- The Categories of Data We Collect When You Use Our Services
- How We Collect Personal Information
- How We Collect Non-Personally Identifiable Information
- How We Use the Data We Collect
- How We Share and Disclose Your Personal Information with Others
- What Your Can Do With Your Information
- Retention of Your Personal Information
- Users Outside of the United States
- Email and Text Messages
- Linking to Other Websites and Applications
- LabSavvy-branded websites and mobile applications
We are not responsible for the privacy practices of any third party service providers (such as health plans, health care providers, internet service providers or cloud service providers) or other third parties operating websites or applications to which our Services link, unless we have contracted with them to deliver a portion of our Services. The inclusion of a link in any Services to the services provided by another party does not imply that we endorse, or otherwise monitor the privacy practices of that linked third party website or application.
The Categories of Data We Collect When You Use Our Services
We may collect two basic types of information: Personal Information and Non-Personally Identifiable Information.
By “Personal Information,” we mean data that is unique to an individual, such as a name, address, social security number, e-mail address, telephone number, and certain personal device information. Personal Information may also include information known as Protected Health Information (or PHI) which is defined by and managed in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended (including its implementing regulations, “HIPAA”).
By “Non-Personally-Identifiable Information,” we mean information that does not identify you personally, but can provide us with usage data, either individually or in the aggregate. Non-Personally Identifiable Information may include demographic information, anonymized or aggregated information, certain information collected automatically through your device such as web browser information, server log files, cookie technology, pixel tags or beacons, and other technologies, and other non-personally identifiable information collected by us or provided by you.
How We Collect Personal Information
We collect Personal Information when you voluntarily register or create a personal profile with us, request products, services, or information from us or interact with our Services. Some of this Personal Information includes personal device information – such as physical location, IP address, battery information, application activity, data usage, and malware information – which we collect automatically to authenticate you and/or your personal device. When you authorize us to do so, we also collect Personal Information from your health plan and health care providers.
How We Collect Non-Personally Identifiable Information
If you have not registered for an account, then we treat you as a “Visitor” to our websites and/or mobile applications. After you have registered for an account, we treat you as a “Consumer” of our Services. When you visit or interact with our Services as a Visitor, we collect data from you through a number of different automated technologies (“Tracking Technologies”), including:
- Browser and device information. We may automatically collect certain web browser information. Web browsers collect and store information about the type of device and operating system you are using to access our Services, as well as your device’s media access control (“MAC”) address for facilitating network communications. Accessing this information helps us to establish a secure and consistent connection to you and to customize experience and content when you use our Services.
- "Cookie" technology. A "cookie" is an element of data that we can send to your web browser when you link to our Services. It is not a computer program and has no ability to read data residing on your computer or instruct it to perform any step or function. By assigning a unique data element to each visitor, we can recognize repeat users, track your usage patterns and better serve you when you return to our Services later. The cookie can also track your usage patterns as you visit other websites across the internet. Your browser may offer you a “Do Not Track” option, which allows you to prevent us from tracking your online activities over time and/or across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using a Service and after you leave the Service. However, as we describe below under “How We Share and Disclose Your Personal Information with Others”, we do not share or disclose this information as Personal Information with any third parties.
- Tracking pixels or beacons. Tracking pixels (sometimes referred to as "web beacons") are tiny graphics with a unique identifier that perform a similar function to cookies, except that we include them our websites and mobile applications to help us collect data about user activity. By contrast, cookies are stored on a user's computer hard drive. Web beacons are embedded invisibly on our web pages and are about the size of the period at the end of this sentence.
- IP Address. When you subscribe to an Internet Service Provider (ISP), your computing device is assigned an IP Address. We may track and store this address to help us manage security, monitor usage volume and patterns, and to customize experience and content when you use our Services.
- Device ID. Each mobile or web-accessible device has a unique alpha-numeric device identifier. By tracking and storing the Device ID for your device, our Services are able to recognize repeat users (or households), track usage patterns and better serve you when you return at a later time. It also helps us manage security, and monitor usage volume and patterns.
We treat data collected through Tracking Technologies as Non-Identifiable Personal Information if you are Visitor to our Services or when it is aggregated with anonymized data. It only becomes Personal Information if you become a Consumer of our Services. It only becomes PHI if we associate it in our systems with your registered account.
How We Use the Data We Collect
We use Personal Information and Non-Personally-Identifiable Information so that we can:
- Verify your identity and authenticate access to your account
- Provide you with the Services
- Personalize the Services
- Provide you with customer service and technical support
- Evaluate and improve our Services
- Notify you of new Service features or new Services that we provide
- Notify you of other health services or plan benefits that your health care providers or health plan may provide
- Bill and collect payment for any applicable fees or charges
- Take action that helps us to maintain the security of our Services, the privacy of your Personal Information, obey laws and help prevent fraud and abuse
- Update any hardware, software or other tools that we provide in conjunction with the Services
- Take actions to enforce our agreements and policies
How We Share and Disclose Information With Others
Our policies for sharing and disclosing your Personal Information with others depends on whether you have registered for an account with any of our Services and whether Non-Identifiable Personal Information has been linked to your Personal Information. If you have not registered for an account, then we treat you as a “Visitor” to our websites and/or mobile applications. After you have registered for an account, we treat you as a “Consumer” of our Services.
