Last updated: June 19, 2023
InkWell Health (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy, together with our Terms of Use (the “Terms”), explains how we collect, use, disclose, and protect your personal information when you use our website, any mobile apps, and any other online or offline services we provide (collectively, the “Services”). This Policy generally applies to all individuals with whom we interact or from whom we collect personal information through our Services. This Policy also describes your choices about the collection and use of your information.
Please read this Policy carefully before you start to use our Services. By using the Services, you agree to be bound and abide by our Terms and this Policy. If you do not agree with our Terms or this Policy, or if you violate them in any way, your right to access or use the Services is terminated.
PLEASE SEE SECTIONS 12-16 IN OUR TERMS REGARDING YOUR RIGHTS IN ANY DISPUTE INVOLVING OUR SERVICES, INCLUDING A MANDATORY ARBITRATION CLAUSE, AND A WAIVER TO A JURY TRIAL OR CLASS ACTION, THAT LIMITS YOUR RELIEF.
NOTE TO PATIENTS: This Policy governs how we use your Protected Health Information (“PHI”) as defined under the Health Insurance Portability & Accountability Act and related federal and state laws and regulations (collectively referred to as “HIPAA”), such as information you provide or receive through us in connection with the provision of healthcare services, except to the extent this Policy conflicts with the HIPAA Notice of Privacy Practices provided to you by your healthcare provider before or while enrolling in the Services they provide through us, and/or any applicable business associate agreement (“BAA”) we entered into with your provider. Please see your provider’s notice for more information on how we handle PHI and your rights in regard to your PHI.
1. How We Collect Information
We may collect information about you by various means, including:
- Directly from you, both online (e.g., our Services) and offline (e.g., industry events);
- From other third-party sources and social media platforms that you may use to engage with us, as well as from partners or third parties we work with; and
- By combining information from different sources, including online and offline data.
2. Types of Personal Information We Collect
When you use our Services, we may collect the following types of information:
- Contact Information: We collect personal information you provide when you use our Services, such as your name, email address, and any other information that can be used to identify you.
- Subscriber account information and related usage data if you maintain a business account with us, including business account information and profiles, payment information, usage data regarding our online services, and other such information;
- Survey information in response to questions we may send you, including for feedback and research purposes;
- Communications between you and us, such as via email, web form, mail, phone, or other channels; and
- Online User Activity described in the next section.
We collect health-related information when you use our Services, including but not limited to, photographs of your injury, details about your injury or surgery, activities you were performing, pain levels, and any other health-related information you choose to share with us. However, as noted above, any PHI we collect has special protection and is subject to the applicable HIPAA Notice of Privacy Practices and business associate agreement.
If you provide us with information regarding another individual, you represent that you have that person’s authorization and consent to give us his or her information and to permit us to use the information in accordance with this Policy.
3. ONLINE USER ACTIVITY, COOKIES AND INFORMATION COLLECTED BY OTHER AUTOMATED MEANS
Cookies are a commonly-used web technology that allow websites or mobile apps to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels and other similar technologies. These tools can help us automatically identify you when you return to our Services. Cookies help us review traffic patterns, improve our Services, and determine what Services are popular.
When you use the Services, the information we may collect by automated means includes, for example:
- Usage Details about your interaction with our Services (such as the date and time of use, pages visited, features used);
- Device Information including the IP address and other details of a device that you use to connect with our Services (such as device type, model and operating system information); and
- Location information where you choose to provide the website or app with access to information about your device’s location.
If a user does not want information collected through the use of cookies, most browsers allow the visitor to reject cookies, but if you choose to decline cookies, you may not be able to fully experience the interactive features our Services provide. We may share non-personal information obtained via cookies with our advertisers and affiliates. Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.
4. How We Use Your Information
We use the information we collect about you or that you provide to us for purposes allowed by applicable laws, including to:
- Provide, maintain, and improve our Services, including to establish and maintain any account or user ID that is created for your use of our Services, and to process transactions or interactions, and for personalizing your experience and providing tailored content;
- Respond to your requests, questions and comments and provide customer support through email, phone and other available communications channels, and to otherwise communicate with you, including sending you updates and providing information about our Services;
- Provide you with information, products, or services that your provider, health plan, or you request from us, or other administrative notices;
- Operate, evaluate, and improve our Services, including to diagnose and improve our technology and user engagement;
- Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights;
- Monitor performance, protect the security and integrity of our Services, and support health care operations and otherwise use such information as permitted under HIPAA, as applicable; and
- For any other purpose specified at the point of collection or as described in your express authorization.
