Effective Date: 9/20/2017
- What personal information is collected by Resources Online through our Services.
- How Resources Online uses this information.
- With whom Resources Online may share personal information.
- What choices are available to you with respect to collection, use and sharing of this information.
- What types of security procedures are in place to protect the loss or misuse of this information under our control.
A. Information We Collect
We collect information from and about you in three ways. First, you provide us with certain information when you register for and use our Services. Second, your healthcare providers may upload health information such as test results and other data into your account. Finally, we collect certain information automatically as you interact with our Services.
1. Information You Provide to Us
We collect this information when you register for an account and use the Services. This type of data includes:
- Account information. We may collect personally identifying information, including your name, telephone number, mailing address, birth date (day and month only) and email address.
- Information submitted through the Services. You may submit information such as goals, responses to questions, and behavior summaries through the Services (“User Feedback”). This information may include sensitive healthcare and diagnostic information, including PHI as that term is defined below.
We do not operate an ecommerce website and therefore do not collect any financial information from you.
2. Information Submitted by Your Healthcare Provider
Your healthcare provider will have access to your healthcare data via the Services. Additionally, your healthcare providers may upload data (such as test results) into your account. Some of this information and data constitutes “Protected Health Data” or “PHI” as that term is used in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). By registering for the Services, you hereby grant Resources Online permission to collect and store PHI received from you or your healthcare provider and maintain PHI on your behalf and on behalf of your healthcare providers.
3. Information We Automatically Collect from You When You Use the Services
Information collected through our cookies and beacons. We (or service providers on our behalf) may use technologies, including “cookies” and “web beacons,” to automatically collect information from you when you use the Services. Cookies are small amounts of data that are stored within your Internet browser that saves and recognizes your earlier activities. Resources Online uses both session cookies, which track a user’s progression during a single visit, and persistent cookies, which track a user over time. Beacons are web page elements that can recognize certain types of information on your computer or mobile device, such as cookies and when a page or email was viewed.
Information that may be collected by cookies and web beacons when you use the Services may include, without limitation:
- Date and time of your visit to or use of the Services;
- Amount of time you spend using the Services; and
- Your computer or mobile device and connection information such as your browser type and version, operating system and platform.
You can delete cookie files from your hard drive, or avoid them altogether, by configuring your browser to reject them or to notify you when a cookie is being placed on your hard drive. Not all features of the Services will function as intended if you reject cookies.
The information we collect automatically is statistical information and may include personal information. We may combine it with personal information we collect in other ways or receive from
third parties. If you do not want us to collect this information, do not download the app or use the Services, and delete the app from your device.
B. Do Not Track Requests
Your Internet browser and mobile device may allow you to adjust your browser settings so that “do not track” requests are sent to the websites you visit.
C. How We Use the Information We Collect
We may use information collected from or about you for any of the following purposes:
- for clinical purposes covered by your agreement with your health care provider.
- to develop, provide and improve the Resources Online products and services;
- to manage and verify your account and the identity of users of the Services;
- to contact you when necessary about your account or your use of the Services;
- to comply with regulatory requirements for the maintenance of records;
- to conduct internal reviews of our Services and to help us better understand how you use our Services;
- to protect the security and integrity of our Services;
We may use your User Feedback and PHI to create de-identified or aggregated data that does not identify you, in accordance with 45 CFR 164.514 (“De-Identified Data”). For example, we may aggregate the number of users who follow a similar treatment plan to better understand how that treatment plan is working.
We may also combine information we collect about you through the Services with other information about you that we receive from third-party sources. By way of example and not limitation, we may combine test results or other medical information from another provider with your records.
D. How We Share Your Information with Third Parties.
We may share the information we collect in connection with the Services with the following third parties:
1. De-Identified Data
2. Healthcare Providers
3. Service Providers
We may share your personal information with our third-party service providers who provide services to us or on our behalf, such as operating and supporting the Services. These third-party service providers are restricted from using your personal information for their own purposes.
4. Our Affiliates
5. Transfer or Assignment in Connection with Business Transfers or Bankruptcy
6. Response to Subpoenas or Court Orders or to Protect Our Rights
We may disclose your information to government authorities or third parties if:
- you have given us permission to share your information;
- we are required to do so by law, or in response to a subpoena or court order;
- we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Services, third parties or the public at large; or
- we believe that you have abused a Service by using it to attack or gain unauthorized access to a system or to engage in spamming or other conduct that violates applicable laws or the Resources Online Terms of Service.
E. Your Choices
Using the Services is optional. At any time, you may stop providing User Feedback or other data. In addition, you may cancel your account at any time. If your healthcare provider set up your account, contact your healthcare provider to cancel the account. Otherwise, contact Resources Online at firstname.lastname@example.org to cancel your account. Upon termination, we have no obligation to maintain, store or transfer any data that you have on the Services. However, we may retain User Feedback as permitted or required by any state or federal law or at the request of your healthcare providers.
If you terminate your Account, you acknowledge that BehaviorSpace may continue to retain your Health Information as required by any state or federal law regarding retention of medical records or at the request of your Healthcare Providers, in connection with the services BehaviorSpace provides such Healthcare Providers. You further acknowledge and agree that BehaviorSpace may retain your Health Information on your behalf even if a particular Healthcare Provider’s relationship with BehaviorSpace ends, as agreed to pursuant to a separate access request that complies with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
F. Do-Not-Track Signals
Resources Online does not track its users over time and across third-party websites to provide targeted advertising and therefore does not respond to Do Not Track signals.
G. California Privacy Rights
Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice that identifies the categories of personal information we share with affiliates or third parties for their marketing purposes. However, Resources Online does not share personal information with third parties for marketing purposes, so this California statute does not apply.
H. How We Protect Your Information
We have implemented commercially reasonable measures designed to secure your personal information from unauthorized access, use, alteration and disclosure. Personal information, including User Feedback and PHI, is stored in a HIPAA-compliant, cloud-based data store. Only authorized, trained personnel have access to this data. We do not store names, addresses, phone numbers, or financial data. However, the transmission of information via the Internet is not completely secure. You
acknowledge that: (a) the limitations of the Internet are beyond our control; (b) the security, integrity and privacy of information and data exchanged between you and us cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. Resources Online has no responsibility or liability for the security of information transmitted via the Internet.
I. No Use by Children
The Services are not intended for users younger than 13. We do not knowingly collect contact information from children under the age of 13 without verifiable parental consent. If we become aware that a visitor under the age of 13 has submitted personal information without verifiable parental consent, we will remove his or her information from our files.
J. Use of Information Outside Your Country of Residence
K. Contact Us