Effective: September 09, 2014
Last modified: July 29, 2020
To utilize the Services, you are required to submit certain information to establish an account. We collect certain information during the account registration process for identity verification purposes. We collect and utilize additional information as set forth below.
Information We Collect From You
When you register with the Services, we collect certain personally identifiable information about you (“Personal Information”), including your name, address, telephone number, contact information and password. Once you have registered, we may collect the following information about you, including:
- Your birthdate and certain health information, e.g., your health insurance information, any diagnoses and how long you have been having symptoms.
- A profile image, should you provide one.
- Information you provide to us, or grant us access to, when you access or use the Services.
- Information you provide in public forums through the Services, including using our review, comment, post or similar functionality.
- In the event you pay for the Services directly, payment information is provided directly to our payment processing partner.
Information We Collect Automatically
You or your health care provider, health plan, pharmacy benefit manager or employer will provide us with information so that we can provide our services to you. Additionally, we may collect certain information when you use the Services, including the following:
- Use of the App. When you use the App, we may collect certain information about such use, including the location of your mobile device, your mobile device ID, type of device and operating system you use to access our App; your activities within the App; and the length of time that you are logged in through the mobile app.
- Unique Identifiers. We may collect certain information through unique identifiers such as IP address when you are using the Services.
- Cookies. We may use “cookies” and other technologies to collect data that enable us to better understand and improve the usability, performance and effectiveness of our Services. For instance, we may use session cookies (which expire once you close your browser) or persistent cookies (which stay on your mobile device until you delete them) to provide you with a more personal and interactive experience on our App.
- DNT. Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. Vida Health and the Services do not recognize DNT.
What We Do with Your Information.
Please note that if your access to our App or use of the Services is sponsored by your employer and/or provided for under your health plan, at the request of your employer or health plan, we may share Personal Information that your provide to us, or that we otherwise collect, through the App or the Services with your employer, health plan and/or third party service providers of your employer or health plan. Any such information will be provided in accordance with applicable laws, including without limitation the Health Insurance Portability and Accountability Act of 1996, and regulations issued thereunder, as may be amended from time to time (commonly referred to as “HIPAA”). Please also refer to your health plan’s HIPAA-required notice of privacy practice. Please review Vida Health’s Notice of Privacy Practices.
We may also use your Personal Information to update you on special offers related to our products or services, improve our products and services, provide product announcements or information regarding health topics, deliver other information we believe you will find most relevant, and useful and in any other way we may describe when you provide the information or to which you consent. We may occasionally contact you to gather customer service information to help us determine how we can improve our services and products to better meet your needs. We may also de-identify and/or aggregate your data for various business purposes including product, service and program development and improvement. De-identified data, in individual or aggregated form, may also be used for research purposes both internally by Vida Health or with research partners and other third parties for the advancement of clinical and scientific knowledge.
We may combine or cross-reference your Personal Information with general information or other information we may have acquired about you or may acquire about you through other sources, including offline sources of information to help further customize the information, products or services we provide to you.
We use the general information we collect from you to help us understand and analyze users of our Services, including generating aggregate statistics about Services use. This data can then be used to tailor the Services’ content, deliver a better experience for our users. We may also collect, aggregate and maintain anonymous information about the visitors to our Services. We may further share such aggregate, non-identifiable information with business partners, sponsors and other third parties.
Sharing of Personal Information with Third Parties.
If you invite family, friends or other third parties to be part of your team or join your chat sessions with your health coach, they will have access to the information shared during that session. You should also be aware that certain features within the Services allow for group chat sessions or public forums. By inviting any third parties to join your chat sessions or participate in group session or public forums, you consent to the disclosure of your Personal Information, including information about your health and any health conditions to the other participants. We cannot control whether or how these participants will use your Personal Information or if they will subsequently disclose it. If you do not consent to the disclosure of this information to these third parties, you should not invite them to join your team or participate in the group sessions or other public forums.
We may also release your Personal Information to third parties as required by law, when we believe disclosure is necessary to comply with a legal or regulatory requirements, judicial proceeding, court order or legal process served on us, to protect the safety, rights or property of patients, customers, the public or the Company or defend the Company and its officers, directors, employees, attorneys, agents, contractors and partners, in connection with any legal action, claim, or dispute.
How We Keep Your Information Secure. We seek to safeguard the security of your Personal Information and have implemented reasonable security measures consistent with accepted practices in the healthcare industry to protect the confidentiality of your Personal Information and limit access to it. We have a designated Chief Security Officer and have put in place a variety of information security measures to protect your Personal Information, including encryption technology, such as Secure Sockets Layer (SSL), to protect your Personal Information during data transport and at rest. However, despite our efforts to protect your Personal Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your Personal Information over the Internet will be intercepted. Unfortunately, we cannot guarantee the absolute security of your Personal Information, nor can we guarantee that information that you provide will not be intercepted while being transmitted to us over the Internet. Therefore, we urge you to also take every precaution to protect your Personal Information when you are on the Internet or using the Services.
