This Privacy Policy describes how Careology (“we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with the Careology application (the “App”) and related Careology services (together, our “Services”). This Privacy Policy also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.
This Privacy Policy (the “Policy”) describes how we collect and process information provided or collected by you, health plan members (“Users”) and the caretakers that you may invite to utilize the App (“Caregiver”). Careology is a “business associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Accordingly, this Policy is to be read in conjunction with any Notice of Privacy Practices (“NPP”) provided to you by your health plan, and in the event of a conflict between the Policy and the NPP relating to the use of your personal information under HIPAA, the language of the NPP shall take precedence. We follow this privacy policy in accordance with applicable law in the places where we operate.
We collect information about you in a variety of ways depending on how you interact with the App and our Services, including:
Directly from the User or from a Caregiver when you provide it to us, such as when you register for an account, contact us by phone or email, provide information about your symptoms, medication and treatment, or otherwise in connection with our Services.
Automatically through the use of cookies, server logs, and other similar technologies when you interact with the App.
From a third-party wearable device you connect with our Services.
From other sources, including, for example, healthcare providers, hospital networks, an integrated Electric Medical Records system, our affiliates, business partners, service providers, and other third parties, or from publicly available sources.
Careology’s collection of data from Users is in its capacity as a “business associate,” and accordingly subject to the restrictions on usage set forth in the NPP the User received from its health plan.
The following provides examples of the type of information that we collect in a variety of contexts and how we use that information, subject to any restrictions set forth under HIPAA.
Context: Account Registration
Types of Data Collected: We collect the User’s name, age, contact information and login credentials when you create an account. Where you are a Caregiver, we collect name, age, contact information, login credentials, and information about your relationship with the User. We also collect information relating to the actions that you perform while logged into your account.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in providing account related functionalities to our users. We also have a legitimate interest in understanding our users and providing tailored services.
Context: Cookies and First-Party Tracking
Types of Data Collected: We use cookies and clear GIFs. “Cookies” are small pieces of information that are sent to a computer’s hard drive or a device.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in making our App operate efficiently.
Context: Email Interconnectivity
Types of Data Collected: If you receive email from us, we use certain tools to capture data related to when you open our message, or click on any links or banners it contains.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in understanding how you interact with our communications to you.
Context: Feedback/Support
Types of Data Collected: If you provide us feedback or contact us for support we will collect your name and email address, as well as any other content that you send to us, in order to reply.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in receiving, and acting upon, your feedback or issues.
Context: Financial Information
Types of Data Collected: We collect your name, billing address, contact information, and payment information (including bank account and payment card details) when you enter into a financial transaction with us.
Primary Purpose for Collection and Use of Data: We use your information to perform our contract to provide you with Services.
Context: Health Data
Types of Data Collected: Certain information about a User’s health, including diagnosis, condition, symptoms, treatments, side effects, medications, medical appointments, responses to questionnaires, data on vital signs, weight, activity level, journal entries, and other information input into the App on the User’s status and well-being.
Primary Purpose for Collection and Use of Data: We use your information to provide you with Services, with your consent. Additionally, we may provide you with information about our products or Services, or products or services of partners and other third parties.
Context: Location Data
Types of Data Collected: When location settings are enabled within the App, we collect real-time location data, including your coordinates, country, your Identifier for Advertisers (IFA) code for your Apple device, the Android ID for your Android device, or a similar device identifier.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in providing location services where requested or agreed by you to deliver content or provide you with information about our products or services.
Context: Mailing List
Types of Data Collected: When you sign up for one of our mailing lists we collect your email address and/or postal address.
Primary Purpose for Collection and Use of Data: We share information about our products and Services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products and Services.
Context: Mobile Devices
Types of Data Collected: We automatically collect information from your mobile device such as unique identifying information broadcast from your device when using the App.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in identifying App users, and in understanding how users interact with us on their mobile devices.
Context: Partner Promotion
Types of Data Collected: We collect information that you provide as part of a co-branded promotion with another company.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in fulfilling our promotions.
Context: Surveys
Types of Data Collected: When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
Context: Technical Data
Types of Data Collected: We automatically collect information, including your browser type and version, browser plug-in types and versions, operating system and platform, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used), domain name, click-activity, usage data, and a date/time information.
Primary Purpose for Collection and Use of Data: We have a legitimate interest in monitoring usage of our Apps.
In addition to the purposes and uses described above, we use data about you in the following ways:
To identify you when you use our App, or other Services.
To provide our Services, including displaying the data input by User, Caregivers or other sources as described herein, providing content such as articles, recipes, and tips, and setting medication reminders.
To improve the operation, delivery, and effectiveness of our Services, including the App, and product offerings.
To verify and carry out financial transactions.
To conduct analytics.
To communicate with you, including to communicate with you about your treatment, symptoms, medication, or other Health Data to provide the Services, to notify you about changes to the Services, or to respond to and/or follow-up on your requests, inquiries, issues, or feedback.
To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners.
To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of our company and our users, employees, or others.
To troubleshoot, including to debug, identify and repair errors that impair existing intended functionality of our Services.
To comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
For internal administrative purposes, as well as to manage our relationships with third parties.
