Welcome! We are glad that you are here. It’s important to have clarity when it comes to your privacy – just like with your sexual health. Email us at email@example.com if you have any questions on the below.
What is Personal Information?
Personal Information is any information relating to a natural person who is, or can be, identified either directly or indirectly from such information, and includes information such as a User’s name, address, telephone number, email address, Internet activity (such as browsing history), or other information directly linked to that person. Personal Information that we collect also includes the personal medical information which users provide to us through the Service. You are not legally required to provide Personal Information to us, but if you refuse to provide such information, we may not be able to register you for the Service.
Personal Information We Collect
We collect any Personal Information you provide when you use the Service, and we automatically collect certain Personal Information when you access the Platform. Personal Information we collect includes, but is not limited to:
- · Your name and contact data such as your e-mail address, phone number, and billing and physical addresses
- · Your login and password and other account ("Account") registration details
- · Demographic data (such as your gender, date of birth and zip code)
- · Computer, mobile device and/or browser information (e.g., IP address, mobile device ID information, operating system, connection speed, bandwidth, browser type, referring/exist web pages, web page requests, cookie information, hardware attributes, software attributes)
- · Third-party website, network, platform, server and/or application information (e.g., Facebook, Twitter, Instagram)
- · Usage activity concerning your interactions with the Service and/or third-party websites, networks or applications accessed through the Service (e.g., viewing habits, viewing preferences, viewing history, number of clicks on a page or feature, amount of time spent on a page or feature, identify of third-party websites, networks, etc.)
- · Billing, payment, and shipping information
- · Electronic signature
- · Information about third parties that you refer to us (e.g., name, relationship, email, and/or other contact information)
- · Statements or content (e.g., comments, videos, photographs, images) and information about such statements or content, which you submit or publish on or through the Service or which are accessed via your public or linked social media pages (e.g., Facebook, Twitter, Instagram)
- · Any other information you provide when you contact or communicate with us
If you use your mobile device to visit, access, or use the Service, then additional categories of Personal Information that we collect may include:
- · The name associated with your mobile device
- · The telephone number associated with your mobile device
- · Your geolocation
- · Your mobile device ID information
- · With your express consent, your contacts and/or contact information (e.g., names, telephone numbers, physical addresses, email addresses, photos) stored on your mobile device
- · With your express consent, information about third-party software applications on your mobile device (including, without limitation, general software apps, downloadable software apps, social media apps)
Protected Health Information
As part of our relationship with you, we will collect a broad range of Personal Information. Some of it will be medical information (covered by laws that protect medical/health information) and some of it won’t be medical information. For example, we collect certain medical Personal Information on behalf of the Providers, which may include, but is not limited to:
- · Health and medical data you submit for screening, diagnosis, or treatment purposes, including information in any questionnaires or surveys you complete for these purposes
- · Previous doctors or other healthcare providers you visited
- · Date of visit
- · Images or videos you share for screening, diagnosis, or treatment purposes
- · Communications with Providers
To the extent that TBD Health receives medical information that may be protected under applicable laws, including the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”), TBD Health will comply with such laws. To be clear, to the extent TBD Health receives medical information that is protected by HIPAA or applicable state law, this information will be used and disclosed only as permitted by HIPAA and applicable state law.
The HIPAA Notices of Privacy Practices that describes how the Providers use and disclose protected health information is also applicable. TBD Health encourages you to review any applicable Notices of Privacy Practices in order to understand the Provider’s uses and disclosures as well as your rights with respect to your protected health information.
How Information Is Collected
TBD Health collects Personal Information directly from you when you visit, access, or use the Service; when you register with or subscribe to the Service or any products or services available through the Service; when you "sign in," "log in," or the like to the Service; when you allow the Service to access, upload, download, import or export content found on or through, or to otherwise interact with, your computer or mobile device (or any other device you may use to visit, access or use the Service) or online accounts with third-party websites, networks, platforms, servers or applications (e.g., your online social media accounts, your cloud drives and servers, your mobile device service provider); or whenever TBD Health asks you for such information, such as, for example, when you process a payment through the Service, or when you answer an online survey or questionnaire. In addition, if you or a third party sends TBD Health a comment, message, or other communication (such as, by way of example only, email, letter, fax, phone call, or voice message) about you or your activities on or through the Platform, then TBD Health collects Personal Information provided therein or therewith.
In addition to the Personal Information we collect directly from you, we may also collect certain Personal Information from the Providers who provide treatment or other services to you in connection with our Service. This may include, but is not limited to, information related to screening, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service. We may also receive Personal Information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
In addition, from time to time, we may use or augment the Personal Information we have about you with information obtained from other sources, such as public databases, social media platforms, and other third parties.
