Privacy Policy for the Phase2body, Inc. Website

Last Modified: July 27, 2017

For more information or if you have any questions about this privacy policy, please contact us at support@headsuphealth.coM.

  1. Personal Information

The phase2body, inc. compilation of health, fitness, and medical records (“Website”) is hosted by Phase2body, inc. (“phase2body”) doing business as Heads Up Health, located at 1319 5th Ave., Unit 1, San Francisco, CA 94122. Any reference to “we,” “our,” or “us” refers to phase2body.  By visiting this Website, you agree to be bound by the terms and conditions of this Privacy Policy. If you do not agree, please do not use or access this Website. phase2body may modify this Privacy Policy from time to time and post such modifications here on this Website. The date the Privacy Policy was last revised is identified at the top of the page. If we make subsequent material changes to how we treat our users’ information, we will notify you by email to the email address specified in your account and/or through a notice on the Website home page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes. Your continued use of the Website after any such modification constitutes your acceptance of the modified agreement. By registering or subscribing through this Website, you expressly consent to our use and disclosure of your Personal Information in accordance with this Privacy Policy.

  1. Applicability of this Privacy Policy

This Privacy Policy applies solely to the Website and provides you information on the specific information that phase2body may collect from you via the Website and how phase2body may use it in connection with the services offered by the Website (the “Portal”), whether you are using the Portal as a patient, medical provider, or other. We have established this privacy policy to explain to you how your personal information is protected, collected, and used. Personal information is information about you that is personally identifiable, such as your name, address, phone number, and email address, that is not otherwise publicly available (“Personal Information”).   Additionally, any information on the Website is considered PHR Data.  PHR Data might include, but is not limited to (i) your name and contact information, such as your address, phone number, or email address; (ii) your medical history, conditions, treatments, and medications; (iii) your healthcare claims, health plan account numbers, bills, and insurance information; (iv) demographic information, such as your age, gender, ethnicity, and occupation; and (v) computer information, such as your IP address and “cookie” preferences. The privacy practices of this statement apply to our services available through this website located at URL www.headsuphealth.com (the “Site”).

If you are a patient or legal representative, your medical provider’s use and disclosure of your PHR Data, whether directly or through a third party, is subject to your medical provider’s Notice of Privacy Practices. We cannot control any medical provider’s use of a patient’s PHR Data. If you are a patient or legal representative of a patient, please contact your medical provider for a copy of their Notice of Privacy Practices. phase2body provides this Portal but protects PHR Data as required by the applicable agreement between phase2body and your medical provider or other third party and in accordance with applicable law. If you have any issues with the PHR Data managed by your medical provider’s practice, please contact them directly, as we have no ability to change the information you have provided them.  phase2body protects PHR Data disclosed by you, whether through an upload or other mode of input, according to this Privacy Policy and in accordance with applicable law.

  1. Information Collection

phase2body collects Personal Information from you through the Site to allow us to provide marketing and promotional services that will most likely meet your needs and preferences.  We only collect Personal Information about you that we consider necessary for achieving this purpose.

In general, you can browse the Site and decide to not provide us any Personal Information.  Of course, you will not be able to view any PHR Data without providing us Personal Information. If you agree to provide us with Personal Information, you are no longer anonymous to us. If you choose to use certain services through this Site, we may require you to provide contact and identity information, and other Personal Information as indicated on the forms throughout the Site. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use a particular service.

We may track certain information based upon your behavior on the Site. We use this information to do internal research on our users’ demographics, interests, and behavior to better understand our customers. This information may include the URL that you just came from, which URL you go to next, your computer browser information, and your IP address.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Site, we may collect and retain such information in a file specific to you.

  1. PHR Data

When you register for the Website via the Site, the registration process requires you to create a user profile and choose a user name and password for your account, which you should keep and maintain as confidential. If you choose to share your user name or password or user profile through the Care Team access feature, you understand that those individuals to whom you share that information will have access to your PHR Data and will be able to add to your PHR Data as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your user name or password.

