Privacy Policy

1. Overview

Every Workforce Member who conducts business for or on behalf of HealthPals
Corporation must:

(a) comply with this Policy and supporting policies and procedures designed to ensure the privacy and security of Personal information; and

(b) collect, use and disclose Personal Information in a manner consistent with applicable laws in the countries in which HealthPals does business.

2. Purpose

HealthPals Corporation is responsible for complying with this Policy, identifying applicable local privacy or data protection laws and developing supplementary policies, procedures, standards, and guidelines, if and where needed, for meeting the requirements of this Policy, applicable laws, regulations and contracts.

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. You agree to the collection and use of information in accordance with this Privacy Policy by subscribing or using this service either directly or through your healthcare provider.

3. Scope

This policy applies to all internal and external data deemed direct, associated, or deterministic of private data that is gathered, handled, processed, sub-processed, or stored within HealthPals’ information systems.

HealthPals is responsible for this policy and the communication of this policy to all Workforce Members who have access to Personal Information within HealthPals. Additionally, it is responsible for providing guidance, in consultation with appropriate functions and legal representatives, on the implementation of this Policy. Finally, it is responsible for annually reviewing and updating this Policy as necessary.

4. Policy

4.1 Documentation and Assessment

Each Business Organization will assess and document the processing of Personal Information in accordance with applicable laws, regulations, contracts, and company policies, which may include:

  • Maintenance of written records of the processing of Personal Information.
  • Consultation and/or regulatory filings with applicable regulatory authorities and/or Data Protection Officer.
  • Performance of privacy assessments

4.2 Collection, Use, Retention, and Destruction

HealthPals, and any third parties acting on its behalf, will collect Personal Information only in connection with a legitimate business purpose in compliance with all applicable laws, regulations, contracts, and company policies. All parties will perform as follows:

  • Use Personal Information for legitimate business purposes, consistent with this Policy, applicable legal requirements, and any applicable privacy notices provided to the individual;
  • Retain Personal Information to meet business needs and satisfy legal retention requirements, in accordance with all applicable laws, regulations, contracts, and company policies;
  • At the end of the required retention period as described in company record retention policies, all parties must use approved destruction methods for Personal Information; and
  • Will ensure Workforce Members have a method available to them for securely destroying Personal Information

4.3 Usage Data

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

4.4 Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
  • Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.

We use, as needed, both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Tracking and Performance Cookies

Type: Persistent Cookies

Administered by: Third-Parties

Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.

 

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

4.5 Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

  • With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, for payment processing, to contact You.
  • For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
  • With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
  • With Your consent: We may disclose Your personal information for any other purpose with Your consent.

4.6 Notice, Consent and Choice

HealthPals will comply with all applicable laws, regulations, contracts, and company policies regarding the provision of a privacy notice or statement to individuals about whom Personal Information is collected, maintained, used or disclosed.

Additionally, HealthPals will identify whether, in accordance with all applicable laws, regulations, contracts, and company policies, an intended collection, use, or disclosure of Personal Information requires that an individual be provided with an opportunity to authorize or consent, as defined by applicable law, to such collection, use or disclosure.

When required by applicable law, or as otherwise made available to an individual, each Business Organization must observe an individual’s choice to revoke consent, or to opt-out of any procedure designed to obtain consent, for the use of such individual’s Personal Information in accordance with all applicable laws, regulations, contracts, and company policies.

4.7 Individual Rights

In accordance with applicable laws, regulations, contracts, and company policies, HealthPals will respond to requests from individuals pertaining to the Personal Information that HealthPals maintains pertaining to them. These include individual requests to:

  • Access and obtain copies of Personal Information.
  • Correct or amend Personal Information that is shown to be inaccurate or incomplete.
  • Restrict or object to the further processing of Personal Information or request the deletion of the Personal Information.
  • Transfer electronic Personal Information in a commonly used, machine-readable format to them or to another party at their direction.
  • Object to the use of their Personal Information in automated decision-making or profiling if such use produces legal effects or such similarly significant effects.