Finally, TBD Health might use various tracking, data aggregation and/or data analysis technologies, including, for example, the following:
- · Cookies, which are small data files (e.g., text files) stored on the browser or device you use to view a website or message. They may help store user preferences and activity and may allow a website to recognize a particular browser or device. There are several types of cookies, including, for example, browser cookies, session cookies, and persistent cookies. Cookies may record information you access on one page of a website to simplify subsequent interaction with that website, or to help streamline your transactions on related pages of that website. Most major browsers are set up so that they will initially accept cookies, but you might be able to adjust your browser's or device's preferences to issue you an alert when a cookie is downloaded, or to block, reject, disable, delete or manage the use of some or all cookies on your browser or device. Cookies can be set by the website owner (i.e., us), or they can be set by third parties (e.g., Facebook, Google, etc.) Cookies are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Third party cookies may also be used to enable analytics (e.g. Google Analytics) or advertising functionality (e.g., ad re-targeting on third-party websites) that enables more customized services and advertising by tracking your interaction with our Service and collecting information about how you use the Service.
- · Flash cookies, which are cookies written using Adobe Flash, and which may be permanently stored on your device. Like regular cookies, Flash cookies may help store user preferences and activity, and may allow a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies.
- · Web beacons, which are pieces of code embedded in a website or email to monitor your activity on the website or your opening of the email, and which can pass along information such as the IP address of the computer or device you use to view the website or open the email, the URL page on which the web beacon is located, the type of browser that was used to access the website, and previously set cookie values. Web beacons are sometimes used to collect advertising data, such as counting page views, promotion views, or advertising responses. Disabling your computer's, device's or browser's cookies may prevent some web beacons from tracking or recording certain information about your activities.
- · Scripts, which are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user's interactions with the website, such as the links the user clicks on. Scripts are oftentimes temporarily downloaded to the user's computer or device from the website server, active only while the user is connected to the Platform, and deactivated or deleted when the user disconnects from the website.
- · Analytic tools and services, which are sometimes offered by third parties, and which track, measure and/or generate information about a website's or program's traffic, sales, audience and similar information, and which may be used for various reasons, such as, for example, statistical research, marketing research, and content ratings research, and conversion tracking. Examples of the analytic tools and services which TBD Health might use include Google Analytics and Taplytics. TBD Health may also use other third-party analytic tools and services.
Please be advised that if you choose to block, reject, disable, delete or change the management settings for any or all of the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies, then certain areas of the Platform might not function properly.
Use of Personal Information
Wow, that’s a lot of Personal Information! What do we use it for? In connection with providing the Service and operating our business, we and our affiliates and service providers may use your Personal Information, subject to the limitations addressed in the Protected Health Information section above, for a number of purposes, including, but not limited to:
- · Verifying your identity;
- · Confirming your location;
- · Administering your account;
- · Fulfilling your requests;
- · Processing your payments;
- · Facilitating your movement through Service;
- · Facilitating your use of the Service and/or products or services offered through the Service;
- · Communicating with you by letter, email, text, telephone or other forms of communication;
- · Providing you with information about TBD Health, the Pharmacies, Labs, the Medical Groups, the Providers and/or their businesses, products and services by letter, email, text, telephone or other forms of communication;
- · Providing you with customer support;
- · Providing you with information about third-party businesses, products and services by letter, email, text, telephone or other forms of communication to the extent permitted by law;
- · Developing, testing or improving the Service and content, features and/or products or services offered via the Service;
- · Identifying or creating new products, services, marketing and/or promotions for TBD Health or the Service;
- · Promoting and marketing TBD Health, the Service, and the products and/or services offered via the Service to the extent permitted by law;
- · Improving user experiences with the Service;
- · Analyzing traffic to and through Service;
- · Analyzing user behavior and activity on or through the Service in order to analyze and improve the Service;
- · Conducting research and measurement activities for purposes of product and service research and development, advertising claim substantiation, market research, and other activities related to TBD Health, the Service or products and services offered via the Service;
- · Monitoring the activities of you and others on or through the Service in order to analyze and improve the Service;
- · Placing and tracking orders for products or services on your behalf;
- · Protecting or enforcing TBD Health's rights and properties;
- · Protecting or enforcing the rights and properties of others (which may include you);
- · When required by applicable law, court order, or other governmental authority (including, without limitation and by way of example only, in response to a subpoena or other legal process); or
- · TBD Health believes in good faith that such use is otherwise necessary or advisable (including, without limitation and by way of example only, to investigate, prevent, or take legal action against someone who may be causing injury to, interfering with, or threatening the rights, obligations or properties of TBD Health, a user of the Service, which may include you, or anyone else who may be harmed by such activities or to further TBD Health's legitimate business interests).
