PEERWELL PRIVACY POLICY

Last Updated: June 13, 2019

PeerWell, Inc. ("PeerWell" “we” “us” or “our”) respects the privacy of Users of our App (“App”) and Website (“Website”) (App and Website constitute the “Services”), and the following privacy policy (the “Policy”) applies to your use of the Services and/or other related services that PeerWell provides (the “Services”). We at PeerWell value keeping your personal information confidential and using it solely in the context of our mission to enable you to become fully engaged in your healthcare in order to aid you and your healthcare providers (“Providers”) in making informed decisions about your care. The purpose of this Policy is to inform our Users (“you,” “your” or “User”) about the types of information we gather about you when you download, install and use our App and/or visit our Website, how we may use that information, with whom it is shared, what choices you have regarding our use of your information, and how you may access some of the information you provide to us. Capitalized terms not defined in this Privacy Policy are defined in the applicable Terms of Use, which are accessible via your account.

PLEASE READ THE FOLLOWING CAREFULLY TO UNDERSTAND OUR VIEWS AND PRACTICES REGARDING YOUR PERSONAL INFORMATION AND HOW WE WILL TREAT IT.

For the purposes of Applicable Data Protection Laws including the European Economic Area data protection law (the “Data Protection Law”):

Non-Provider Users: The data controller is: PeerWell, Inc. 330 Townsend Street, Suite 231, San Francisco, CA 94107

Provider Users: The data controllers are YOUR healthcare provider and PeerWell, Inc. 330 Townsend Street, Suite 231, San Francisco, CA 94107

Data Protection Officer: Manish Shah manish@peerwell.co

BY SUBMITTING YOUR PERSONAL INFORMATION THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATION OR SERVICES AND DO NOT SUBMIT ANY INFORMATION TO US.

Access to and use of the Services by a Provider who is a PeerWell customer (a “Customer”) and such Customer’s Authorized Users (as defined in the Customer Agreement) is subject to and governed by the agreement between PeerWell and the applicable Customer executed by authorized representatives of each party (the “Customer Agreement”). PeerWell may collect, use and disclose information from a Customer and such Customer’s authorized users as set forth in the Customer Agreement. If you would like more information about the Services or becoming a Customer, please contact us at privacy@peerwell.co.

If you are a patient and would like to make the data you report and that your smartphone or other device (“Device”) collects (“Health and Activity Data”) available to your healthcare provider(s) through the Services, you will be required to agree to the applicable Terms of Use and this Privacy Policy.

COLLECTION OF PERSONAL INFORMATION

THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY PEERWELL IN CONNECTION WITH THE SERVICES. “PERSONAL INFORMATION” INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION TO IDENTIFY OR CONTACT A SINGLE PERSON OR TO IDENTIFY AN INDIVIDUAL IN CONTEXT. IF WE CAN LINK PARTICULAR INFORMATION (DIRECTLY OR INDIRECTLY) TO AN INDIVIDUAL, WE WILL CONSIDER THIS INFORMATION “PERSONAL INFORMATION,” AND WE WILL PROTECT IT.

BECAUSE THE PERSONAL INFORMATION WE COLLECT AND TRANSMIT MAY INCLUDE HEALTHCARE INFORMATION, INCLUDING MEDICAL INFORMATION, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”). WE WILL MAINTAIN THE PRIVACY OF YOUR HEALTH INFORMATION AS REQUIRED BY HIPAA AND THE REGULATIONS PROMULGATED UNDER THAT ACT. FOR ADDITIONAL INFORMATION RELATED TO YOUR HEALTHCARE INFORMATION, PLEASE CONTACT US AT privacy@peerwell.co.

All transmissions of Personal Information by the Services are secured and encrypted by SSL protocol, as required by law.

CHANGES TO POLICY

Please note that we occasionally update this Policy and that it is your responsibility to stay up to date with any amended versions. If we modify this Policy, we will notify you of the changes through either a pop-up notice in the application, an email notification, an in-service notice or other reasonable means. You can store this policy and/or any amended version(s) digitally, print it, or save it in any other way. Any changes to this privacy policy will be effective immediately upon providing notice to you, and shall apply to all information we maintain, use and disclose. If you continue to use the application following such notice, you are agreeing to those changes.

