Types of Information Collected
DiscoverU Health collects Personal Information when you register for the Service, when a third party registers you for the Service on your behalf, or when you use the Service. Depending on how you use the Service, we collect different kinds of information about you. This information may include:
Personal Health Information (PHI)
If you are using the Service as part of your treatment from a health care provider or membership with a health insurance plan, then any information that identifies you as a patient of the health care provider or regarding your health may be PHI. If you are not a patient but are using the Service on behalf of a health care provider or health insurance company, then information about others that is accessible through the Service may be PHI. We will only use or disclose PHI as permitted or required under the Health Insurance Portability and Accountability Act, as amended, and implementing regulations (collectively, “HIPAA”). If your use of the Service is for purposes of a research protocol or is not through a health care provider, then HIPAA may not be applicable.
Personally Identifiable Information (PII)
PII is any information that can individually identify you and includes your name, and contact information, such as e-mail address, telephone number, or postal address.
Non-Personally Identifiable Information
Non-personally identifiable information includes information that does not personally identify you, but it may be linkable to you. If non-personally identifiable information is directly linked to personally identifiable information, it will be considered PII while it is linked. Aggregate and de-identified information is not considered PII.
Among the types of Personal Data that the Service may collect from the you, by itself or through third parties, there are: geographic position, general activity data, movement activity, Cookies, Usage Data, first name, last name, email address, body measurements & indexes, sleeping activity, phone number and picture. Some information regarding phone and SMS usage may be obtained from your device in the case that you choose to contact an emergency hotline.
Personal Data may be freely provided by the user of the Service, or, in case of Usage Data, collected automatically. Failure to provide the requested Personal Data may make it impossible for DiscoverU Health to provide its Service to you. In cases where the Service specifically states that some Data is not mandatory, you are free to withhold this Data without any consequences on the availability or the functioning of the Service. If you are unsure about what Data is mandatory, contact us at email@example.com.
Users are responsible for any third-party Personal Data obtained, published or shared through the Service and confirm that they have the third party’s consent to provide the Data to DiscoverU Health.
Collection and Combination of Information from Other Sources
We also may collect information about you that we may receive from other sources or from our offline interactions with you to, among other things, enable us to verify or update information contained in our records and to better customize the Service for you. We may combine information gathered from multiple parts of the Service into a single record.
Information Use and Collection
DiscoverU Health collects and uses Personal Information from you for the following purposes:
- Registration – When you register for the Service, or when a third party registers you for the Service on your behalf, we collect your Personal Information as part of the registration process, including but not limited to your name, address, phone number, email address, sponsoring provider and program settings. SMS messages and email may be used during the registration process to send a one-time code and link to access the Service.
- Personalization – We collect information such as your picture in order to personalize the Service.
- Notifications – Registered users of the DiscoverU Health platform may receive push notifications or desktop notifications according to their user settings.
- Self-Reported Health Information – We collect the information that you enter while using the Service, such as information regarding your health and/or medical condition and related behaviours.
- Provider-and-Payer-Reported Health-Related Information – We collect information about you that is submitted with your permission by your authorized healthcare provider or other third party while using the Service, such as information about your health and/or medical condition, including information that is protected under HIPAA.
- Automatically Tracked Health-Related Information – We collect data such as as cookies, geographic location, movement, heartbeat, change in altitude, data about surroundings and geographic position data in order to provide specific features. Upon user consent, location data is collected during app usage and in the background. This data is used strictly to facilitate clinical services in case the user is interested in activating them. Most browsers and operating systems will allow you to opt out of the Services collection of geolocation information. Some operating systems will also allow you to opt out of the Services collection of activity information. If explicit authorization has been provided we may share this data with your authorized healthcare provider or other third party to allow them to provide personalized services.
- Customer support – We may use your contact information to send you information about our Service or information relating to your health, to respond to technical support inquiries, or to help prevent spam, fraud or abuse. When you enter Personal Information into an inquiry or contact form in any portion of the Service, DiscoverU Health uses the information provided to reply to requests for information or other requests as indicated by the form.
- Managing contacts and sending messages – We may collect your email address, phone number and other contact information to communicate with you for purposes of registration or customer support, and to track usage of certain features in the Service, such as clicking on links included in a message.
- System logs and maintenance – For operation and maintenance purposes, we may collect files that record your interactions with the Service (system logs) or other Personal Data (such as IP address).
- Surveys and user research– From time to time, we may send you survey questions or contact you with questions related to your experience to help us improve our Service. We collect any responses you provide. Participation in such surveys or user research does not impact your access to the Service.
- Analytics – DiscoverU Health may collect and use your device’s unique identifier for analytics purposes or to store your user preferences. DiscoverU Health may use Google Analytics or other third-party services to monitor and analyze user behavior.
