Last Updated: July 2, 2020
Your privacy is important to us. This policy describes how we use and disclose your personal and medical information, your choices and rights with respect to your information, and the steps we take to protect your information.
We may change this Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide with additional notice (such as adding a statement on our Site homepage or sending you a notification). We encourage you to review this Policy regularly to stay informed about our information practices and the choices available to you.
- Collection of Information
- Use of Information
- Sharing of Information
- How Information is Stored and Retained
- Your Rights
- Transfer of Information to the U.S. and Other Countries
- Privacy Policies of Third Parties
- Contact Us
1. COLLECTION OF INFORMATION
Information You Provide to Us
We collect information you provide directly to us through our Services. For example, you share information directly with us when you create an account, fill out a form, share your medical records, request customer support, or communicate with us. The types of information you provide to us may include the following:
- Personal Information: When you use the Services, you may provide and we collect what is generally called “personally identifiable information” (PII), or “personal information,” which is information that identifies you as an individual. For example, when you register for the Service or access our Service, we may collect your name, email address, phone number, date of birth and any other information you choose to provide.
- Health Information: When you use the Services, you may directly provide us your health-related information, including, but not limited to, your diagnosis, your physical status and quality of life, and your emotions and mood.
Information We Automatically Collect When You Interact with Us
When you access or use our Services, we automatically collect information about your activities, including:
- Activity Information: We collect information about your activity on our Services, such as the pages you visit on our Site and the symptoms you enter on our App.
- Device and Usage Information: When you visit the Site, App or use our Services, we automatically collect certain information about your device, including information about your web browser, Internet Protocol (IP) address, mobile device identifier, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site and use our Services, we collect information about the individual web pages or products that you view, the time and date of your visit, what websites or search terms referred you to the Site, and information about how you interact with the Services.
- Information Collected by Cookies and Similar Tracking Technologies: We use tracking technologies, such as cookies and web beacons to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits to the Site. Web beacons (also known as “pixel tags”) are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and record information about how you browse the Site. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
Information We Collect from Other Sources
We also collect information from your healthcare provider when they provide it to us and pursuant to our contracts with such healthcare providers. That information may include your diagnosis, laboratory test results and observations, such as blood pressure, imaging files, such as X-Ray and MRI images, treatment plan, and medical history. With your explicit consent, we may collect information from partner laboratories. Also with your consent we may collect information from devices you own and use such as mobile devices or wellness trackers. We may collect this information from your provider electronically via a health records system, verbally or in written form.
2. USE OF INFORMATION
We use the information we collect to guide you through diagnosis and treatment, provide you access to personalized treatment options, and coordinate with your healthcare providers. We also may use the information we collect for the following purposes in accordance with applicable law:
- Provide care coordination: If you opt-in, we share information with your healthcare provider to facilitate health care services.
- Inform you about research opportunities and clinical trials: We may contact you or your healthcare provider about research opportunities, clinical trials, and clinical treatments.
- Provide our Services: We use the information we collect to deliver our Services, create your account, verify your identity, administer questions and surveys in our App or Site, and provide relevant educational health information.
- Operate and improve our Services: We may use information we collect to administer and troubleshoot our Services, monitor Services performance, improve the design of our App and Site, analyze trends, and otherwise enhance the Services we provide.
- Contact you about our Services: We may contact you regarding administrative and account information by email, telephone, SMS, or other equivalent forms of electronic communication, including a mobile application’s push notifications, to notify you regarding updates to our Services.
- Provide you updates and opportunities: If you opt-in, we may use the information we collect to provide you with news, special offers and general information about other goods, services and events we offer that are similar to those you have enquired about or use.
- Respond to your inquiries and requests: We use your information to attend to and manage your requests and questions.
- Promote research and development: We may use your information for research purposes. We take additional security measures when processing your personal information for such purposes, by aggregating, de-identifying, or pseudo-anonymizing your information where possible, limiting access to personnel, and applying other administrative, physical and technical safeguards. In all cases your privacy will be protected by strict confidentiality requirements reviewed by an Institutional Review Board (“IRB”), which oversees the research, or by researchers; representations limit their use and disclosure of your information.
3. SHARING OF INFORMATION
We will only share your personal information and health information with your healthcare providers and other authorized care team individuals, and only when individuals have a need to know your information. We will not use or disclose your personal information or health information for any other purpose without your prior written authorization unless permitted by law.
We will never sell or rent your personal information to any other company or organization.
