Company may receive your Personal Data:
when our user or subscriber provide it directly to our Site or Application (e.g., when registering in our system or when such information altered or modified by user or subscriber);
through the use of our Services by its users or subscribers.
When you access and use the Services, we may collect the following categories of Personal Information from or about you:
a. Direct identifiers, such as your name, address, email address, telephone number. We typically collect this information directly from you in order to communicate with you, and provide you with access to certain information through our Services.
c. Commercial Information, such as products and services purchased from us. We typically collect this information directly from you in order to fulfill your transactions and provide related customer service.
d. Photo information. The Application asks you for permission to use your phone's camera features to capture documents with a medical insurance number or an identity document (driver's license or passport) for insurance company validation; to scan a 2D barcode (or sometimes referred to as a QR code) to determine the testing address; to create a selfie photo for a user profile. Photos of documents are transmitted using the API and sent to the laboratory for identification. The profile photo is stored on our server for the purpose of displaying the photo when you log into your profile.
e. Location information, such as information used to locate the device you use to access the Services. Location information may include: (i) the location of the device derived from GPS or WiFi use; (ii) other information made available by a user or others that indicates the current or prior location of the user. We typically collect this information to find the testing station you need. Without permission to access your location, we will not be able to provide correct information about the test station closest to you. The app does not store or use your location in the background. We will not use your Personal Information in any other way.
Company has to inform you that whenever users or subscribers use our Application or Service, in a case of an error in the Application we may collect data and information (through third party products) on your mobile phone or smartphone and it so called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, location, the configuration of the Application when utilizing our Service, the time and date and duration of usage of the Service or Application, and other statistics which may be treated as Personal Data. The Application does not collect sensitive information such as location when the Application is closed or not in use.
We are using SMS for sending you COVID test results or providing you the key to enter in your personal profile.
SMS disclaimer: You will agree to received SMS and SMS data rates may apply.
The Service are not directed to anyone under the age of 18. The Site and the Application do not knowingly collect or solicit information from anyone under the age of 18, or allow anyone under the age of 18 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 18 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at [email protected]
THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW HEALTH AND PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We collect protected health information about you that is necessary to perform and share COVID-19 test results, as well as other services we provide. “Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to past, present, and/or future physical or mental health conditions and related health care services.
Company is committed and required by law to maintain the privacy and security of your PHI. We are required to follow the terms of this Notice and, except as described in this Notice, will not disclose your PHI without your authorization. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. If you provide us with authorization to use or disclose your PHI for a specific purpose and later change your mind, please let us know in writing.
You have certain rights when it comes to your PHI. You have the right to:
Ask that we limit how we use or share your PHI for treatment, payment, or our operations. We are not required to agree to your request and may say “no” if it could affect your care. If you pay for a service out-of-pocket in full, you can ask us not to share that information for the purposes of payment or our operations with your health insurer, in which case we will say “yes” unless a law requires us to share that information.
Ask us to contact you in a specific and/or confidential way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests.
Ask for an electronic or paper copy of your medical record and other information we have about you. We will provide a copy or a summary of your health information. We may charge a reasonable, cost-based fee associated with producing copies of your medical records and other information.
Ask us to correct your protected health information that you think is incorrect or incomplete. We may say “no” to this request if we believe the change would violate any law or other legal requirement or would otherwise cause the information to be incorrect, but if that is the case we will explain why in writing.
Ask for a list (accounting) of times we’ve shared your PHI in the six years prior to the date of your request, who we shared it with, and why. We will include all disclosures except those disclosures related to treatment, payment, and our health care operations, and certain other disclosures, such as disclosures you asked us to make. We will provide one accounting to you in any twelve (12) month period free of charge. We may charge a reasonable, cost-based fee associated with producing additional accountings in any twelve (12) month period in which you have already received a free accounting.
Your PHI may be used and disclosed for treatment, payment, healthcare operations, and other purposes permitted or required by law. If we wish to use or disclose your PHI for other purposes, we would have to obtain your authorization. We may, however, use or disclose your PHI without specific authorization or permission for certain purposes, including:
Treatment. We may use and share your PHI to provide and coordinate your treatment with medical professionals responsible for your care. For example, we may use your PHI to perform tests, or send your test results to your health care provider.
Payment. We may use and share your health information to bill and receive reimbursement from health plans or other entities. For example, we may provide information about you to your health insurance plan so it will pay for the services you receive.
Health care operations. We may use and share your data to support the operations of our business or contact you when necessary. For example, we may retain a copy of your health information for auditing purposes or to improve our Services.
Business associates. There are some services provided to us through contracts with business associates (e.g., billing services), and we may disclose your PHI to our business associate so that they can perform the job we have asked them to do. To further protect your PHI, we require our business associates to appropriately safeguard your information.
Communication with individuals involved in your care or payment for your care. We may disclose your PHI to a family member, other relative, close friend, or any other person you identify that is directly relevant to that person’s involvement in your care or payment related to your care.
Protected health information of minors. As permitted by federal and state law, we may disclose PHI about minors to their parents or guardians.
Research activities. Researchers may be given limited access to your PHI so that they can develop research projects or identify patients who may potentially qualify to participate in research studies. We may otherwise use your PHI when it is in the form of a limited data set or once an institutional review board or privacy board has reviewed the research proposal and determined that your specific authorization or consent for the research use of your PHI is not needed in whole or in part.
