This Data Processing Addendum (“DPA”) is an agreement between Patientory, Inc.(“Patientory,” “we,” “us,” or “our”) and you (“Customer”, “user” or “you”
“Aggregate Information” is information that has been combined with information about other users and analyzed or evaluated as a whole, such that no specific individual may be reasonably identified. For example, Aggregate Information may include a statement that says “50% of our users have uploaded medical information in the last 6 months.”
“Cookies” are small text files that are placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to your browser or device, and can only be read by a web server in the domain that issued the Cookie to you.
“Health Care Providers” are providers, doctors, specialists, professionals and other organizations who deliver health care services to you and/or take part in your treatment.
“Health Device Data” is any information that is derived from a mobile device or a wearable fitness tracker that tracks or monitors behavior in a way intended to give the user insight into physical activity and wellness.
“Personal Information” is any information that relates to you directly or indirectly.
“Usage Information” is information that we automatically collect about your device and your use of the Services. This type of information does not usually, by itself, uniquely identify you, but it may still be Personal Information. Usage Information may include your IP address, domain server, type of device(s) and web browser(s) used to access the Services, referring webpage or other source through which you accessed the Services, and other statistics and information associated with the interaction between your browser or device.
“Web Beacons” (also known as “clear GIFs” and “pixel tags”) are small bits of code embedded in web pages or in emails that are used to monitor the behavior of a website user or recipient of an email.
“Your Content” is the information, comments, photos, images, video, data, text, and other content that you may post, upload, store, share, send or display through the Patientory Application. Your Content also includes any copies of or excerpts from medical records and Personal Information that you upload to the Services.
We may collect your information in the following ways:
• When you voluntarily share your information with us. We will ask you to provide us with information in order to access certain features of the Patientory Application. For example, when you create an account for the Patientory Application, we may ask for your name, contact information, birthday, and health information. When you create a profile, we may collect your photos and additional information that you provide to personalize your profile. We may also conduct surveys or polls that request your information.
• When you use interactive tools on the Patientory Application. We may collect your information when you use the Patientory Application’s interactive tools, such as uploading copies of and/or excerpts from medical records, and syncing or uploading Health Device Data to the Patientory Application.
• When you submit content. Certain features of the Patientory Application may allow you to communicate your Content on public forums or to share it with Health Care Providers. When you share Content in this way, you share it at your own risk.
• Automatically through your use of the Patientory Website. When you navigate the Patientory Website, we and our service providers may collect Usage Information through a variety of technical methods, including Cookies, Web Beacons, and other identifiers (collectively, “Data Collection Technologies”). For more information about how we use Data Collection Technologies, please see the Section titled Data Collection Technologies below. To learn how to exercise your choices about Data Collection Technologies, please see the Section titled Your Choices.
• From social networks and other third parties. We may collect your information from sources other than you, such as from social networks, chat rooms, message boards, other users, and our business partners. If you use or access the Patientory Application or other Patientory Services on or through a social network, we may receive from the social network certain information about you. The information that we receive depends on the social network and your privacy settings with that network. Your interactions with social networks are governed by that network’s privacy statement. You should always review and, if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to the Patientory Application or other Patientory Services.
If you choose not to provide us with any of your information, you may still be able to access and use some of our Services. Note, however, that certain features of our Services that require your information may not be accessible to you.
• Provide you the Patientory Application and fulfill your requests. We may use your information to register you, administer your account and profile, enable purchases and other transactions, and provide you the information and services that you request, including information about health care and health-related services and resources.
• Enhance your experience. We use your Usage Information to personalize and enhance your experience when you use the Services, such as tailoring content and advertising and remembering your preferences.
• Monitor, improve, and develop new Services. Your information helps us improve the content and functionality of our Services. For example, we may use our users’ demographics, interests, uploaded Content, and behaviors to create new features and content. We may also use your information to monitor and analyze trends, usage and activities in connection with the Services.
• Prevent illegal activities. We use your information to detect, investigate and prevent fraudulent transactions and other illegal activities. We also may use your information to protect the rights and property of Patientory and others.
• As disclosed. In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection.
We may de-identify or aggregate your information with other users of the Services. This de-identified or Aggregate Information may be used by us for any lawful purpose, including for data mining and analytics.
Although most browsers and devices accept Cookies and other Data Collection Technologies by default, their settings usually allow you to clear or decline Cookies. If you disable Cookies, some of the features of our Website may not function properly.
Interest Based Advertising: We may use service providers to serve advertisements on our behalf across the Internet. These advertising service providers may collect (through the use of Data Collection Technologies) non-identifiable information about your visits to and interactions with our Website. In addition, our service providers may also use the information about your visits to other websites to target advertisements for products and services available from us. If you would like more information about this practice, please visit the Network Advertising Initiative (“NAI”) at http://optout.networkadvertising.org/#!/.
Please note: Some web browsers incorporate a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. Many websites and applications, including our Website, do not currently respond to web browser DNT signals. For more information about DNT signals, please visit http://allaboutdnt.com.
Because we know your Personal Information is important to you, we may share your information for the reason(s) disclosed to you at the time we collect it, with your consent, as well as in the following ways:
• At your direction. We will share your information with third parties if and when you direct us to. For example, you may ask us to share your health information with your Health Care Providers. You may also authorize us to share your information with third party researchers to use the information for scientific research purposes.