WHAT INFORMATION DO YOU COLLECT AND WHY?

Personal Data that You Provide Through the Services

We collect Personal Information (e.g. demographic information) from you when you voluntarily provide such information, such as when you create a profile on the Services, contact us with inquiries, enter information into our Website contact form, respond to one of our surveys or use certain features of the Services. We use this information to create your account and provide you with the Services.

For Patients: In addition to demographic information, if you are a Patient, we may ask you to provide your contact preferences, certain contact information, such as your email address, mobile telephone number, and physical address, and other Health and Activity Data to us in order to create your account and provide you with the Services. Such Health and Activity Data may include information from your medical record and information that you report about your health conditions, movement, and pain. We collect this information to provide you more customized Services and to communicate information to your healthcare provider.

Wherever PeerWell collects Personal Information, we make an effort to provide a link to this Privacy Policy.

HOW DO YOU USE MY PERSONAL INFORMATION?

When you click “I agree” on our App or Website, you explicitly agree to this Privacy Policy and consent to the use of the Personal Information you provide via the App. You confirm that you have the legal authority to consent to PeerWell processing all health information you provide, including by obtaining the explicit consent of all other persons whose health data you may provide. That includes storing, using and disclosing the data in accordance with this Policy.

When you do provide us with Personal Information, we may use your Personal Information for five (5) general reasons:

  1. To provide you with the Services.
  2. To send you information about PeerWell.
  3. We may use your information in aggregate form to help us evaluate and modify our Services or related marketing materials.*
  4. To customize our marketing communications (depending on the Personal Information we have about you) by sending you information that we believe will be to your benefit.
  5. To provide technical and sales support.

*Aggregated Personal Data: In an ongoing effort to better understand and serve our Users and communities of patients with certain health conditions, PeerWell conducts research on its user demographics and behavior based on the Personal Information we collect from you and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and PeerWell may share this research and related information in aggregated, de-identified and/or anonymized format with its affiliates, agents and other healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify you personally. PeerWell may also disclose aggregated, de-identified and/or anonymized information in order to describe our business and the Services to current and prospective business partners and Customers, and to other third parties for other lawful purposes.

If you provide an email address, then you may receive announcements or information about PeerWell. You can always choose not to be contacted or to "opt-out" of further contact or solicitations from PeerWell by following the instructions in the email.

Monitoring

PeerWell and its affiliates and agents are permitted, but not obligated, to review and/or retain information and/or communications stored and/or transmitted using the Services (“User Content”). We may monitor User Content for data collection purposes and/or to evaluate the quality of service you receive, your compliance with the applicable terms of use, the security of the Services, or for other reasons. Your authorized healthcare providers may also monitor User Content in order to monitor your progress and overall condition and to follow up with you, as they deem appropriate in their independent judgment as your healthcare providers.

You agree that such monitoring activities, if in compliance with applicable privacy laws, will not entitle you to any cause of action or other right with respect to the manner in which PeerWell or its affiliates or agents monitor your communications and enforces or fails to enforce the terms of this agreement. In no event will PeerWell or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by PeerWell or its affiliates or agents.

WHAT OTHER INFORMATION DO YOU COLLECT?

In order to provide you with the Services, we will collect certain information about service performance, your devices and your use of the Services. We will automatically upload this information from your Device(s). Any individual identification information transmissions will be secured and encrypted using SSL methods and follow all applicable privacy laws to maintain privacy whilst providing the Services. Anonymized usage data may be transmitted, which will generally not identify you, and may include information such as the version of the App (if applicable) you have downloaded and installed on your Device, IP address, and other information that is not Personal Information.

In order to record and provide feedback from your Device, we may collect certain information transmitted directly by the device.

WHERE IS MY INFORMATION STORED AND/OR PROCESSED?