We will not disclose your personal information or health information to any third party, except as follows:
- To Health Providers: Where we collected your information on behalf of a health provider, we may disclose your information to your provider, for the purpose of facilitating your healthcare and providing Services to you. If you access the Services at the direction of your health care provider(s), we will safeguard your health information in accordance with applicable law and pursuant to our agreements with such provider(s).
- To Service Providers: We may share information with third-parties that need access in order to perform services for us, such as managing our accounts, operating our Services, or processing transactions, under strict confidentiality and contractual requirements.
- For Research Purposes: We may share your information with authorized researchers following a protocol approved by an IRB.
- As Required by Law: We may disclose your information, without your prior authorization, in response to a court order, subpoena, law enforcement, or a regulatory agency to investigate or determine our compliance with our legal obligations.
- For Business Transfers: In the event of a reorganization, merger or sale, we may transfer any and all personal information we collect to the relevant third party involved in the transaction.
- With Your Consent: We will disclose your personal information to friends and family at your express direction. If you grant an authorization, you can later revoke that authorization, in writing, to stop future use and disclosure.
- Other Disclosures: We may otherwise disclose your information as permitted or required by law, when we believe, in good faith, it is necessary for safety purposes or to prevent you or others from harm.
- Please note: In addition to the ways that we may collect, use, and disclose information described in this Policy, we also may also use personal information in ways that we believe are consistent with FDA and other governmental regulations and laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), where applicable.
4. HOW INFORMATION IS RETAINED AND SECURED
Navio also uses industry standard security measures to protect your personal information from loss and misuse. Information transmitted to our Services is encrypted using Transport Layer Security (SSL/TLS) and is stored on encrypted servers with restricted access. Please be aware that no data security measures can guarantee security.
When receiving information from our clients who are healthcare providers, Navio is subject to laws and regulations governing the use and disclosure of health information including HIPAA. Navio encrypts identifiable information and applies reasonable and appropriate security measures to safeguard the confidentiality, integrity, and availability of Protected Health Information (“PHI”) residing on, processed by, or transmitted by our servers.
We store your personal information for as long as we need it to provide you our Services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our contractual and legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.
If you would like your personal information permanently removed from our Services, please contact us at email@example.com. We will then terminate your account. You will no longer be able to use our Services, and you will no longer receive communication from Navio. Subject to applicable law and necessary contractual and record retention requirements, your identifying personal information shall be deleted from our records within thirty (30) days of your request. Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or authorized by law.
Notice of Data Breach
We take the confidentiality and security of your information very seriously. We will notify you in the event a breach occurs involving your personal information or PHI and inform you and/or your healthcare provider about the breach and what steps you may need to take to protect yourself.
5. Your Rights
You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Services.
Additionally, you have the right to:
- Access your information;
- Request we correct your information;
- Request we erase and/or de-identify your information;
- Request we restrict the processing of your information;
- Object to our processing of your information; and
- Lodge a complaint regarding our handling of your information.
If you are a California resident, you have the right, upon written request, to a free copy of your individually identifiable health information, such as your medical history, mental or physical condition or treatment, maintained by Navio.
You may exercise these rights at any time by contacting us at: firstname.lastname@example.org.
If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial emails from us, and any other promotional communications that we may send to you from time to time, by sending your request to us at email@example.com.
Accessing and Updating Your Information
You have the right to review, amend, or correct your email address, account data, or other personal information held in our database. To do so, please contact us at firstname.lastname@example.org with a clear description of your request. We will respond to your request as soon as reasonably practicable and always under the timeframes set forth by applicable laws.
Do Not Track Signals
Do Not Track is a privacy preference you can turn on in your browser settings. When you turn on the Do Not Track signal, the browser sends a notification to websites, requesting them not to track your web activity across third-party websites. Because there is currently no industry or legal standard for recognizing or honoring Do Not Track signals, we do not respond to Do Not Track signals at this time.
Our Services are directed only toward adults. Navio does not knowingly collect information from children under the age of 18.
6. TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES
Your information, including “personal data,” is processed at Navio’s operating offices and data centers located in the United States. If you reside in the European Union or another jurisdiction outside of the United States, we may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your information receives an adequate level of protection in the United States.
7. PRIVACY POLICIES OF THIRD PARTIES
This Policy only addresses the use and disclosure of information by Navio. It does not apply to third-party websites that may be accessible through our Services. Those third parties have their own privacy policies and practices that govern the collection, use, and disclosure of your information when you visit them. Navio is not responsible for the privacy practices of third parties. We encourage you to read the privacy policies of each and every website you visit.
8. CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at email@example.com or by mail using the details provided below:
44 Tehama St
San Francisco, CA 94105