Last Updated: July 5, 2019
INTRODUCTION TO PRIVACY AT DYNAMICARE HEALTH
DynamiCare Health, Inc. (“DynamiCare”, “we”, “our”, or “us”) knows the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.
By “visitors” we mean casual visitors to our Website, users, and our current customers and members, whether you upload information to our Website, download information, or are merely visiting our Website. By “customers” we mean the person or organization that purchases our Services. By “members” we mean persons having an account and who use the Website, Mobile App, and Services to support their own recovery. By “supporters” we mean the relatives and friends that a member authorizes to access the member’s account. By “users” we mean customers, members, healthcare providers, and supporters who are authorized by a customer to access the Services.
ACKNOWLEDGEMENT AND CONSENT
By accessing the Services, you represent that you are at least 13 years of age, and you hereby are giving full consent that DynamiCare will collect, use, and share your information as described below.
DynamiCare does not knowingly collect or solicit Personal Information (as defined below) from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at email@example.com. If you are between the ages of 13 and 17, you and your parent or legal guardian must sign a consent form to be allowed to use the Services.
INFORMATION WE COLLECT ABOUT YOU
This information (“Personal Information”) may include name, mailing address, email address, telephone number, or any other information defined as personally identifiable information (or similar term) by U.S. laws applicable to you and your information, and may include information defined as “Protected Health Information” under HIPAA. We collect Personal Information during the registration process, online assessment, by telephone, and through your account settings. We will not access your camera, your contacts, your location, or any other device content without your permission. Personal Information does not include Personal Information that has been deidentified, pseudonymized, anonymized, aggregated, and/or otherwise processed so as to be unidentifiable in such a way that the data can no longer be attributed to a specific individual (by reasonable means) without the use of additional information, and where such additional information is kept separate and under adequate security to prevent unauthorized re-identification of a specific individual such that one could not, using reasonable efforts, link such information back to a specific individual (the foregoing referred to as “De-Identified Information”).
a) Information provided to us by users
We receive and store any Personal Information that all users provide to us. For members using the Mobile App’s Verified Appointment Check-in feature, we collect, via the member directly or their healthcare provider, information about the time, location, and duration of key appointments being tracked with the Mobile App, as well as the name of the appointment (e.g., a gym workout session, a Medication Assisted Treatment session where medication may be received, etc.). Certain Personal Information may be required to create an account with us, or to take advantage of some of the features within the DynamiCare Mobile App or Website. Instant messages, emails, contact requests and other forms of communication are kept confidential.
b) Information collected automatically when using our Website
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:
Details of your visits to our Website, including, but not limited to, traffic data, geolocation data, logs and other communication data and the resources that you access and use on the Website.
Information about your computer and internet connection, including your IP address, operating system, browser type, clickstream patterns, the URL of the most recent website you visited before coming to our Website, the amount of time you spent on our Website, and the pages you viewed while on our Website.
The information we collect automatically is De-Identified Information and only used in aggregate or de-identified form (for example, as a statistical measure), and not in a manner that would permit us to identify you personally. This type of information helps us to improve our Website and to deliver a better and more personalized service, including, but not limited to, by enabling us to: (a) estimate our audience/visitor size and usage patterns; (b) store information about your preferences, allowing us to customize and improve our Website; (c) speed up your searches; and/or, (d) recognize you when you return to our Website. We may provide this de-identified and/or aggregate data to our partners and/or customers to identify how our users use our Site, Mobile App and/or Services.
d) Enabling the “Do Not Track” feature on your browser
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and Services (including behavioral advertising Services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. When you turn on the Do Not Track function in your browser, we stop collecting the information from your browser that allows us to tailor advertisements and other content specifically to you that is based on your visits to our advertising partners’ websites. Specifically, we stop collecting information from the unique browser cookie that links your browser to visits to third party sites. Do Not Track signals are set on a browser-by-browser basis, so you must set them on every browser you use if you do not wish to be tracked. Remember that this is just our Do Not Track policy, and we can’t and don’t make any promises about how third parties respond when you set this signal on your browser. Not all third parties will allow you to opt out of tracking or cookies.
