Effective: November 22, 2015
What Information About Me Is Collected and Stored?
We collect two basic types of information from you in conjunction with your use of the Sites: personally identifiable information (“PII”) and non-personally identifiable information (“non-PII”) (collectively, “your information”).
Depending on your use of the Sites and/or Services, some or all of the information that we collect may be considered “protected health information.” For example, if you are using the Sites and/or Services as part of your treatment from a health care provider, then any information that identifies you as a patient of the health care provider or regarding your health may be protected health information. If you are not a patient but are using the Sites and/or Services on behalf of a health care provider, then the information about others accessible through the Sites and/or Services may be protected health information. We will only use or disclose protected health information as permitted or required under the Health Insurance Portability and Accountability Act, as amended, and implementing regulations (collectively, “HIPAA”). If your use of the Sites is for purposes of a research protocol or is not through a health care provider, then HIPAA may not be applicable.
Personally Identifiable Information
Personally identifiable information is information that you may supply to us, as described more fully below, e.g., when you answer questions through the Sites and/or Services. Personally identifiable information is any information that can individually identify you and includes your name, and contact information, such as e-mail address, telephone number, or postal address. You may be required to submit your personally identifiable information to us to use the Sites or Services. The following lists the most common ways in which we may collect your PII:
- Use of the Services, including answering questions about physical or mental status that are asked through the Services
- Registration for an account or creating a profile
- Request for customer service or other assistance
- Request to receive alerts or other notifications
- Submission of user generated content
- Any other place on the Sites where you knowingly volunteer information
- Geolocation data
- Information about your activity level collected through your mobile device’s “accelerometer.”
- Information about your phone activity, including SMS usage, calls made, and access to your contacts
Most mobile device operating systems will allow you to opt out of the Services collection of geolocation information and access to contacts. Some operating systems will also allow you to opt out of the Services collection of activity information through the device’s accelerometer. If you opt out of the collection of geolocation, phone and activity information, the Services will not function as intended. Additionally, the opt-out mechanism on some operating systems may not be persistent, which will require you to opt-out of such collection activity each time you access the Sites through your mobile device.
Non-Personally Identifiable Information
Non-personally identifiable information includes information that does not personally identify you, but it may be linkable to you. If non-personally identifiable information is directly linked to personally identifiable information, it will be considered personally identifiable information while it is linked. Aggregate and de-identified information is not considered personally identifiable information. We may collect non-personally identifiable information (“non-PII”) when users interact with the Sites. For instance, our servers may automatically keep an activity log of your use of the Sites. We may collect and store the following categories of non-personally identifiable information:
- Device information about your computer, mobile device, or other device that you use to access the Sites. This information may include IP address, geolocation information, unique device identifiers, browser type, browser language, and other transactional information.
- Usage information about your use of the Sites.
- Additional “traffic data” such as time of access, date of access, software crash reports, session identification number, and access times.
- Aggregate data regarding the use of the Sites.
Collection and Combination of Information from Other Sources
We also may collect information about you that we may receive from other sources or from our offline interactions with you to, among other things, enable us to verify, update information contained in our records and to better customize the Sites for you. We may combine information gathered from multiple portions of the Sites into a single record.
The Sites do not use or employ “cookies” or other tracking technologies to collect information concerning your interaction with the Sites.
How Do We Use Your Information?
We may use the information we learn from you to help us provide the Services, personalize your experience, analyse the use of the Sites, respond to user inquiries, and improve the Sites and Services.
Additionally, information obtained by Valera Health in conjunction with your use of the Sites may be used by Valera Health for related research purposes. In such event, use of your information will be subject to the terms of any applicable informed consent and/or other authorizations from you.
Who Do We Provide Your Information To?
We may disclose the information collected on the Sites to our agents, affiliates, associates and other third parties as described below.
We have third-party agents and service providers that perform functions on our behalf, including, but not limited to hosting services, content syndication, content management, technical integration, marketing, analytics, customer service, and fraud protection.
These entities may have access to PII if needed to perform their functions. If such access is required, the third parties will be contractually obligated to maintain the confidentiality and security of that PII. They are restricted from using, selling, or distributing this data in any way other than to provide the requested services to the Sites or as required by law.
Law Enforcement, Legal Process, and Emergency Situations
We may use or disclose your PII to third parties if required to do so by law or on the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or the Sites; (b) protect and defend our rights or property, the Sites or our users, or (c) act to protect the personal safety of us, users of the Sites or the public.
Non-Personally Identifiable Information
We may disclose your non-personally identifiable information in any manner that we deem appropriate. Among other things, we may disclose non-PII to third parties to help us determine how people use parts of the Sites and how we can improve our Sites. We may also disclose non-PII to our service providers and other third parties about how our users collectively use the Sites and Services.
What Steps Are Taken to Keep Personally Identifiable Information Secure?
We are concerned about ensuring the security of your information and take certain security measures to help protect such information. Our security procedures mean that we may occasionally request proof of identity before we disclose your personally identifiable information to you. Please understand, however, that while we try our best to safeguard your PII once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.
You need to help protect the privacy of your own information. You must take precautions to protect the security of any PII that you transmit over any public or untrusted network by using encryption and other techniques to prevent unauthorized interception of your PII. You are responsible for the security of your information when using unencrypted, public or otherwise unsecured networks.
Your Obligations to Keep Your Access Rights Secure
You promise to: (a) provide true, accurate, current and complete information about yourself as prompted by our Sites and Services; and (b) maintain and promptly update your information to keep it true, accurate, current and complete. If Valera Health suspects, in its sole discretion, that such information is untrue, inaccurate, not current or incomplete, we have the right to suspend or terminate your account and refuse any use of the Sites or Services (or any portion thereof). If you create an account through the Sites, you are solely responsible for the security and confidentiality of your username and password and you are solely responsible for any and all activities that occur under your account.
How Long Do We Keep Personally Identifiable Information?
The time period for which we keep personally identifiable information varies according to what the PII is used for. In some cases, there are legal requirements to keep PII for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain PII for no longer than is necessary for the purposes for which it was collected or for which it is to be further processed.
HOW can you access your information?
If you have an account with Valera Health, you may review and change your information by logging into your account and editing your profile. You may send an email to firstname.lastname@example.org to request the correction or deletion any PII that you have provided to us. Be advised that we may not be able to delete your PII without also deleting your user account. You will not be permitted to examine the PII of any other person or entity without appropriate authorization and may be required to provide us with PII to verify your identity prior to accessing any records containing information about you. We may not accommodate a request to change or delete PII if we believe doing so would violate any law or legal requirement, or cause the information to be incorrect.
The Sites are not directed to children under 13 years of age. Unless otherwise disclosed during collection and with parent or guardian consent, Valera Health does not knowingly collect personal information from children under 13 years of age.