If you are a registered user of the Website, your PHR Data (or that of the person for whom you are the legal representative) currently stored electronically in your medical provider records will become accessible to phase2body in order to provide you access to such information through the Website. Your electronic health records are stored in the Website or Site, and a copy of them is displayed via the Website when you are logged in with your user name and password.

You can review and change your personal information by logging into the Website and visiting your account profile page.

You may also send us an email at support@headsuphealth.com to request access to, correct or delete any personal information that you have provided to us or that we have collected. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.  phase2body may keep your personal information until your user account is deleted.

  1. Use and Disclosure of Your Personal Information

We use your Personal Information, including your email address, to facilitate our services. You agree that we may use Personal Information, including your email address, to improve our marketing and promotional efforts, to analyze site usage, to improve our content and service offerings, and to customize the Site’s content, layout, and services.

We will not disclose your Personal Information to third parties except to:

  • Service providers who are bound by law or contract to protect the Personal Information and are only allowed to use the Personal Information in accordance with the terms of our service agreements with them.
  • Effect a merger, acquisition, or otherwise; to support the sale or transfer of business assets; to enforce our rights or protect our property; to protect the rights, property or safety of others, investigate fraud, respond to a government request; or as needed to support auditing, compliance, and corporate governance functions. We may also disclose Personal Information to defend ourselves in litigation or a regulatory action, and when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate.

 

  • We encourage business partners to adopt and post privacy policies. However, the use of your Personal Information by such parties is governed by the privacy policies of such parties and is not subject to our control.

 

We may also disclose information about you that is not personally identifiable. For example, we may provide our business partners, or other third parties with reports that contain aggregated and statistical data about our users.

  1. Aggregate Data

We may aggregate and de-identify in accordance with HIPAA PHR Data, either alone or with other data to create anonymous, de-identified “aggregate data” regarding the users of our Site and Website. Aggregate and de-identified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you, but will be used as statistical information to determine such things as user demographics and usage patterns of our Site and Website. phase2body may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate data may also be provided or sold to third parties for research purposes.

  1. Other Use and Ownership

We also reserve the right to share de-identified aggregate data collected from this Site or Website with third parties for other research purposes, to the extent permitted by applicable law including, but not limited to, the requirements under HIPAA.  In the case of PHR Data, pursuant to phase2body’s business associate agreement with the applicable medical provider, your information may be shared with your applicable medical provider.

phase2body maintains full rights to any information collected on this Site or Website, and may freely collect, use and disclose such information unless prohibited by this Privacy Policy or applicable law as stated above.

  1. Communications from the Site

We may occasionally send you information on our services offerings.  Out of respect for your privacy, we provide you a way to unsubscribe from each of these communications. If you no longer wish to receive our promotional communications, you may opt-out of receiving them by following the instructions included in each such communication or by contacting us.

  1. Security

The security of your Personal Information is important to us. We follow generally accepted industry standards to protect personal information, including your email address, submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.  Accordingly, and while no web site can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the Website as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers (“SSL”) technology, to help safeguard against such occurrences. It is recommended that you personally keep a backup of your PHR Data. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, PII or communications a person directs to phase2body or the clinician team) to create a protected connection between you and our website to ensure confidentiality.

Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the Website.

In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.

In order to help maintain security, you should never share your user ID or password and should always sign out when you are finished using the Website.

  1. Access

We will maintain your information and allow you to request updates at any time by logging into your Website account to access your information. We will also take steps to make sure that any updates that you provide are processed in a timely and complete manner.

  1. Log Files

As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site, and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information. We track trends in users’ usage and volume statistics to create a more efficient and usable site and product offerings, and to determine areas of the site or our services that could be improved to enhance the user and customer experience. Log files are used on the Site, and in any link to the Site from an email.

  1. Cookies and Related Technologies

When you use this Site, we collect certain information by automated or electronic means, using technologies such as cookies, browser analysis tools, and web server logs. As you use this Site, or our applications, your browser and other electronic devices communicate with servers operated by us and our services providers to coordinate and record the interactivity and fill your requests for services and information.

The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to this Site by your computers or mobile devices. These servers are operated and the cookies managed by us or our service providers.