The Mobile App uses the built-in Global Positioning System (GPS) data and location capabilities built into your mobile device. This data is used to track your location as well as the length of your stay at appointments, typically beginning 15 minutes prior to your scheduled appointment, and ending 10 minutes after your appointment's scheduled completion time. This feature enables you to check into required locations as a part of ongoing treatment. You can choose whether this feature is enabled on your device. Please note that if you choose to turn off the location capabilities on your mobile device you will not be able to benefit from some of the features of this application. The Mobile App will log that the user has disabled tracking.
f) Substance testing
The Mobile App conducts breath and saliva tests through selfie video. The results of these tests are stored on our secure servers and reviewed by our staff authorized to handle this information. The videos are automatically deleted after one week, unless a member disputes the results. Healthcare providers and our recovery coaches using our system may also enter in the results of substance tests collected outside of our Services to be stored in our system.
g) Smart debit card
We use a smart debit card to provide incentive funds, when applicable. We track and store all transaction data on this card. The debit card issuer does not receive any of your Personal Information, only De-Identified Information.
h) Other features
The Mobile App will store other types of data as you interact with the Mobile App and enter information into it. For example, any information you enter in the Surveys or Cognitive Behavioral Therapy modules in the Mobile App will be stored by us and made available to your identified healthcare provider, which could include a DynamiCare recovery coach, social worker, counselor, primary care physician, or other professional.
i) Aggregated or anonymized data
Unless prohibited by HIPAA, we may use, reproduce, publicize, or otherwise exploit De-Identified Information in any way, in our sole discretion. Such data can be used to improve user experience and application efficacy by giving us insights into the demographics and behaviors of our users. We also may combine your De-identified Personal Information with that of other users to create aggregate de-identified data that may be disclosed to third parties who may use such information to understand and analyze our Services. These data will not contain individual identifiers, nor will any constellation of information be collated which can identify an individual.
j) Google tools
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:
OWNERSHIP OF YOUR PERSONAL INFORMATION
When you provide Personal Information, use the Services, or otherwise disclose or authorize others to disclose Personal Information to us, you, as between us and you, remain the owner of all such Personal Information. By providing such Personal Information to us, you agree to and do here grant us a nonexclusive, worldwide, perpetual, royalty-free, irrevocable (other than as restricted by law applicable to you and your data) right and license to use your Personal Information as described herein.
HOW WE USE YOUR INFORMATION
We gather various types of Personal Information from our users for a variety of reasons. We use Personal Information internally in connection with our Services, including as a means of identifying you as a DynamiCare member, to personalize and improve our Services, to allow you to set up a user account and profile, to contact you, to provide and improve the Services, and to analyze how you use the Services.
We collect both Personal Information and non-personal information through the standard operation of the Services. This information is used to identify you as a DynamiCare member, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services.
We use the Personal Information (and other information) you provide to us to personalize and improve your experience with our services. Sometimes our healthcare partners need to access these data in order to partner with us effectively. The following sections explain how the data we collect are employed. Members, providers, supporters, and our authorized recovery coaches and our personnel will have access to certain aspects of your Personal Information.
Communication with DynamiCare
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers with opportunities to participate in research studies, or email you about your use of the Services. These offers are independent of the Service the application provides, and your participation will not affect your receipt of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our Services, and is in no way associated with your receipt of the Services. If you do not want to receive communications from us, please indicate your preference by emailing us at firstname.lastname@example.org.
By providing us with your email address (including by “following,” “liking,” linking your account to our Service or other services, etc., on a third party website or network), you consent to our using the email address to send you Service-related notices by email, including any notices required by law, in lieu of communication by postal mail. You also agree that we may send you notifications of activity on the Service to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Service, or special offers. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or by clicking “unsubscribe” at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.
You can add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by emailing us. It is your responsibility to maintain your current email address with us.
From time to time, we may invite you to refer our Services to supporters, such as family members, colleagues, or friends. In these cases, it is your responsibility to ensure that these persons are indeed family members or people with whom you have a personal relationship. In short, we ask you to limit your invitations to people in your inner circle that may have an interest in our Services. We will send them an email saying that you have suggested that they may be interested to try our Services. We will not contact them again if they do not reply or if they request that we do not contact them again.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will never disclose your Personal Information (unless in De-Identified form) to other businesses for their marketing purposes. If you are a member, we will never disclosure your Personal Information to your employer.