We may de-identify your Personal Information and use, create, and sell such de-identified information for any business or other purpose not prohibited by applicable law.
Disclosure of Personal Information
When might we have to disclose your Personal Information to others? Subject to the limitations described in the Protected Health Information section above, we may disclose your Personal Information to third parties in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information to:
- · Our third-party and service providers (collectively "vendors") that provide services to enable us to provide the Service, such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, and other similar services;
- · Our vendors that provide services to enable us to run our business and administrative operations, such as legal and financial advisory services, auditing services, analytics and similar services;
- · Our vendors that provide services to enable us to promote and advertise the Service and the products and/or services offered via the Service, such as ad platforms or ad-retargeting services, as well as comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services;
- · The Providers to enable them to provide services to you via the Service and to collect payment on their behalf;
- · Vendors as we believe necessary or appropriate to comply with applicable laws; and
- · A third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party.
TBD Health may retain your Personal Information for as long as it believes necessary to: (i) comply with its legal obligations; (ii) resolve disputes; (iii)enforce its agreements; and/or (iv) provide you with the products and/or services of the Service. TBD Health may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by TBD Health or as required by law. Similarly, the Providers may retain your information for as long as they believe necessary to comply with their respective legal obligations, resolve disputes, enforce its agreements, and/or as long as needed to provide you with the products and/or services of the Providers. The Providers may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by the Providers or as required by law.
The California Consumer Privacy Act (“CCPA”) grants California residents certain additional privacy rights. The CCPA does not encompass “protected health information” that is governed by HIPAA or “medical information” that is governed by the California Confidentiality of Medical Information Act. This section, in contrast, will cover information on California residents who are employees, who visit the Platform but are not identifiable as patients, and information on California residents that we otherwise create or receive but that is not subject to HIPAA or the California Confidentiality of Medical Information Act. This section applies to both information that we collect through the Platform and information we create or receive offline, including hard copy information.
If you are a resident of California, you may:
- · Request the categories and/or specific pieces of Personal Information collected about you, including whether your Personal Information is sold or disclosed, and with whom your Personal Information was shared;
- · Access a copy of the Personal Information we retain about you;
- · Request deletion of your Personal Information;
- · Correct or amend your Personal Information; and
- · Object to certain uses of your Personal Information.
To exercise these privacy rights and choices, please follow the instructions below:
- · How to request access to your Personal Information: You may request access to your Personal Information twice in a 12-month period. To do so, please email us at firstname.lastname@example.org with the subject heading "California Privacy Rights." In response, we will produce an Access Report detailing the Personal Information we have collected, disclosed, and/or sold about you. This Access Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
- · How to request deletion of your Personal Information: You may request that we delete the Personal Information it has collected and/or maintained about you. To do so, please email us at email@example.com. Note, we may need to retain certain Personal Information as permitted by law, such as to complete the transaction for which the Personal Information was collected, maintain an electronic medical record for a Medical Group or Provider, provide a requested good or service, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, comply with legal obligations or to enable solely internal uses that are reasonably aligned with your expectations or lawful within the context in which you provided the information.
We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. If you maintain an account with us, we will verify your identity through existing authentication practices for the account (e.g., login and password). If you are not a registered member, we will verify your identity by matching two or three data points that you provide with data points that we maintain and have determined to be reliable for the purposes of verification (e.g., browser or device ID).
Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your or your minor child's Personal Information. In order to designate an authorized agent to make a request on your behalf, you must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. You must also verify your identity directly with us by providing a copy of your government issued identification. Response Timing and Format: If you are a TBD Health customer with an online account, we will deliver our written response to that account online or via email. If you are not a TBD Health customer or do not have an online account, we will deliver our written response by mail or electronically, at your preference. The response will also explain the reasons we cannot comply with a request, if applicable. Please note, that if you are submitting a request regarding information you provided to a Provider, your request should be directed to that entity. Anti-Discrimination Right: We will not discriminate against you for exercising any of your CCPA rights. But note that some of the functionality and features available to you may change or no longer be available to you upon deletion of your Personal Information.
We do not sell your Personal Information.
The Platform and Service are not directed toward children. If you are under the age of 13, you must obtain the authorization of a responsible adult (parent or legal custodian) before using or accessing our Platform and Service. We will not knowingly collect or use any Personal Information from any children under the age of 13. If we become aware that we have collected any Personal Information from children under 13, we will promptly remove such information from our databases. If you want to notify us of our receipt of information by children under 13, please email us at firstname.lastname@example.org.
We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the "Contacting Us" section below.
Last updated: July 18, 2022