For example, when you visit this Site, phase2body and our service providers and business partners may place cookies on your computers or mobile devices. Cookies allow us to recognize you when you return, and track and target your interests in order to provide a customized experience. They also help us provide a customized experience and help us to detect certain kinds of fraud. A “cookie” is a small amount of information that a web server sends to your browser that stores information about your account and preferences.

Some cookies are temporary, whereas others may be configured to last longer.  “Session” cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases session cookies once you exit your browser. “Persistent” cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. We use persistent cookies for a number of purposes, such as retrieving certain information you have previously provided, and storing your preferences.

We or certain third parties also may use these technologies to collect information about your activities over time and across third-party websites, apps, or other online services (Online Behavioral Tracking) in accordance with the guidelines set forth by the Digital Advertising Alliance (the “DAA”). We do not control these third parties’ tracking technologies or how they may be used. Certain third-party advertising networks, such as Facebook Ads, Google AdSense and AdRoll, use the collected information to serve ads to you on our behalf on other sites throughout the Internet. These cookies do not contain personally identifiable information or PHR Data, nor are they linked to any personal information collected by us.

The information practices of these third party advertising companies are governed by their own privacy policies and are not covered by this Privacy Policy. Some of these advertising companies may be members of the Network Advertising Initiative (“NAI”), a cooperative of online marketing companies that offers a centralized tool for opting out of behavioral advertising delivered by each of its member companies. If you would like to obtain more information about the NAI and make choices about their members’ use of your information, please visit the NAI website at http://www.networkadvertising.org/consumer/opt_out.asp. Also, through the DAA, several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about interest-based ads from third parties participating in the DAA, please visit the DAA consumer opt out page at http://www.aboutads.info/choices/.

You may view Facebook’s privacy policy at: https://www.facebook.com/about/privacy/. You may opt-out of the Facebook Ads partner network by logging into your facebook account by managing your settings at: https://www.facebook.com/ads/settings. You may view Google’s privacy policy at: http://www.google.com/privacypolicy.html. You may opt-out of the AdSense partner network cookie at: http://www.google.com/privacy/ads/ or by using the Network Advertising Initiative’s (NAI’s) multi-cookie opt-out mechanism at: http://www.networkadvertising.org/managing/opt_out.asp.  Further, you may view the AdRoll privacy policy and opt-out from their network and affiliated networks, at: https://www.adroll.com/account/privacy.  These opt-outs are valid only for the computer and browser combination used to opt-out.  Clearing cookies will remove these opt-outs because they stored in cookies.
If you opt-out of AdRoll or an NAI third-party advertising network, you will no longer receive ads based on your browsing history from that network. You may, however, continue to receive generalized online advertising.

  1. Manage Your Security Settings

You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third party advertising companies online at  www.networkadvertising.org/consumer/opt_out.asp or http://preferences.truste.com/truste/.

You may manage how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

  1. Links to Other Sites

This Site may contain links to other sites that are not owned or controlled by phase2body.  Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies only to information collected by this Site.

  1. Notice to Residents of Countries outside the United States of America

phase2body is headquartered in the United States of America. Personal Information may be accessed by us or transferred to us in the United States or to our affiliates, business partners, or service providers elsewhere in the world. By providing us with Personal Information, you consent to this transfer. We will protect the privacy and security of Personal Information according to this Privacy Policy, regardless of where it is processed or stored.

  1. Changes in this Privacy Statement

If we decide to change our Privacy Policy, we will post those changes to this privacy statement and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently.

  1. Important Note Regarding Children

This Site and Website is not directed toward children under 18 years of age and phase2body does not knowingly collect or use information from children under 18 through this Site or Website. No one under age 18 may provide any information to the Site and Website.  If you are under 18, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If Any information submitted via the Website regarding a minor under the age of 18 must be submitted by the minor’s legal representative. To the extent permitted by applicable state law, minors may access their PHR Data through their medical provider. If we learn we have collected or received personal information from a minor under 18 without verification of consent from the minor’s legal representative, we will delete that information. If you believe we might have any information from or about a minor under 18, please contact us at support@headsuphealth.com.