we may need to collect certain special categories of Personal Data, such as health information, in order to provide the Service. In the event we need to collect data that would constitute special categories of Personal Data in order to provide a specific service to you, we will obtain your consent as required by law.
HOW DO WE COLLECT INFORMATION?
We may collect Personal Data as follows:
When you create an account or otherwise utilize our Service. We may collect Personal Data, such as your name, address, phone number, email address, username and password, when you create an account with us or otherwise utilize our Services. In addition, we may collect Health and Wellness Data about you and your dependents, if applicable, in order to provide a specific Service to you. We may also collect payment data and insurance information in connection with providing the Service to you.
When you communicate with us or sign up for materials. We may collect Personal Data, such as your name, email address, and other contact information, when you communicate with us, including when you submit information through the Site, submit inquiries, or request information from us. We also collect information when you communicate with Practitioners through the Service. We may also collect Personal Data when you sign up to join our email list or to access or receive information about our Service, news and updates, webinars, white papers, or other information and content.
When you engage with our online communities and forums. We may collect Personal Data when you engage with our online communities and forums, including any information you may provide through your interaction with or participation in our blogs and social media pages and groups. Please note that online forums may be publicly accessible and other users may view information you post in the forums. We encourage you to exercise care in deciding what information and content you wish to disclose on the areas of the Site that are accessible to the general public.
When we collect data from third parties, such as your employer or Practitioners. We may obtain certain data about you from third-party sources in order to provide the Services and for marketing and advertising. For example, we collect certain information about you and your dependents, if applicable, from your employer in order to verify your eligibility to participate in the Service, such as name, email address, address, and whether you are enrolled in your employer’s health plan. We may also collect certain information, including Health and Wellness Data, from the Practitioners who provide treatment or other services to you in connection with our Service. We may combine Personal Data with data we obtain from our Services, other users, or third parties to enhance your experience and improve the Services.
HOW DO WE USE THE INFORMATION WE COLLECT?
For the performance of a contract. We may use Personal Data to perform our contractual obligations, including to fulfill your request for a Service, to contact you in relation to the Service, to take steps in response to information or inquiries you may submit prior to entering into an agreement with us, and to provide your Personal Data to our service providers.
Legitimate Interests. We may use Personal Data in order to operate our organization and provide the Service, other than in performing our contractual obligations to you, for our “legitimate interests” for the purposes of applicable law, except where our interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our legitimate interests may include:
To maintain the Site and provide the Service, including for technical support, to facilitate the provision of healthcare services to you by Practitioners, and to provide Practitioners the services and support necessary for health care operations;
To administer your account and Service, including to process payments, fulfill orders, verify your age or identity, and to authenticate and authorize access to the Site and the Service;
To provide customer support and address and respond to your requests, inquiries, and complaints;
To protect the confidentiality or security of information;
To develop, provide, and improve the Site and Service, including to better tailor the features, performance, and support of the Site and Service, and for statistical and analytics purposes;
For our direct marketing purposes;
To send surveys in connection with our Service;
For fraud, loss, and other crime prevention purposes, to assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties;
To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
Consent. In some cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:
Special Categories of Personal Data. As indicated above, we may collect certain Health and Wellness information in order to provide the Service. In the event we may need to collect data that would constitute special categories of Personal Data in order to provide a specific Service to you, we will obtain your consent as required by law. In certain circumstances, subject to applicable law, we may process or otherwise disclose special categories of Personal Data without consent, such as to protect the vital interests of you or of another person.
Precise Location Data. If we collect precise location data, we will obtain your consent as required by law. We use information regarding your location or the location of your device through which you access our Service for a number of purposes, including, but not limited to: (a) identifying Practitioners who may provide you with healthcare services; (b) providing you with a list of nearby pharmacies that may fulfill any prescriptions provided to you by your Practitioner; and (c) identifying other healthcare providers whom you may visit at the recommendation of your Practitioner.
Marketing. Where we are not relying on our legitimate interests or another legal basis for processing Personal Data, we may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments, or services which we think may be of interest to you and for other marketing purposes.
To comply with legal obligations. We may use Personal Data in order to comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process.
To protect data subjects’ vital interests. We may use Personal Data where we believe it is necessary to protect the vital interests of you or of another person.
HOW DO WE DISCLOSE INFORMATION?