For such other purposes as you may consent (from time to time).
Although the sections above describe our primary purposes in collecting your information, in many situations we have more than one purpose. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
Deidentified Information
We use de-identified information as allowed under applicable law. De-identified information is used for research purposes and to develop machine learning and Artificial Intelligence (AI) algorithms. The use of de-identified information is subject to the data rights in end customer agreements. To the extent we maintain and use personal information in a de-identified form, we will not attempt to re-identify the information, except for the purpose of determining whether our de-identification processes satisfy our legal obligations.
In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:
Sharing at User’s Direction. Per your direction, we share personal information of Users with Caregivers, and Healthcare Providers with whom the User has enabled sharing to facilitate the Services in the App. Further, personal information relating to a Caregiver may be provided with any other authorized party the User enables for data sharing.
Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage, with appropriate protections in place.
Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
Public. If you decide to submit information on any public forums associated with the Services, including the App, that provide the opportunity to post comments or reviews, that information may be publicly available.
Partner Promotion. We may offer promotions with third party partners. If you decide to enter a promotion that is sponsored by a third party partner the information that you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy.
Service Providers. We share your information with service providers, with appropriate protections in place. Among other things service providers help us to administer our App, host data, provide technical support, distribute communications (both marketing and service oriented), provide customer support services, facilitate feedback, conduct surveys, process payments, fulfill and ship orders, and otherwise assist in the provision of Services. These parties only use your information to the extent necessary to perform their support functions.
Users can limit or terminate sharing of data with a Caregiver or other authorized party by updating the settings in the User’s account to adjust the permissions (read, edit etc.) allocated to Caregiver or other authorized party. You can turn this sharing off at any time by changing your access settings, using the switch in the ‘My Network > ‘Organizations’ section of the App’s side menu. If you do not want specific notes to be shared, select the “private” toggle.
Additionally, you have the right to make the following choices regarding your personal information:
Access To Your Personal Information. You may request access to your personal information or confirmation that we have information about you. In certain limited circumstances, you may also request to receive access to your data in a portable, machine-readable format.
Changes To Your Personal Information. We rely on you to update and correct your personal information. You can modify or delete certain information in your account profile in the App. If the App does not permit you to update or correct certain information, you can contact us at the address described below in order to request that your information by modified. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.
Deletion Of Your Personal Information. You may request that we delete your personal information. If required by law, we will grant a request to delete information, but you should note that in many situations we must keep certain of your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another lawful business purpose. Please note that if you are a User and you request deletion of your personal data, it may not be possible for us to provide our Services to you and you will not be able to fully engage with the App.
Objection to Certain Processing. You may object to our use or disclosure of your personal information by contacting us at the address described below.
Online Tracking. We do not currently recognize the “Do Not Track” signal.
Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive promotional emails, we may still send you Service related communications.
Promotional Offerings In-App. Partner products tailored to the User’s personal data are displayed on cards in the App. If you click on a link that says “find out more,” or other similar wording, you will be taken to the website of the applicable partner’s website. Your activity on the partner’s website is subject to their privacy policy and terms of use, and is no longer in the control of Careology. Please contact that website for questions relating to your data.
Promotional Text Messages. Upon your consent, if you receive a text message from us that contains promotional information you can opt-out of receiving future text messages by replying “STOP.”
Revocation Of Consent. Where we process your personal information based upon consent, you may revoke consent. Please note, if you revoke your consent for the processing of personal information then we may no longer be able to provide you certain Services.
Please note, not all of the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.
You may exercise the rights described herein regarding your information by contacting us as indicated in the “Contact Information” section below. If you disagree with our denial of a request, you may appeal our decision by contacting us with the subject line “Appeal.”
Note that, as required by law, we will require you to prove your identity before we proceed with your request. We may verify your identity through the App or by phone call or email if needed. Depending on your request, we may ask for additional information such as your name, and other information that would be provided as part of your engagement with us. We may also ask you to provide a signed declaration confirming your identity. Following agreement to fulfill a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of a completed Authorized Agent Designation Form indicating that you are authorized to act on another person’s behalf.
Automated decision making
We do not carry out any automated decision making using your personal information that would have a legal or similarly significant effect on you. We may use information about the symptoms you input into the App to suggest non-clinical content such as recipes, tips or articles that may relate to those particular symptoms. We may also use data regarding your symptoms to generate non-binding recommendations or forward for further review by a Careology team member. Further, if your health plan has granted rights to use personal information to improve Careology’s services, Careology utilizes that personal data to train its machine learning algorithms to more effectively provide its Services, including the recommendations and other features available in the App.
We use commercially reasonable and industry standard efforts, including the use of secure servers and data encryption, to protect your personal information from unauthorized access, use, or disclosure. However, we cannot guarantee the absolute security of your personal information. In the event that we are required by law to inform you of a breach to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
The App requires you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account that you become aware of.
We retain your personal information for only as long as legally permitted or required, and as reasonably necessary to fulfil the purposes outlined in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements. After you stop using our Services or cancel your registration with us, we will usually retain your personal data for six years, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we obtained the information and whether we can achieve those purposes through other means, as well as applicable legal requirements. We may also retain aggregate or de-identified information beyond this time for research purposes and to help us develop and improve our Services. You cannot be identified from aggregate or de-identified information retained or used for these purposes.
