Last Updated: June 13, 2019
PLEASE READ THE FOLLOWING CAREFULLY TO UNDERSTAND OUR VIEWS AND PRACTICES REGARDING YOUR PERSONAL INFORMATION AND HOW WE WILL TREAT IT.
For the purposes of Applicable Data Protection Laws including the European Economic Area data protection law (the “Data Protection Law”):
Non-Provider Users: The data controller is: PeerWell, Inc. 330 Townsend Street, Suite 231, San Francisco, CA 94107
Provider Users: The data controllers are YOUR healthcare provider and PeerWell, Inc. 330 Townsend Street, Suite 231, San Francisco, CA 94107
Data Protection Officer: Manish Shah firstname.lastname@example.org
Access to and use of the Services by a Provider who is a PeerWell customer (a “Customer”) and such Customer’s Authorized Users (as defined in the Customer Agreement) is subject to and governed by the agreement between PeerWell and the applicable Customer executed by authorized representatives of each party (the “Customer Agreement”). PeerWell may collect, use and disclose information from a Customer and such Customer’s authorized users as set forth in the Customer Agreement. If you would like more information about the Services or becoming a Customer, please contact us at email@example.com.
COLLECTION OF PERSONAL INFORMATION
BECAUSE THE PERSONAL INFORMATION WE COLLECT AND TRANSMIT MAY INCLUDE HEALTHCARE INFORMATION, INCLUDING MEDICAL INFORMATION, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”). WE WILL MAINTAIN THE PRIVACY OF YOUR HEALTH INFORMATION AS REQUIRED BY HIPAA AND THE REGULATIONS PROMULGATED UNDER THAT ACT. FOR ADDITIONAL INFORMATION RELATED TO YOUR HEALTHCARE INFORMATION, PLEASE CONTACT US AT firstname.lastname@example.org.
All transmissions of Personal Information by the Services are secured and encrypted by SSL protocol, as required by law.
CHANGES TO POLICY
WHAT INFORMATION DO YOU COLLECT AND WHY?
Personal Data that You Provide Through the Services
We collect Personal Information (e.g. demographic information) from you when you voluntarily provide such information, such as when you create a proﬁle on the Services, contact us with inquiries, enter information into our Website contact form, respond to one of our surveys or use certain features of the Services. We use this information to create your account and provide you with the Services.
For Patients: In addition to demographic information, if you are a Patient, we may ask you to provide your contact preferences, certain contact information, such as your email address, mobile telephone number, and physical address, and other Health and Activity Data to us in order to create your account and provide you with the Services. Such Health and Activity Data may include information from your medical record and information that you report about your health conditions, movement, and pain. We collect this information to provide you more customized Services and to communicate information to your healthcare provider.
HOW DO YOU USE MY PERSONAL INFORMATION?
When you do provide us with Personal Information, we may use your Personal Information for five (5) general reasons:
- To provide you with the Services.
- To send you information about PeerWell.
- We may use your information in aggregate form to help us evaluate and modify our Services or related marketing materials.*
- To customize our marketing communications (depending on the Personal Information we have about you) by sending you information that we believe will be to your benefit.
- To provide technical and sales support.
*Aggregated Personal Data: In an ongoing eﬀort to better understand and serve our Users and communities of patients with certain health conditions, PeerWell conducts research on its user demographics and behavior based on the Personal Information we collect from you and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and PeerWell may share this research and related information in aggregated, de-identiﬁed and/or anonymized format with its aﬃliates, agents and other healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify you personally. PeerWell may also disclose aggregated, de-identiﬁed and/or anonymized information in order to describe our business and the Services to current and prospective business partners and Customers, and to other third parties for other lawful purposes.
If you provide an email address, then you may receive announcements or information about PeerWell. You can always choose not to be contacted or to “opt-out” of further contact or solicitations from PeerWell by following the instructions in the email.
You agree that such monitoring activities, if in compliance with applicable privacy laws, will not entitle you to any cause of action or other right with respect to the manner in which PeerWell or its affiliates or agents monitor your communications and enforces or fails to enforce the terms of this agreement. In no event will PeerWell or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by PeerWell or its affiliates or agents.
WHAT OTHER INFORMATION DO YOU COLLECT?
In order to provide you with the Services, we will collect certain information about service performance, your devices and your use of the Services. We will automatically upload this information from your Device(s). Any individual identification information transmissions will be secured and encrypted using SSL methods and follow all applicable privacy laws to maintain privacy whilst providing the Services. Anonymized usage data may be transmitted, which will generally not identify you, and may include information such as the version of the App (if applicable) you have downloaded and installed on your Device, IP address, and other information that is not Personal Information.
In order to record and provide feedback from your Device, we may collect certain information transmitted directly by the device.
WHERE IS MY INFORMATION STORED AND/OR PROCESSED?
Information PeerWell collects through the Services will be stored on a third-party cloud server, but will only be accessible by authorized PeerWell individuals. Anyone with access to the data we collect and store must go through privacy training prior to being allowed access. The Application is native to your device, meaning information you enter into our Application is also stored directly on the device you use to access and enter information into the App or Provider Portal. All of the information you share with us through the Services is encrypted during transmission and at rest using a secure public interface PKI.
WILL YOU SHARE MY INFORMATION WITH ANYONE ELSE?
PeerWell takes its responsibility to keep your information private very seriously. We consider your use of the Services to be private. However, we may access or disclose information about you or your account under the following limited circumstances:
With Our Customers: If you are a patient, we will share your Personal Information and Health and Activity Data with your authorized healthcare provider(s). This will enable your provider(s) to track your Health and Activity Data and combine such Health and Activity Data with other information about you that your provider obtains in providing healthcare services to you.