Creating “de-identified” information. We may use your PHI to create “de-identified” information, which means that information that can be reasonably used to identify you will be removed. There are specific rules under the law about what type of information needs to be removed before information is considered de-identified. Once the information has been de-identified as required by law, it is no longer considered PHI, not covered by this Notice, and we may use it for any lawful purpose without further notice or compensation to you.
As required to comply with laws. We may disclose your PHI when required to do so by federal, state, or local law.
Law enforcement activity. We may disclose your PHI to law enforcement officers for law enforcement purposes as permitted by law or in response to a valid subpoena or court order.
Judicial and administrative proceedings. We may disclose your PHI in response to a court or administrative order, a subpoena, discovery request, or other lawful process by someone involved in a lawsuit or dispute with or against you.
Public health activities and threats to health and safety. We may disclose your PHI to public health or other legal authorities charged with preventing or controlling disease, receiving report of suspected abuse, neglect, or domestic violence, receiving reports of adverse reactions to medications or devices, notifying people of recalls of products, or otherwise preventing or reducing serious threats to the health and safety of you, others, or the public generally.
Health oversight activities. We may disclose your PHI to an oversight agency for activities authorized by law, including audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Food and Drug Administration (FDA) activities. We may disclose your PHI to the FDA, or persons under the jurisdiction of the FDA, when the PHI is related to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Military or veteran affairs. We may disclose your PHI as required by military command authorities if you are or were a member of the armed forces.
Specialized government functions. We may disclose your PHI to units of the government with specialized functions such as the U.S. Military or the U.S. Department of State in response to requests authorized by law.
Correctional institutions. We may disclose your PHI to a correctional institution or its agents for your health and the health and safety of other individuals if you are or become an inmate in the correctional institution.
Worker’s compensation. We may disclose your PHI to the extent authorized by and the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Death. We may disclose your PHI to a coroner, medical examiner, or funeral director to identify a deceased person, determine the cause of death, or otherwise carry out their duties.
Organ tissue procurement organizations. We may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for tissue donation and transplant.
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above, including uses and disclosures of psychotherapy notes or PHI for marketing purposes, and disclosures that would constitute a sale of PHI. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Also, we share your Personal Information:
a. At Company. We may share your Personal Information internally among our business units and our affiliates in order to provide you our Services and generally to improve our product and service offerings.
b. With your healthcare providers. We may share your Personal Information with the insurance agents, doctors or other healthcare providers with whom you have a relationship in accordance with our agreements with those partners, healthcare providers or consistent with applicable law. More information about our uses and disclosures of PHI can be found in our Notice of Privacy Practices.
c. With vendors and other service providers. We may share your Personal Information with service providers who perform services for us and act at our direction. These services may include activities such as cloud storage and services, fulfillment services, and other IT services. Our policy is to prohibit these service providers from using your Personal Information for purposes other than providing services to us.
d. In the event of a corporate transaction. In the event we go through a business transition like a merger, acquisition, reorganization, or sale of all or a portion of our assets, we may disclose your Personal Information to the party or parties of such transaction.
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.
If the client, user or subscriber is a European citizen or resident, the GDPR grants a number of additional rights concerning the use, storage, and processing of Personal Data. In situations when Company acts as a data processor and our client, user or subscriber is a data controller who holds Personal Data of our client, user or subscriber, you must contact this person directly if you wish to exercise any of the privacy rights mentioned below.
Understand certain circumstances; you may exercise the following privacy rights:
a) right of access – you may ask us whether we are processing your Personal Data and you have the right to request a copy of the information we hold about you,
b) right of rectification – you have the right to correct inaccurate or incomplete Personal Data about you and you may have the ability to do so yourself in the settings of your Profile,
c) right to be forgotten – you can ask for the information that we hold about you to be erased from our system and we will comply with this request unless we will have a legitimate reason not to do so,
d) right to restriction of processing – where certain conditions apply, you can ask us to 'block' the processing of your Personal Data,
e) right to data portability – you have the right to have the data we hold about you transferred to another organization and to receive Personal Data in a structured, commonly used format,
f) right to object to automated processing (including profiling) – this right provides you with the ability to object to a decision based on purely automated processing. We are not currently processing your Personal Data for such type of automated decision-making, including profiling, but if we elect to do so in the future we will provide you with notice and choice, in accordance with EU data protection law.
If any of our clients, users or subscribers wishes to learn more about the GDPR and your rights, the website https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en is a reliable source.
This website and our Services are hosted in the United States and are intended for visitors located within the United States. Your use of the Services and provision of your information is subject to the laws and regulations of the United States and the State of New York. If you choose to use the Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.
Company will remain the right to retain and use your Personal Data to the extent necessary to comply with our legal requirements and/or contractual obligations (for example, if we are required to retain your Personal Data to comply with applicable laws or to ensure the payment for the services rendered), resolve disputes, and enforce our legal agreements and policies.
Some data may be deleted whenever you like and some data will be deleted or shortened automatically, but some data may be retained for longer periods of time when it is necessary for Company. When client, user or subscriber decided to delete data, we may follow a deletion policy (if any) to make sure that Personal Data was safely and completely removed from our servers and storages or retained only in necessary volume and anonymized form.