- Google Analytics is a web analysis service provided by Google, Inc. (“Google”). Google utilizes the Data collected to track and examine the use of the Service, to prepare reports on its activities and to share them with other Google services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
- Research – Information collected by DiscoverU Health in conjunction with your use of the Service may also be used by DiscoverU Health for research purposes. In such event, use of your information will be subject to the terms of any applicable informed consent and/or other authorizations from you.
Information Sharing and Disclosure
DiscoverU Health does not rent, sell or share your Personal Information with other people or non-affiliated companies, except to provide products or services you have requested, when we have authorization to share such information, or when we provide information to companies or consultants working on behalf of or with us under confidentiality agreements as described below. These companies and consultants do not have any independent right to share your Personal Information.
We have third-party agents and service providers that perform functions on our behalf, including, but not limited to hosting services, content syndication, content management, technical integration, marketing, analytics, customer service, and fraud protection.
These entities may have access to Personal Information if needed to perform their functions. If such access is required, the third parties will be contractually obligated to maintain the confidentiality and security of that PII. They are restricted from using, selling, or distributing this data in any way other than to provide the requested services to the Service or as required by law.
Law Enforcement, Legal Process, and Emergency Situations
We may use or disclose your Personal Information to third parties if required to do so by law or on the good-faith belief that such action is necessary to (a) conform to applicable law or comply with legal process served on us or the Service; (b) protect and defend our rights or property, the Service or our users, or (c) act to protect the personal safety of us, users of the Service or the public.
We may disclose de-identified versions of your Personal Information and other data (“De-Identified Information”) in aggregated or non-aggregated forms with institutional clients, partners, investors and contractors for any purposes related to our business practices. Permitted uses of your De-Identified Information may include but are not limited to, product development, marketing or research made available to the public.
Confidentiality and Security
We have taken reasonable and necessary steps to ensure that all Personal Information collected will remain secure. These steps include physical, electronic, and administrative procedures to safeguard and help prevent unauthorized access or disclosure, maintain data security and correctly use the Personal Information that we collect.
The processing of the Personal Information we collect is carried out using computers and/or IT enabled tools, following organizational procedures and modes appropriate and necessary to providing the Service. Personal Information is processed at DiscoverU Health’s operating offices and in any other places where the parties involved with the processing are located.
It is important that you help protect the privacy of your own information. We strongly recommended that you take precautions to protect the security of any Personal Information that you transmit by using device security features, encryption and other techniques to prevent unauthorized interception of your Personal Information. You are responsible for the security of your information when using unencrypted, public or otherwise unsecured networks
Please understand, that while we try our best to safeguard your Personal Information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.
Accessing, Changing and Deleting Your Information
If you are a registered user of DiscoverU Health, you may review and change some of your information by logging into your account and editing your profile. You can request access, changes or deletions to your Personal Information by contacting us at firstname.lastname@example.org. Be advised that we may not be able to delete your Personal Information without also deleting your user account.
You will not be permitted to examine the Personal Information of any other person or entity without appropriate authorization. Our security procedures mean that we may request proof of identity before we disclose Personal Information to you. We may not accommodate a request to change or delete Personal Information if we believe doing so would violate any law or legal requirement, or cause the information to be incorrect.
The time period for which we keep Personal Information varies according to what the Personal Information is used for. In some cases, there are legal requirements to keep Personal Information for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain Personal Information for no longer than is necessary for the purposes for which it was collected or for which it is to be further processed.
Your Obligations to Keep Access Rights
You agree to: (a) provide true, accurate, current and complete information about yourself as prompted by the Service; and (b) maintain and promptly update your information to keep it true, accurate, current and complete. If DiscoverU Health suspects, in its sole discretion, that such information is untrue, inaccurate, not current or incomplete, we have the right to suspend or terminate your account and refuse any use of the Services (or any portion thereof). If you are a registered user of the Service, you are solely responsible for the security and confidentiality of your username and password and you are solely responsible for any and all activities that occur under your account.
The Service may contain links or deep links to other websites, open search results or other online content. DiscoverU Health generally reviews the content of online content linked through third party websites, but it is not responsible for such content, the privacy practices, or any advertisements on third party websites. Users should be aware of this when they use our Service and are encouraged to review the privacy statements of each third party website.
The Service is not directed to children under 13 years of age. Unless otherwise disclosed during collection and with parent or guardian consent, DiscoverU Health does not knowingly collect Personal Information from children under 13 years of age.
Your Personal Information may be used for legal purposes by DiscoverU Health, in Court or in the stages leading to possible legal action arising from improper use of the Service. By using the Service, you declare to be aware that we may be required to reveal Personal Information upon request of public authorities.
Questions and Suggestions