• With our service providers. We may share your Personal Information with our service providers as necessary to enable them to provide services to us. Service providers are third parties (other companies and individuals) that support the operation and maintenance of our Services.
• With our commonly owned entities. We may share your Personal Information with other companies under common ownership and control of Patientory, which may include our subsidiaries, corporate parent, or any other subsidiaries owned by our corporate parent. We do this in order to provide you better service and improve your experience.
We reserve the right to share or sell Aggregate Information and other de-identified information (including metadata) to third parties for their own internal purposes, and publicly disclose such Aggregated Information and de-identified information, for example, in our marketing materials and research reports.
Patientory is based in the United States and the information we collect is governed by U.S. law. We recognize that the laws in the United States may be different and, in some cases, less protective as the laws other countries, including the European Economic Area (“EEA”). By providing us with your Personal Information and using our Site, you acknowledge that your Personal Information will be transferred to and processed in the United States. Patientory is also committed to complying with data protection laws outside of the United States that apply to our collection and use of your Personal Information.
• Where use of your information is necessary to perform our obligations under a contract with you (for example, to comply with: the terms of service of our Website and Application which you accept by browsing the website or registering to use our Application);
• Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Website and Application; operate our business and our Services; make and receive payments; comply with legal requirements and defend our legal rights; prevent fraud and to know the customer to whom we are providing Services);
• Where we are required to process information in accordance with an EU Member State legal obligation;
• Where we are carrying out processing in the public interest; or,
• Where we have your consent, in accordance with applicable law.
If applicable, you may make a complaint to the data protection supervisory authority in the country where you reside. Alternatively you may seek a remedy through local courts if you believe your rights have been breached.
Your preferences about how we use your information are important to us and, when possible, we aim to honor them. We offer the following choices that you can exercise with regard to your Personal Information, some of which may be required under local laws (e.g., in the EEA). Please note, however, that we may decline your requests in some circumstances. For example, we may need to continue processing your information for our legitimate interests or to comply with a legal obligation. We may request you to provide us with information necessary to confirm your identity before responding to your request.
• Access and modify your Personal Information. We provide you with account settings and tools to access and manage the Personal Information associated with your Patientory Application account. If you wish to access or modify other of your Personal Information that you are unable to manage using the Patientory Application, such as Usage Information, you may contact us at firstname.lastname@example.org with your request and we will make reasonable efforts to accommodate it.
• Delete your Personal Information or your account or transfer your information to a third party. You can delete your account at any time by contacting us at email@example.com, and local law may permit you to additionally request the deletion of other of your Personal Information that we possess. Local law may also permit you to request a transfer of Personal Information to a third party service provider. We will undertake reasonable efforts to honor requests to delete Personal Information stored through the Patientory Application where required by local law.
Restrict the way that we process and disclose certain of your Personal Information. Local law may permit you to request restrictions on the way we process certain of your Personal Information. We will undertake reasonable efforts to honor such restrictions in accordance with local law.
Opt out or revoke consent for marketing communications or other processing of your Personal Information. You can control marketing communications and certain other notifications by clicking the ‘Unsubscribe’ link in any marketing email you receive from us. You can also email us at firstname.lastname@example.org to unsubscribe or revoke your consent for processing of your Personal Information for which you have previously given your consent.
• To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on.
• For information on how our advertising partners allow you to opt out of receiving ads based on your web browsing history, please visit http://optout.aboutads.info/. To opt out of interest-based advertising, you can visit http://optout.networkadvertising.org/#!/ and follow NAI’s on-screen instructions. Note that if you opt out through the NAI, you will still receive advertising, but the advertising will not be tailored to your interest. In addition, if you opt out through NAI and later delete your Cookies, use a different browser, or buy a new device, you will need you opt out of interest-based advertising again.
• Check your mobile device for settings that control ads based on your interactions with the applications on your device. For example, on your iOS device, enable the “Limit Ad Tracking” setting, and on your Android device, enable the “Opt out of Ads Personalization” setting.
The security of Personal Information is important to us. We use reasonable safeguards aimed to protect against unauthorized use, disclosure, alteration or destruction of the Personal Information we collect and maintain. You should keep in mind, however, that no data transmitted over the Internet is 100% secure and any information disclosed online can potentially be collected and used by parties other than the intended recipient. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information you transmit to or from our Services.
We are committed to protecting the privacy of children. Neither Patientory nor any of its Services are designed for, intended to attract, or directed toward children under the age of thirteen, and we do not knowingly process data of persons under the age of sixteen in the EEA. If we become aware that a user is under the age of thirteen, or under the age of sixteen in the EEA, and has provided personal information to us, we will take reasonable steps to remove all information provided by such underage user from our database.
We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.
Disclaimer: Maintaining the privacy and security of Your Information is important to us. 1upHealth has implemented appropriate safeguards to prevent unlawful use or disclosure of information. These include administrative, physical, and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of information we receive, maintain, or transmit. Nevertheless, while security of information is of tremendous importance to us, no data transmission (over the internet or any wireless network) or method of electronic storage can be guaranteed to be 100% secure.
In the event of a security breach, we will notify affected individuals, regulatory authorities, and others consistent with requirements under federal and state law or contractual obligations.
3480 Peachtree Rd NE, Second Floor
Atlanta, GA 30326