Children’s Privacy. We are committed to protecting the privacy of children. This Services is not designed or intended for children and we do not intentionally collect information about children under 13 years old. If a parent or guardian becomes aware that a child under 13 years old has provided Personal Information to us without their consent, please contact us at email@example.com.
Contact Us. If you would like to update your Personal Information, delete your account, change your preferences or have any questions or concerns about your privacy, you may contact us at firstname.lastname@example.org. Please note that some information may remain in our records after deletion of your account, including any information or records we are legally obligated to retain.
CCPA Addendum for California Residents
Effective: July 29, 2020
Last modified: July 29, 2020
This CCPA Addendum for California Residents supplements the information contained in the Vida privacy policies and applies solely to all visitors, users, and others who reside in the State of California. We adopt this Notice to comply with the California Consumer Privacy Act (CCPA) and any terms defined in the CCPA have the same meaning when used in this Addendum.
- Information We Collect
When you use our products, we collect information that identifies, relates to, describes, references, associates, links, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, our Websites have collected the following categories of personal information from consumers within the last twelve (12) months. Additionally, we have disclosed the following categories of information for a business purpose in the past twelve (12) months:
|Category||Collected||Disclosed for a business purpose|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||Yes||Yes|
|C. Protected classification characteristics under California or federal law.||Yes||Yes|
|D. Commercial information.||Yes||Yes|
|E. Biometric information.||Yes||Yes|
|F. Internet or other similar network activity.||Yes||Yes|
|G. Geolocation data.||Yes||Yes|
|H. Sensory data.||Yes||Yes|
|I. Professional or employment-related information.||Yes||Yes|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||No||No|
|K. Inferences drawn from other personal information.||Yes||Yes|
- Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
- Vida Health obtains the categories of personal information listed above from the following sources:
- Directly from you. For example, from information you submit when you sign up for our Services.
- Indirectly from you. For example, from observing your actions on our Products.
- From third-party business partners such as social media sites, ad networks, and analytics providers.
- Use of Personal Information
Vida Health does not sell Personal Information.
We may use or disclose the Personal Information we collect for one or more of the following business or marketing purposes:
- To create your account for our services and let you log into your account and use the Products.
- To manage your account, provide you with customer support, and ensure you are receiving quality service.
- To contact you or provide you with information, alerts and suggestions that are related to the service.
- For billing.
- To contact you, either ourselves or using the appropriate authorities, if either we or a provider have a good reason to believe that you or any other person may be in danger or may be either the cause or the victim of a criminal act.
- To match you with a provider.
- To enable and facilitate the delivery of our health services.
- To supervise, administer and monitor the service.
- To measure and improve the quality, the effectiveness and the delivery of our service.
- Market our product and services to you.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To provide, support, personalize, and develop our products and services.
- To personalize your experience and deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our websites, third-party sites, and via email or text message (with your consent, where required by law).
- Vida will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
- Disclosure of Personal Information
Vida may disclose your Personal Information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient both to keep that personal information confidential and not to use it for any purpose except performing the contract.
We share the minimum necessary personal information with the following categories of third parties:
- Service providers that provide audit, legal, operational, technical or other services for us, such as:
- Customer service
- Technical maintenance
- Monitoring website activity
- Email management and communication
- Database management
- Billing and payment processing
- Reporting and analytics
- Marketing and advertising
- Providers who provide our services
- Service providers that provide audit, legal, operational, technical or other services for us, such as:
- Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Request Access to Information
You have the right to request that Vida notify you of the Personal Information about you that we have collected and used. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting that Personal Information.
- The categories of third parties with which we shared that Personal Information.
- The specific pieces of Personal Information we collected about you.
- If we disclosed your Personal Information for a business purpose, and identifying the Personal Information categories that each category of recipient obtained.
- If we disclosed your Personal Information for a business purpose, we will provide the Personal Information categories that each category of recipient obtained.
- Right to Request Deletion of Information
You have the right to request that Vida delete any of your Personal Information that we collected about you and retained. Once we receive your request and verify who you are, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- Exercising Your Rights
To exercise the rights listed above, please submit a request to email@example.com. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
You may only make a request for access twice within a 12-month period. Your request must:
- Provide sufficient information that allows us to verify within reason that you are the person about whom we collected Personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. Making a request does not require you to create an account with us. We will only use Personal Information provided in a request to verify your identity or authority to make the request.
Response Timing and Format
We will try to respond to a request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
For Requests to Access, our response will only cover the 12-month period preceding the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. We will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
- Changes to Our Privacy Notice
- Contact Information
If you have any questions or comments about this Notice, the ways in which Vida collects and uses your information described above, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Vida Health 100 Montgomery Street, Suite 750 San Francisco, CA 94101 or firstname.lastname@example.org