We may use and disclose non-personal, non-individual statistics or demographic information in aggregate form without restriction.
5. How we Share Information
We will not share your personal information with third parties without your consent, except in the following circumstances:
- As you direct us, such as with healthcare providers and health plans, care managers or care coordinators, and for other purposes that you specify;
- We may share information with our related subsidiaries and affiliates, subject to the terms of this Policy;
- We may share your information as permitted by law, including, for example, with third-party service providers that provide and support a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Services, and other vendors). We only provide such vendors with information so they can perform their required functions on our behalf;
- We may disclose your information about you (i) if required by law or legal process such as a court order, (ii) when we believe disclosure is necessary to protect the rights, property, or safety of ourselves or others, or (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity.
- We may transfer the information we maintain in connection with contemplated or completed merger, acquisition, sale or other transfer of some or all business assets, provided that we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Policy.
Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us and applicable law.
We may disclose aggregated and/or deidentified information that does not identify an individual.
6. YOUR PRIVACY CHOICES
We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.
- Cookies: Web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites and mobile apps may not function correctly.
- Marketing emails: We will not use your PHI for marketing except as permitted by HIPAA, such as with your written authorization If you wish to opt out of receiving any marketing emails or other such communications from us, please notify us as provided below. You may choose not to receive marketing emails from us by clicking on the unsubscribe link in the marketing emails you receive from us.
- Patient records: You are entitled under HIPAA to exercise certain rights regarding your PHI, such as access to patient records. For more information, please see your applicable HIPAA Notice Of Privacy Practices.
7. STATE-SPECIFIC NOTICES
Certain states, including California, may provide rights to individuals and households with respect to the collection and use of personal information collected by businesses subject to the law. This may include the right to request that a business: (i) disclose personal information maintained about the individual; (ii) correct or delete personal information maintained about the individual (subject to certain exceptions); or (iii) not sell personal information about the individual to a third party (excluding qualified service providers). It can be unlawful to discriminate against an individual for exercising such rights. You can submit such requests to us via the contact information provided below and we will endeavor to fulfill any obligations that are legally-required, otherwise we will respond to requests in our discretion. Any rights associated with PHI are subject to your applicable HIPAA Notice Of Privacy Practices.
8. LINKS TO OTHER WEBSITES AND THIRD-PARTY CONTENT
Our Services may contain links to other websites or apps. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information.
9. Data Security
We implement reasonable administrative, technical and physical security measures designed to protect your personal information from unauthorized access, use, or disclosure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee the absolute security of your information. We will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notification via e-mail or conspicuous posting on the Services, you agree to accept notice in that form.
10. Data Retention
We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
11. HEALTHCARE PROVIDERS
If you (on behalf of yourself or your organization) are a healthcare provider under a contractual relationship with us to use these Services in connection with your practice, we may additionally collect your business contact information and other data regarding your use of our Services for analytics, marketing or promotional activities, to the extent permitted by law and our contractual relationship. This may include advertising products or services that may be of interest to you. In addition to communicating with you regarding you and your patients’ use of the Services, we may from time to time contact you to provide announcements, alerts, surveys, or other marketing or general communications. In order to improve our Services, we may be notified when you open an email from us or click on a link therein.
12. Children’s Privacy
Our Services are not intended for users under the age of 13 and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.
13. INTERNATIONAL DATA TRANSFERS AND USE
Our Services are controlled and operated by us from the United States and Canada, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States and Canada. Any information you provide through use of the Services may be stored and processed, transferred between and accessed from the United States, Canada, and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Policy regardless of where your personal information is stored or accessed.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Your continued use of our Services after the posting of the revised Privacy Policy constitutes your acceptance of the updated Privacy Policy.
15. Contact Us
If you have any questions, concerns or comments about this Privacy Policy, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us at support@inkwellhealth.com.