The personal information we collect from Users, Caregivers, or other authorized parties in connection with the Services, including the App, is stored in the United States. As a multi-national company, we may transmit information that is not personally identifiable, including de-identified and aggregated information, between and among our affiliates located in, among other countries or regions, the United Kingdom (“UK”), the European Economic Area (“EEA”) or Canada.
For your convenience, we may provide links to websites and other third-party content or services that we do not own or operate. The websites and third-party content to which we link may have separate privacy notices or policies. Please note, we have no control over the privacy practices of these websites, or services that we do not own. We encourage you to review the privacy policies of any third-party website or application for details about such third party’s privacy practices.
We may change our privacy policy and practices over time. To the extent that our policy changes in a material way, the policy that was in place at the time that you submitted personal information to us will govern that information unless we receive your consent to the new privacy policy. Our privacy policy includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified. If we make a material change to our privacy notice, we will attempt to notify you through email or through a pop-up.
The App is intended for use only by persons who are at least 18 years of age. By using our Services, you confirm to us that you meet this requirement. If you are under the age of 18, you confirm you have received permission from your parent or guardian before using our Services or sending us personal information.
If you are under the age of 13 your parent or guardian must consent on your behalf where we ask for consent in relation to the use of your information.
If you suspect that a child under 18 is accessing the App and providing personal data without their parent or guardian’s consent, please contact us at dpo@careology.health so that we can investigate and remove/delete the data where necessary.
All data related to minors is treated the same as data related to adults, as disclosed by this Policy. Where the law requires, parents that give consent on behalf of minors under 13 have the right to access, request deletion, and withdraw consent for further collection of their child’s personal data. Parents may also use the cookie preference center to opt out of third party data collection. These rights are described further in the “Your Choices” section of this Policy.
If you have any questions, comments, or complaints concerning our privacy practices, or if you need to access this Privacy Policy in an alternative format due to having a disability, please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.
Careology Health Inc.
C/O Careology Health Limited
1 - 2 Paris Garden, London, SE1 8ND United Kingdom (Company number 10205660)
E-mail: dpo@careology.health
Toll-free phone number:
(844) CAR-E519
844-227-3519
If you are not satisfied with our response, and are in the European Union or United Kingdom, you may have a right to lodge a complaint with your local supervisory authority.
California law requires us to disclose the following additional information related to our privacy practices. If you are a California resident, the following privacy disclosures apply to you in addition to the rest of the Privacy Policy.
California Shine the Light. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing, please submit a written request to us using the information in the Contact Information section above.
Notice of Collection. The table below describes the categories of personal information we collect, disclose for a business purpose, “sell” and/or “share” (as those terms are defined by California law). Please note, in addition to the recipients identified below, we may disclose any of the categories of personal information we collect with government entities, as may be needed to comply with law or prevent illegal activity. We do not “sell” your personal information for money. For details regarding how we use personal information, please see the Information We Collect section of the Privacy Policy. For information regarding how long we retain personal information, please refer to the How We Protect and Retain Information section of the Privacy Policy.
Category of Personal Information: Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers.
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Data analytics providers
Internet service providers
Operating systems and platforms
Other Service Providers
Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
Social networks
Category of Personal Information: Government Issued Identification – this may include social security number, driver’s license number, or state issued identification number, passport number.
Category of Recipients - Disclosures for a Business Purpose:
Other Service Providers
Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
Category of Personal Information: Financial Information – this may include bank account number, credit card number, debit card number, and other financial information.
Category of Recipients - Disclosures for a Business Purpose:
N/A
Category of Personal Information: Health Related Information – this may include medical information, mental or physical condition or treatment, or health insurance information.
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Data analytics providers
Internet service providers
Operating systems and platforms
Other Service Providers
Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
Social networks
Category of Personal Information: Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical, or mental handicap, etc.
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Data analytics providers
Internet service providers
Operating systems and platforms
Other Service Providers
Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
Social networks
Category of Personal Information: Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Data analytics providers
Internet service providers
Operating systems and platforms
Other Service Providers
Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
Category of Personal Information: Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement.
Category of Recipients - Disclosures for a Business Purpose:
Data analytics providers
Internet service providers
Operating systems and platforms
Other Service Providers
Category of Personal Information: Geolocation data.
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Data analytics providers
Internet service providers
Operating systems and platforms
Other Service Providers
Payment processors and financial institutions
Professional services organizations, this may include auditors and law firms
Social networks
Category of Personal Information: Professional or employment-related information
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Professional services organizations, this may include auditors and law firms
Category of Personal Information: Inferences drawn from any of the information listed above
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Data analytics providers
Category of Personal Information: Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, insurance policy number.
Category of Recipients - Disclosures for a Business Purpose:
Affiliates or subsidiaries
Business partners
Professional services organizations, this may include auditors and law firms
California Sensitive Information Disclosure. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising.
Effective Date: October 25, 2024
Last Update: October 25, 2024