4.8 Disclosure and Cross-border Transfers

HealthPals may only disclose Personal Information in accordance with applicable laws, regulations, contracts, and company policies and may only disclose Personal Information to vendors, contractors, service providers, government entities, and other third parties, after confirming that:

(a) the disclosure is legally permitted;

(b) the person, system or entity allowed to receive information is identified;

(c) the transfer of the Personal Information is secure, where appropriate; and

(d) the third party is contractually and/or legally committed to protecting the information and limiting its use and disclosure, where appropriate or required by law.

Prior to transferring Personal Information from one country to another or allowing access to Personal Information by Business Organizations, vendors, contractors, service providers, or other third parties located in other countries, HealthPals will gain assurances, as may be required by applicable laws, regulations, and contracts, that the information will be lawfully processed and protected.

4.9 Security

HealthPals will comply with security policies that establish administrative, physical, technical, and organizational safeguards to protect Personal Information wherever Company work occurs.

Company-issued devices and accounts must be used for receiving, creating, maintaining, or transmitting Personal Information regardless of where Company work is being performed.

Workforce members are responsible for the confidentiality of their work-related conversations. Personal Information should not be discussed at a location or time where unauthorized individuals are present.

Interactive/Voice Activated Smart Devices or Digital Assistants located in or near to a workspace must be disabled, turned off or moved away from the workspace when Company work is being performed.

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

4.10 Data Quality

HealthPals will take reasonable steps to maintain accurate and complete Personal Information.

4.11 Disclosure

HealthPals will disclose data under the following circumstances:

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Exclusions

As a Qualified Service Organization per 42 CFR Chapter 1 Subchapter A Part 2 Subpart B – General Provisions § 2.11, HealthPals, Inc. (d/b/a Clint), formally acknowledges that it meets regulations associated with the receiving, storing, processing, and otherwise dealing with patient records, and if necessary will resist in judicial proceedings as efforts to obtain data or information related to substance abuse as defined hereunder. Additionally, HealthPals, Inc. (d/b/a Clint) commits to meet all requirements under Part 2 to the degree they apply to HealthPals, Inc. as a Qualified Service Organization.

The restrictions on disclosure in the regulations in this part do not apply to communications between the part 2 program / organization (“Subscriber”) and HealthPals, Inc. of information needed to provide services.

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of the Company
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

4.12 Monitoring and Enforcement

HealthPals is responsible for reviewing the effectiveness of procedures and other controls related to the implementation of and compliance with this Policy. Workforce Members are responsible for immediately reporting possible violations of this Policy in accordance with the Enterprise Incident Management Reporting and Response Policy.

HealthPals is responsible for addressing privacy complaints in accordance with company policies. If HealthPals determines that an employee has violated this Policy, the employee may be subject to discipline in accordance with SOP-NCA Nonconformity and Corrective Actions Policy for non-compliance with HealthPals Privacy Policies and any applicable disciplinary processes and procedures developed by HealthPals,

4.13 Applicability of Other Policies

This document is part of HealthPals overall set of privacy and security policies and procedures. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.

5. Enforcement

This policy will be enforced by the HealthPals Senior Leadership Team. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of HealthPals property (physical or intellectual) are suspected, the HealthPals may report such activities to the applicable authorities.

Under CCPA, personal information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA's scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

6. HIPAA (“Health Insurance Portability and Accountability Act”) Factors

All sections of this policy meet or exceed and support HIPAA Compliance.

7. CCPA (“California Consumer Privacy Act”) Factors

All sections of this policy meet or exceed and support CCPA Compliance.

8. Definitions

For the purposes of this Privacy Policy:

  • "Account" means a unique account created for You to access our Service or parts of our Service.
  • "Business", for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.
  • "Company" (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to HealthPals, Inc.
  • "Country" refers to United States of America.
  • "Consumer", for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
  • "Cookies" are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • "Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
  • "Do Not Track (DNT)” is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.
  • "Personal Data" is any information that relates to an identified or identifiable individual.
    For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
  • "Sale", for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information to another business or a third party for monetary or other valuable consideration.
  • "Service" refers to the Website and underlying applications and data.
  • "Service Provider" means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
  • "Usage Data" refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • "You" means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.