Member’s healthcare providers
If you are a member, we will share your Personal Information with the member’s healthcare providers, such as the member’s treatment facility, physicians, counselors and coaches.
Member’s insurance company
If you are a member, we will share your Personal Information with the member’s insurance provider.
Member’s information to supporters
If you are a member, we will share your Personal Information with a supporter if you have provided consent for us to do so.
We work with a variety of business partners to assist in providing our Services or relate to our Services. “Partners” are businesses, such as, but not limited to, technology providers (e.g., data processing or storage providers, website and other software developers), financial transactions processors, electronic medical record management providers, fulfillment services, etc. It is likely that the types of such partners will change during the life of your account. We have agreements with our partners to protect the confidentiality and security of your Personal Information. When we refer to our “partners,” we mean independent companies with whom we may work, and they are not related to us or in a legal partnership with us. Our partners may provide Services to you through or in connection with our Services (either alone or jointly with us) or may provide services to us. We will share your Personal Information with that partner only to the extent that it is related to your care or is needed for us to provide our Services.
We may share De-Identified Information or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, IP address, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain Services, and for any other purpose we deem appropriate.
We will attempt to notify you about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon us, our users, our Website, or our Services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.
YOUR CONSENT TO DISCLOSURE/TRANSFER OF YOUR PERSONAL INFORMATION
You consent to our disclosure of your Personal Information and other information to a potential or actual buyer of our company or other successor for the purpose of considering a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or other proceeding, in which Personal Information held by us is among the assets transferred. You agree to and do hereby consent to (and shall not object to) our assignment, conveyance, transfer, and/or license (whether by contract, merger or operation of law) of any or all of our rights to your Personal Information and your consents, in whole or in part, and other information, with or without notice to you and without your further consent.
SECURITY AT DYNAMICARE
We are committed to ensuring that your information is collected, applied and stored in the securest manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect your personal information stored by us from unauthorized access. We also maintain standard physical and electronic procedural safeguards that limit access to your personal information to our employees (or people working on our behalf and under confidentiality agreements) who, through the course of standard business activities, need to access your personal information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do use security measures designed to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us or which we obtain. This is especially true for any information that you transmit to us via email or text message since we have no way of protecting that information until it reaches us. Email and text messages and the communication lines they travel over do not have the security features that are built into our Website and Services and may not be secure. Any transmission of Personal Information is at your own risk. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or used with our Services.
In addition, by downloading the Mobile App from a digital distribution platform such as the Apple App Store or Google Play the platform owner and its agents may be able to identify you as a user of our Services.
YOUR ACCOUNT SECURITY
The safety and security of your information also depends on you. You should maintain good internet security practices. Access to the Service is enabled only by usernames and passwords. You should maintain your username and password in strict confidence. Under no circumstances should you share your username or password with any third party, or allow another person to access the Service using your username and password. Please notify us immediately if you have any reason to believe that your username or password has been lost, compromised or misused in any way. You are fully and solely responsible for any and all use of the Service using your username and password. We reserve the right to revoke or deactivate your username and password at any time. You should prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. The information you share in public areas may be viewed by other users. We’ll never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate. If you have security concerns, questions, or need to reset your password, contact us at email@example.com.
We maintain the Personal Information as a business record according to the requirements of applicable law.
SPECIAL PROVISIONS FOR RESEARCH SUBJECTS
We apply tight controls for research studies conducted under oversight from an Institutional Review Board. Minimal Personal Information is collected from research subjects and is used only to enable our access and use of the Services or as otherwise directed by the study principal investigator. Research study data may be connected to subject username or other unique identifier rather than person name or other identifying information. We will not collect information from research subjects about their online or mobile phone activity that is not part of the research study design. The “Do Not Track” option will be the default for all subjects enrolled in research studies. We will terminate research subject’s subscriptions to their services, thereby removing subject’s history and data on our servers, upon completion of the research study or as directed by study principal investigator. We agree to let study principal investigators control all communications with research subjects and we will not initiate communication with research subjects for any purpose other than as directed by study investigators.
All information passed through us is handled in the United States. By using the Services, you agree that the handling of your Personal Information and any communication through the Services will be governed by the laws of the United States.
NOTIFICATION OF CHANGES