Information PeerWell collects through the Services will be stored on a third-party cloud server, but will only be accessible by authorized PeerWell individuals. Anyone with access to the data we collect and store must go through privacy training prior to being allowed access. The Application is native to your device, meaning information you enter into our Application is also stored directly on the device you use to access and enter information into the App or Provider Portal. All of the information you share with us through the Services is encrypted during transmission and at rest using a secure public interface PKI.

WILL YOU SHARE MY INFORMATION WITH ANYONE ELSE?

PeerWell takes its responsibility to keep your information private very seriously. We consider your use of the Services to be private. However, we may access or disclose information about you or your account under the following limited circumstances:

With Our Customers: If you are a patient, we will share your Personal Information and Health and Activity Data with your authorized healthcare provider(s). This will enable your provider(s) to track your Health and Activity Data and combine such Health and Activity Data with other information about you that your provider obtains in providing healthcare services to you.

Operations and Maintenance Contractors: PeerWell may share your Personal Information with third party contractors as is necessary to respond to your requests for products and information, unless you have opted-out of receiving information. Third party contractors may access your Personal Information to send you this information on behalf of PeerWell. PeerWell also may hire third party technology providers to host, develop, maintain, or upgrade this App, and to store your Personal Information. When we share your information with third parties working on our behalf, they are required to abide by our Privacy Policy.

In the Event of a Business Transfer: We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.

Legal Authorities: PeerWell may disclose Personal Information when required by law or legal process; when necessary to protect and defend the rights or property of PeerWell or when necessary to protect the personal safety of PeerWell Users and customers.

Aggregate Information: Aggregate information does not contain any Personal Information about our Users. From time to time, PeerWell may share aggregate, non-personal information about App usage with third parties, including government agencies, advertisers and our partners.

HOW LONG WILL YOU STORE MY INFORMATION?

We store your Personal Information for as long as you maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, we will remove your Personal Information from our databases and will request that our business partners remove your Personal Information from their databases. However, once we disclose your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to privacy@peerwell.co. We may retain anonymized data indefinitely.

WHAT IS YOUR COOKIE POLICY?

In operating the Services, we may use cookies, web beacons and similar technologies. A cookie is a piece of information that the computer that hosts our Services gives to your browser when you access the Services. Our cookies help provide additional functionality to the Services and help us analyze Services usage more accurately for research and marketing purposes. In all cases in which we use cookies, we will not collect Personal Information except with your permission. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Services’ features. In addition to cookies, we may use web beacons (also known as “clear GIFs”) to measure traffic to or from the Services and related browsing behavior and to improve your experience when using the Services.

We use two types of cookies: essential and non-essential cookies. Essential cookies are those necessary for use to provide Services to you. All of our cookies are Essential cookies, and without them we would not be able to provide the Services to you. As such, if you do not have your cookies turned on, you will be unable to use the Services. We have provided, below, a full list of our cookies and we have described the purposes of each.

Cookie Name, Who Controls It, and Duration

Purpose

Information Collected

How to Withdraw Consent

Authentication, PeerWell, duration of logged-in session

To authenticate the logged in user during the session.

Authentication token, registered email address, peer token

Do not use our Service if you do not want to receive this cookie

As more fully described in our Terms of Use, the Services may contain links to third-party websites or services that PeerWell does not own or control. Those third-party websites or services may use cookies, web beacons, and/or clear GIFs not described in the table above. We encourage you to review a third-party’s privacy policy and terms of use prior to using their services.

ACCOUNT TERMINATION

If your account is terminated for any reason, either by you or PeerWell, we may permanently delete your data from our servers in accordance with applicable law and regulations. PeerWell is under no obligation to return data to you after your account is canceled. If data is stored with an expiration date, we may also delete the data as of that date. Data that is deleted may be irretrievable.

CHILDREN’S ONLINE PRIVACY

We do not knowingly collect or maintain personal information from children under the age of eighteen (18) and Services are not directed to individuals under the age of thirteen (13). If you are under the age of thirteen (13), you should not furnish us with any identifiable information about yourself without a parent’s consent. If we learn that personally identifiable information of persons under thirteen (13) years of age has been collected via the App or Services without parental consent, we will take the appropriate steps to delete this information.