Third Party Service Providers. We consider all data we collect from our Services to be confidential. We use third-party service providers to assist us in delivering our Services to you, including internet service hosting, technical integration, analytics, customer service, and fraud protection providers. We may share Personal Information we collect about you with these third parties, to the extent necessary for them to provide these services. These companies are acting on our behalf and are required, by contract with us, to keep this information confidential and are only authorized to use it for specific purposes.
Clinical Laboratories, Health Plans and Health Care Providers. We transmit or receive Personal Information with clinical laboratories in order to provide lab test results to Consumers and the healthcare provider that orders your lab test(s). Our Services may give Consumers the option of exchanging Personal Information with your health plan or other healthcare providers. In these cases, we will first request your consent. The consent will:
- Identify the entity with which we would exchange Personal Information
- Identify the types of information that would be exchanged with the other entity
- Identify the purposes for exchanging the Personal Information
- Include a link to the entity’s applicable privacy policies
You should read these privacy policies to understand how these entities use your Personal Information, as we do not endorse and have no control over how these organizations handle your Personal Information after we disclose it to them.
Third Party Applications and Services. Our Services may give Consumers the option of exchanging Personal Information with third party applications and services (such as a third-party service that uses an application programming interface). Before exchanging your Personal Information with these third party services, we will first request your consent. The consent will:
- Identify the entity with which you authorize us to exchange Personal Information;
- Identity the third party application and/or service with which we would exchange your Personal Information;
- Identify the types of information that would be exchanged with the other entity and/or third party application or service
- Include a link to the entity’s applicable privacy policies
By providing your consent, you accept that the third party service provider will access your Personal Information as required for the interoperation of its services with our Services and that you accept sole responsibility for the use of such third party services. You further accept responsibility for any data losses or other losses resulting from your use of these third party applications or services, as we do not endorse and have no control over how these organizations handle your Personal Information after we disclose it to them.
With Your Authorized Representatives. Our Services may give Consumers the option of designating one or more individuals or organizations to access their Personal Information through the Services. In these cases, we will first request your consent and contact information that we can use to verify the identity of these individuals or organizations. You should only authorize this access to individuals or organizations with whom you have a trusted relationship, as we cannot control these individuals or organizations’ use of your Personal Information or the access credentials that we issue to them with your consent.
Legal Authorities. We may be required by law or legal process to disclose Personal Information to our lawyers, to third parties in connection with litigation, or to law enforcement personnel. We will disclose your Personal Information in compliance with applicable laws. We may provide this information without your consent and without notice to you when we are required to do so in order to comply with a valid legal process such as a subpoena, court order, or search warrant.
Business Transfers. If we enter into a merger, acquisition, or the sale of all or part of our assets, your Personal Information will likely be part of the assets transferred. We will notify you if this happens if we have a means to contact you and we are required to provide you with notice.
What You Can Do With Your Information
If you are a Consumer, you may update your Personal Information (or correct it if it is incorrect) through your account or by contacting us at firstname.lastname@example.org. If you'd like us to help you remove your account or any of your Personal Information that we have previously collected through a Service, contacting us at email@example.com. We will respond to your request within 30 days. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so, and why.
Retention of Your Personal Information
We will retain Personal Information for as long as your account is active or as needed to provide you with Services, or as otherwise necessary to help us improve our products and services, comply with our legal and contractual obligations, resolve disputes, and enforce our agreements with you.
We have implemented technical, administrative and physical security measures based on generally accepted industry standards that are designed to protect your information from unauthorized access, disclosure, use and modification. We regularly review our security practices to consider appropriate new technology and methods. However, no method of transmission over the Internet or method of electronic storage is entirely secure. We enter into agreements with our third-party service providers that require them to adhere to privacy and security standards that are no less stringent than our own for the services that we delegate to them.
We do not knowingly collect personal data from anyone under the age of 13 through our Services website, and our Services are not directed to children under the age of 13. Children should always get permission from a parent or legal guardian before sending any information about themselves (such as their names, email addresses, and telephone numbers) to us.
Users Outside of the United States
Email and Text Messages
Email and SMS text messaging are interactive communications technologies that we may use to deliver our Services. Because of how these technologies operate, email and text messages that we send you or you send us are not encrypted. This means that when they are sent over a network, someone else might be able to read, delete or alter them without your permission or knowledge. While interception or alteration of these messages is illegal, it is possible. In addition, we have no control over the electronic networks that are used to transmit email or text messages. There are some locations on our Services where we provide for a more secure environment in which to exchange information with you. If instead you choose to send or request information over unencrypted email or SMS text message, you agree that you understand and accept this risk.
Effective date: 01/30/2019