Effective Date: January 1, 2020
Last Reviewed On: December 31, 2019
Hello Heart respects your right to privacy. Your ability to make informed choices about the uses of your information is important to us. This privacy statement explains Hello Heart’s policy regarding the collection, use, disclosure and protection of Personal Information. The terms of this privacy statement apply to information collected from you unless different terms are specified as part of a special offer or in another form or contract we provide you. Hello Heart stores medical tests results, physician summaries, prescriptions and any other medical information (“Personal Medical Documents”) which you decide to upload on to the Application. Hello Heart is not a health care provider and the Service does not provide health care services of any type.
If you upload or use Personal Information which relates to someone other than you, you represent to us that you have that person’s legally binding consent to the use of the information as described herein or that you are legally authorized to consent on their behalf. You may provide Hello Heart with Personal Information or Personal Medical Documents only if you are resident in the United States and otherwise eligible to use the Services under the Terms and Conditions.
We collect or obtain the following categories of personal data about you. Please see How We Use and Share Personal Information for more information about why we collect the categories of information below.
Examples of Information We Collect
We collect names, addresses, phone numbers, and email addresses (“Contact Information”) of users to provide our services, respond to product inquiries, and for the other business purposes listed below. We may automatically collect your Internet Protocol address when you visit us to improve our products and communications (see More About Cookies below).
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
We collect names, Contact Information, employment, and insurance information about users to provide and promote our products and services and for the other business purposes listed below. We collect medical information when you or your doctor provide it to us, such as when you add Personal Medical Documents to your medical portfolio on the Application.
Protected classification characteristics under California or federal law.
We obtain information about patients’ age and gender to improve our product quality and safety and for the other business purposes listed below.
We obtain transactional data pertaining to our products to comply with our legal obligations, to improve our products, and for the other business purposes described below.
While we do not collect information about biometric identifiers of users, some of the health tracking information we collect (such as blood pressure or steps) may contain identifying information. We collect this information to provide our services to you and for the other business purposes listed below.
Internet or other similar network activity.
We collect information about how visitors browse or search our website, for our brand, or for our products. We use these tools to analyze how our products perform and improve our services. (See More About Cookies below.)
Professional or employment-related information.
We obtain information about the employer you work for in order to integrate our Service with employers and for the other business purposes described below.
We do not collect:
The “personal information” listed above does not include:
We may obtain all of the categories of personal information listed above from the following categories of sources:
We may use or disclose the Personal Information we collect for one or more of the following business purposes:
In the preceding 12 months, we have disclosed the following categories of personal information to our third-party service providers for the business purposes described above:
Under applicable law, we are permitted to disclose personal information to service providers in accordance with written contracts requiring our service providers to keep the information confidential. We may provide Personal Information to third party vendors or service providers who assist us or our affiliates in administering and managing our sites, products, services or business (such as third parties providing hosting services). These recipients of Personal Information enter agreements with Hello Heart governing the privacy and security of Personal Information. These recipients of Personal Information are not authorized to use the information we share with them for any other purpose. By providing such information, you expressly consent to such transfer and use, including transfers outside of the jurisdiction in which the information was provided.
In addition to third-party service providers, we share all of the categories of personal information we collect with government entities (if required by law or reasonably necessary to avoid harm). We may also share your personal information, at your request, to business partners that provide services selected by you.
If you receive access to Hello Heart through your health plan, we may share limited information about you (for example, the fact that you registered for Hello Heart or information related to your use of Hello Heart) to the plan sponsor or plan’s third party administrator (for example to wellness program vendors) for payment purposes, operational purposes, or as permitted or required by law. You may choose to send a physician or other third party the Personal Medical Documents using the email or Fax options in the application. The system is not designed to enable access by physicians and/or third parties to your Personal Medical Information.
In the preceding twelve 12 months, we have not sold personal information. Our policy is that we do not and will not sell your personal information, unless you give us your consent or direct us to do so. Hello Heart does not sell, rent, share, or disclose Personal Information and/or Personal Medical Documents to third parties, except to its vendors, partners, contractors or agents to the extent necessary to provide Hello Heart’s services.
Personal Information does not include “aggregate” information. Aggregate information is data we collect about a group or category of services or users, from which individual customer identities have been removed. In other words, information about how you use a service, or the results of such use, may be collected and combined with similar information others, but no Personal Information will be included in the resulting data. Hello Heart can extract statistical data from your content in order to provide it to other users or partners without connecting it to any personal data such as name or email address. Aggregate data helps us understand trends and user needs so that we can better consider new products and services, and tailor existing products and services to customer desires. You understand that we may commercialize aggregate information by any and all means, and that you will receive no payment or other consideration in respect of such use. We will not use or disclose to third parties user data gathered from the HealthKit API or from health-related human subject research for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research.
Hello Heart has put into place security measures in an effort to protect Personal Information from loss, misuse or alteration while it is under our control. Personal Information we collect is stored in a cloud electronically and may be combined with other membership information. We use technical, contractual, administrative and physical measures in an effort to protect against unauthorized access. These include Secured servers, SSL and encryption. Although we take measures we believe are appropriate to safeguard against unauthorized disclosures of Personal Information, “perfect security” does not exist on the Internet. We cannot ensure or warrant the security of any Personal Information you transmit to us, and you transmit such information at your own risk. To allow you to securely view your account and registration information you will be required to submit a username and password upon registration to the Application. To protect the confidentiality of Personal Information, you must keep your password confidential and not disclose it to any other person. If other people have access to your email, they may be able to obtain access to your password and obtain Personal Information about you (such as your credit card information), or change information about your user profile. You may not want to use an email account operated by an employer because many employers have the legal right to access such email accounts.
If at any time you wish to stop receiving promotional information from Hello Heart, you may opt out by emailing us at firstname.lastname@example.org.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
We do not currently respond to “do not track” signals.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct any service providers with whom we have shared personal information to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
You may update, review or correct your on-line account information at any time online by accessing your password-protected registration page on the Application.
You must be 18 years of age or older in order to establish an account on and use the Service.
California law, known as the “Shine the Light” law, allows California residents to request and obtain from us a list of the Personal Information (if any) that we disclosed to third parties for direct marketing purposes. We will never disclose your Personal Information to third parties for direct marketing purposes without your consent, but if you like to make a request for information under this law, please send an email message to email@example.com with "Request for California Privacy Information" in the subject line of your message.
We will not discriminate against you for exercising any of your California privacy rights under the California Consumer Privacy Act. For example, if you exercise your California privacy rights, we may not, on that basis:
If you have any questions or concerns about this privacy statement or would like to contact us for any reason, you can contact us at firstname.lastname@example.org.
Hello Heart reserves the right to change this privacy statement at any time, but will alert you that changes have been made by indicating at the top of the privacy statement the date it was last updated. We encourage you to review our privacy statement to make sure you understand how your information will be used. If there is ever a material change to how we use your information and the new uses are unrelated to uses we disclose in this statement, we will communicate the changes in advance as described above, and such changes will apply following the date of such change.