If you are aware of a user under the age of 13, please contact us at privacy@peerwell.co.

COMMUNICATIONS FROM PEERWELL

We may use the e-mail addresses you provided when you created your user account to occasionally deliver information relevant to you, benefits, promotions, surveys and notification of other relevant items. If you send us an e-mail with questions or comments, we may use the Personal Information you provide to respond to your questions or comments, and we may save your questions or comments for future reference. However, we will provide you with the option to change your preferences and opt-out of receiving those communications.

You may request at any time that we not e-mail you in the future by clicking the “unsubscribe” link which is included at the bottom of any e-mail communication that you receive from us, or by contacting us at privacy@peerwell.co. When contacting us by e-mail, please insert “UNSUBSCRIBE” in the subject line and the body of the message. If you unsubscribe, you should assume that your request has been received and is being processed. Please allow ten (10) business days from when the request was received to complete the removal of your e-mail address from our database as some of our promotions may have been in process before submitting such request. We will make reasonable efforts to discontinue these e-mail communications as soon as practicable.

HOW DO YOU PROTECT MY PERSONAL INFORMATION?

PeerWell has taken reasonable security measures to protect against the loss, misuse and alteration of information under our control. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, it is not possible to guarantee the security or integrity of information disclosed online. Because no physical or electronic security is impenetrable, by using the Services, you agree to assume all risks in connection with the information sent to us or collected by us when using the Services. We recommend that you take any and all appropriate steps to secure any device that you use to access the Services.

NOTWITHSTANDING ANY OF THE STEPS WE TAKE, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.

HOW CAN I PROTECT MY PERSONAL INFORMATION?

We will NEVER send you an e-mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e-mail requesting such information. If you receive such an e-mail purportedly from PeerWell, DO NOT RESPOND to the e-mail and DO NOT CLICK on any links and/or open any attachments in the e-mail, and notify PeerWell support at privacy@peerwell.co.

You are responsible for taking reasonable precautions to protect your user information (username, password, etc.) from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify PeerWell at privacy@peerwell.co if you know of or suspect any unauthorized use or disclosure of your user information, or any other security concern.

EU Data Subject Rights

If you are an EU data subject, you have the following rights under certain circumstances:

  • to receive communications related to the processing of your personal data that are concise, transparent, intelligible and easily accessible;
  • to be provided with a copy of your personal data held by us;
  • to request the rectification or erasure of your personal data held by us without undue delay;
  • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
  • to object to the further processing of your personal data, including the right to object to marketing;
  • to request that your personal data be moved to a third party;
  • to receive your personal data in a structured, commonly used and machine-readable format;
  • to lodge a complaint with a supervisory authority.

Where our processing of your Personal Information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at privacy@peerwell.co. You can also exercise the rights listed above at any time by contacting us at privacy@peerwell.co.

HOW CAN I UPDATE, CORRECT, OR DELETE MY PERSONAL INFORMATION?

You may review, request corrections, ask that we delete, or refuse further collection or use of the Personal Information PeerWell collects from you. You may do this by contacting PeerWell using the contact information provided at the end of this document.

CONSENT TO RECEIVE NOTICES VIA THE SERVICES

By using the App or Website or submitting Personal Information via the App or Website, you are agreeing that PeerWell may deliver all privacy, terms and conditions, and opt out notices to you in the manners described in this Privacy Policy and/or the applicable terms of use.

LIMITATION OF LIABILITY

YOU UNDERSTAND AND AGREE THAT ANY DISPUTE OVER PRIVACY IS SUBJECT TO THE TERMS AND CONDITIONS OF THE APPLICABLE SERVICES (INCLUDING ANY INDEMNIFICATION AND LIMITATIONS ON DAMAGES CONTAINED THEREIN).

CONTACTING PEERWELL

If you have any questions about this Policy, please feel free to contact us by email at privacy@peerwell.co.

PeerWell, Inc.

330 Townsend Street, Suite 231

San Francisco, CA 94107

To view older Privacy Policy versions, click here.