Effective Date: February 22nd 2021
Certain demographic, health and/or health-related information that DocDay collects about Consumers as part of providing the Services may be considered “protected health information” or “PHI” under the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, when DocDay, acting as a “Business Associate” (as such term is defined in HIPAA) receives identifiable information about a Consumer from or on behalf of a Consumer, or Customer’s doctor, dentist, or other healthcare specialist, professional, provider, organization or agent or affiliate thereof (collectively, “Healthcare Providers”), this information is considered PHI.
HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. DocDay may only use and disclose PHI in the ways permitted by a Consumer’s Healthcare Provider(s) or authorized by a Consumer.
The following subsections detail the categories of Personal Data we collect. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. For each category of Personal Data, these subsections also set out the source of that Personal Data, our commercial or business purpose for collecting that Personal Data, and the categories of third parties with whom we may share that Personal Data. More information regarding those sources and categories are set forth below.
Consumer Personal Data
Categories of Personal Data We Collect
Categories of Sources of Personal Data
In certain circumstances, we may share your Personal Data with the following categories of service providers and other third parties for the indicated business purposes:
All Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
The following sections provide additional information about how we collect your Personal Data.
Information Collected Automatically
We use the following types of Cookies:
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. You can also delete all Cookies that are already on your computer. Although you are not required to accept DocDay’s Cookies, if you block, reject, or delete them, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.
To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.
The security of your Personal Data is important to us. We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. We endeavor to follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and in storage. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data. We store and process your information on our servers in the United States and abroad. We maintain what we consider industry standard backup and archival systems. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, for example, by making good faith efforts to store Personal Data in a secure operating environment that is not open to the public, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot and do not guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.
If at any time during or after our relationship we believe that the security of your Personal Data may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can update that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. If you prefer for us to use the U.S. Postal Service to notify you in this situation, please e-mail us at email@example.com. Please include your address when you submit your request. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this e-mail address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Data.
We retain Personal Data about you consistent with all internal policies and procedures. We may retain Personal Data to comply with our legal obligations, resolve disputes or collect fees owed, or as is otherwise permitted or required by our data retention policies and procedures.
We may use information that is neither Personal Data nor PHI (including non-PHI Personal Data that has been de-identified and/or aggregated) to better understand who uses DocDay and how we can deliver a better digital healthcare experience, or otherwise at our discretion.
If you are a registered user of the Services, you can modify certain Personal Data or account information by logging in and accessing your account. If you wish to close your account, please email us at firstname.lastname@example.org. DocDay will use reasonable efforts to delete your account as soon as reasonably possible. Please note, however, that DocDay reserves the right to retain information from closed accounts consistent with all internal data retention policies and procedures.
You must promptly notify us if any of your account data is lost, stolen or used without permission.
DocDay is in compliance with all state consumer privacy requirements, which provide residents with specific rights regarding their personal information. This section describes your rights and explains how to exercise those rights. If you have any questions about this section or whether any of the following applies to you, please contact us at email@example.com.
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months, including the following:
If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient.
If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data purchased by each category of third-party recipient.
You have the right to request that we delete the Personal Data that we have collected from you. This right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive, or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
Personal Data Sales Opt-Out
In this section, we use the term ‘sell’ as it is defined in state consumer privacy laws. We sell your Personal Data, subject to your right to opt-out of these sales.
Over the past twelve months, we have sold the following categories of your Personal Data to third parties:
You have the right to opt-out of the sale of your Personal Data. You can opt-out using the following methods:
We do not sell the Personal Data of minors under 16 years of age without affirmative authorization.
We Will Not Discriminate Against You for Exercising Your Rights Under State Privacy Laws
We will not discriminate against you for exercising your rights under state consumer privacy laws. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under such laws. However, we may offer different tiers of our Services as allowed by applicable data privacy laws with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
Other California Resident Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at firstname.lastname@example.org.