We may disclose your information to third parties in connection with the provision of our Service or as otherwise permitted or required by law, including:
Service Providers and Business Partners. We may engage third parties to perform certain functions on our behalf. To do so, we may disclose certain information to our third-party service providers that provide services, such as the hosting of our Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing and other similar services, and for marketing and advertising purposes. We require third-party providers to use information only as necessary to provide the service for which we have engaged them. For example, we may disclose Personal Data to the following types of third-party providers:
Customer Service and Communications. We utilize third-party solutions and systems to manage our contacts and programs, and for customer service, communications, and marketing purposes.
Account and Program Administration. We use third-party solutions to assist with our program and Service administration and management activities, such as appointment scheduling and prescription fulfillment. We also utilize third-party solutions to administer and provide the Site and Service. We may also share information with certain third parties, such as clearinghouse entities, in connection with your participation in employer wellness programs.
Payment Processing. We use third parties to process payments and authenticate transactions.
Analytics. We use third-party solutions to help us understand how visitors use the Site and to evaluate usage trends.
Social Media. We may use widgets and tools from social networks to enable sharing and other functions through social networks.
Practitioners. We may disclose Personal Data to Practitioners in order to provide the Service. For example, we may share information with Practitioners to schedule and fulfill appointments and provide health care services as part of the Service and for other treatment, payment, or healthcare operations purposes. In addition, when you communicate with us or submit information through the Site or Service, we may share that information with Practitioners to enable them to communicate with you and provide the Service.
Employers. In the event that your access to the Site and use of the Services are offered in connection with a program offered or supported by your employer, we may disclose certain group health results with your employer. The information we share with employers is aggregated and not personally identifiable to individual employees.
Pursuant to Legal Process. We may also disclose Personal Data to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information we receive, or as otherwise pursuant to legal process.
HOW LONG DO WE STORE INFORMATION? We will retain your Personal Data for as long as is necessary to fulfill the purposes for which we obtained the Personal Data, including to provide the Service, or for such longer period as may be required or permitted by applicable law. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We use the following criteria to set our retention periods: (i) the duration of our relationship with you; (ii) the purposes for processing your Personal Data and associated legal bases; (iii) the existence of a legal obligation as to the retention period; and (iv) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).
DO-NOT-TRACK Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. Please note that the Site does not alter its behavior or use practices when we receive a “Do Not Track” signal from browser software.
SOCIAL NETWORK WIDGETS Our Site may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, we encourage you to read their privacy disclosures to learn what information they collect, use, and share.
SECURITY OF INFORMATION We implement technical and organizational security measures designed to safeguard Personal Data. Please note, however, we cannot fully eliminate security risks associated with the storage and transmission of Personal Data. You also must keep your password secure and your account confidential. If you have reason to believe that the security of your account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.
DATA SUBJECT RIGHTS Data subjects in the European Economic Area, European Union, Switzerland, and certain other jurisdictions have certain rights under applicable data protection law, including the right to request confirmation from us as to whether or not we are processing your Personal Data. Where we are processing your Personal Data, subject to applicable law, you also have the right to:
Request access to, modification or rectification, or deletion. You have the right to request access to, modification of, or deletion of your Personal Data we maintain. Registered Users can also make changes to their profile by logging into their account and adjusting information through the settings.
Request restriction of processing. You have the right to request that we restrict processing of your Personal Data in certain circumstances, such as where you believe that the Personal Data we hold about you is inaccurate or our processing is unlawful.
Data portability. In certain circumstances, you may have the right to receive the Personal Data concerning you that you provided to us or to request that we transmit your Personal Data to another data controller.
Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority.
To exercise your rights, you may contact us as at firstname.lastname@example.org or by postal mail at the contact information listed in the “Contacting Us” section. As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion. Furthermore, where permissible, we may charge for this service. We will respond to reasonable requests as soon as practicable and as required by law. To protect your privacy and security, we may take steps to verify your identity in order to respond to your request.
TRANSFER OF DATA TO THE U.S. Please note that if you are visiting the Site from outside of the United States, your information may be transferred to, stored, and/or processed in the United States. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. If you are located outside of the United States, the transfer of Personal Data is necessary to provide you with the requested information and Service and/or to perform any requested transaction. By using any portion of the Site, you acknowledge and consent to the transfer of your information to our facilities in the United States.
CALIFORNIA PRIVACY RIGHTS Residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information (as defined by California law) the business shares with third parties for those third parties’ direct marketing purposes, and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To exercise your rights, you may make one request per calendar year by submitting your request in writing using the email address email@example.com or by postal mail at the contact information listed in the “Contacting Us” section.