In the Event of a Business Transfer: We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.
Legal Authorities: PeerWell may disclose Personal Information when required by law or legal process; when necessary to protect and defend the rights or property of PeerWell or when necessary to protect the personal safety of PeerWell Users and customers.
Aggregate Information: Aggregate information does not contain any Personal Information about our Users. From time to time, PeerWell may share aggregate, non-personal information about App usage with third parties, including government agencies, advertisers and our partners.
HOW LONG WILL YOU STORE MY INFORMATION?
We store your Personal Information for as long as you maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, we will remove your Personal Information from our databases and will request that our business partners remove your Personal Information from their databases. However, once we disclose your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to email@example.com. We may retain anonymized data indefinitely.
We use two types of cookies: essential and non-essential cookies. Essential cookies are those necessary for use to provide Services to you. All of our cookies are Essential cookies, and without them we would not be able to provide the Services to you. As such, if you do not have your cookies turned on, you will be unable to use the Services. We have provided, below, a full list of our cookies and we have described the purposes of each.
|Cookie Name, Who Controls It, and Duration||Purpose||Information Collected||How to Withdraw Consent|
|Authentication, PeerWell, duration of logged-in session||To authenticate the logged in user during the session.||Authentication token, registered email address, peer token||Do not use our Service if you do not want to receive this cookie|
If your account is terminated for any reason, either by you or PeerWell, we may permanently delete your data from our servers in accordance with applicable law and regulations. PeerWell is under no obligation to return data to you after your account is canceled. If data is stored with an expiration date, we may also delete the data as of that date. Data that is deleted may be irretrievable.
CHILDREN’S ONLINE PRIVACY
We do not knowingly collect or maintain personal information from children under the age of eighteen (18) and Services are not directed to individuals under the age of thirteen (13). If you are under the age of thirteen (13), you should not furnish us with any identifiable information about yourself without a parent’s consent. If we learn that personally identifiable information of persons under thirteen (13) years of age has been collected via the App or Services without parental consent, we will take the appropriate steps to delete this information.
If you are aware of a user under the age of 13, please contact us at firstname.lastname@example.org.
COMMUNICATIONS FROM PEERWELL
We may use the e-mail addresses you provided when you created your user account to occasionally deliver information relevant to you, benefits, promotions, surveys and notification of other relevant items. If you send us an e-mail with questions or comments, we may use the Personal Information you provide to respond to your questions or comments, and we may save your questions or comments for future reference. However, we will provide you with the option to change your preferences and opt-out of receiving those communications.
You may request at any time that we not e-mail you in the future by clicking the “unsubscribe” link which is included at the bottom of any e-mail communication that you receive from us, or by contacting us at email@example.com. When contacting us by e-mail, please insert “UNSUBSCRIBE” in the subject line and the body of the message. If you unsubscribe, you should assume that your request has been received and is being processed. Please allow ten (10) business days from when the request was received to complete the removal of your e-mail address from our database as some of our promotions may have been in process before submitting such request. We will make reasonable efforts to discontinue these e-mail communications as soon as practicable.
HOW DO YOU PROTECT MY PERSONAL INFORMATION?
PeerWell has taken reasonable security measures to protect against the loss, misuse and alteration of information under our control. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, it is not possible to guarantee the security or integrity of information disclosed online. Because no physical or electronic security is impenetrable, by using the Services, you agree to assume all risks in connection with the information sent to us or collected by us when using the Services. We recommend that you take any and all appropriate steps to secure any device that you use to access the Services.
NOTWITHSTANDING ANY OF THE STEPS WE TAKE, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.
HOW CAN I PROTECT MY PERSONAL INFORMATION?
We will NEVER send you an e-mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e-mail requesting such information. If you receive such an e-mail purportedly from PeerWell, DO NOT RESPOND to the e-mail and DO NOT CLICK on any links and/or open any attachments in the e-mail, and notify PeerWell support at firstname.lastname@example.org.
You are responsible for taking reasonable precautions to protect your user information (username, password, etc.) from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify PeerWell at email@example.com if you know of or suspect any unauthorized use or disclosure of your user information, or any other security concern.
EU Data Subject Rights
If you are an EU data subject, you have the following rights under certain circumstances:
- to receive communications related to the processing of your personal data that are concise, transparent, intelligible and easily accessible;
- to be provided with a copy of your personal data held by us;
- to request the rectification or erasure of your personal data held by us without undue delay;
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
- to object to the further processing of your personal data, including the right to object to marketing;
- to request that your personal data be moved to a third party;
- to receive your personal data in a structured, commonly used and machine-readable format;
- to lodge a complaint with a supervisory authority.
Where our processing of your Personal Information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at firstname.lastname@example.org. You can also exercise the rights listed above at any time by contacting us at email@example.com.
HOW CAN I UPDATE, CORRECT, OR DELETE MY PERSONAL INFORMATION?
You may review, request corrections, ask that we delete, or refuse further collection or use of the Personal Information PeerWell collects from you. You may do this by contacting PeerWell using the contact information provided at the end of this document.
CONSENT TO RECEIVE NOTICES VIA THE SERVICES
LIMITATION OF LIABILITY
YOU UNDERSTAND AND AGREE THAT ANY DISPUTE OVER PRIVACY IS SUBJECT TO THE TERMS AND CONDITIONS OF THE APPLICABLE SERVICES (INCLUDING ANY INDEMNIFICATION AND LIMITATIONS ON DAMAGES CONTAINED THEREIN).
If you have any questions about this Policy, please feel free to contact us by email at firstname.lastname@example.org.
330 Townsend Street, Suite 231
San Francisco, CA 94107