Privacy Policy

EmsanaCare’s Privacy Policy
LAST UPDATED: February 6, 2023

EmsanaCare, Inc. (“EmsanaCare” the “Company,” “we,” or “us”) want you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect through the business interactions you have with us. Collectively, we refer to the texts, chats, emails, and offline business interactions we may have with you as the “Services.”

By using our Services, you agree to the collection, use, disclosure, sharing, and procedures this Privacy Policy describes. Your use of our Services is also subject to our Terms of Use and EmsanaCare’s HIPAA Notice of Privacy Practices.

We encourage you to read this privacy policy closely as it describes in detail what types of information we collect about our users, how we collect it, how we use the information we collect, for how long we keep the information and under what circumstances and with whom the information may be disclosed. You may also read more about your rights in relation to your Personal Information, and the security measures we take to protect your Personal Information.

If anything in our privacy policy is unclear, or if you have any questions, please email us at legal@emsanacare.com.

What Types of Information Do We Collect?

Personal Information. We and our service providers may collect Personal Information in a variety of ways. When you use our services to assist in finding a care provider, we collect “Personal Information,” which is information that identifies you as an individual or relates to an identifiable individual. This information may include your name, phone number, date of birth, gender, location, and email address. This information is collected to confirm your eligibility with the Sponsor Organization that is paying for access to Services on your behalf, such as your or your partner’s, spouse’s, or parent/guardian’s employer, university, or health plan (“Sponsor Organization”). Your information is also used in making recommendations to care providers.

Protected Health Information. To the extent that information collected through the Services is patient information, such as information about a health care condition you may have, it is governed by the HIPAA Notice of Privacy Practices. If you have questions about which policy applies to specific information, please contact us at legal@emsanacare.com.

Collection of Personal Information. Information you share with us directly: We collect the information you provide to us, for example when you contact us directly. This information may include Personal Information including information relating to your health. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Information we collect automatically: When you visit or use our website, we may gather, collect and record information about it. We do this ourselves or with the help of third-party services, including through the use of “cookies” and other tracking technologies, as further detailed below. This information may include your IP address (which may also be associated with your domain name or the domain name of your internet service provider), data relating to your use and navigation, unique identification numbers associated with your mobile device or our mobile application and your approximate geographical location.

Information you direct us to receive, information we receive from third parties and social media: We may collaborate with third parties in connection with providing the Services and these third parties may provide us information about you. For example, if you direct us to receive information held in your electronic medical record, one of our partners may provide us with this information.

We need to collect such information in order to provide our services to you. If you do not provide the information requested, we may not be able to provide our services.

Use of Personal Information. We and our service providers use your Personal Information for the following purposes:

  • Providing the functionality of the Services and fulfilling your requests.
  • To provide the Services’ functionality to you, such as providing you with customer service.
  • To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request other information about our Services.
  • To complete your transactions, verify your information, and provide you with related customer service.
  • To send administrative information to you, such as changes to our terms, conditions, and policies.
  • Providing you with our information about new services and/or other marketing materials.
  • To send you marketing related emails, with information about our services, new products and other news about our company.

Analyzing Personal Information for Providing the Services. We may use your Personal Information in order to improve our AI and analytic models, so that we are constantly improving the information we provide our users. When you are using EmsanaCre, you are not only learning from people like you, they are also learning from you and your experiences. Over the long term, this growing repository of health experiences will accelerate and improve our understanding of individual care preferences and provider performance. The information we use to improve our machine learning algorithms and technology is always used in an anonymized way, and can never be traced back to you. Examples include:

  • Analyzing Personal Information for business reporting and providing personalized services.
  • To analyze or predict our users’ preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services.
  • To better understand your interests and preferences, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interests.
  • To better understand your preferences so that we can deliver content via our Services that we believe will be relevant and interesting to you.

Aggregating and/or anonymizing Personal Information. We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We may use the information we collect in order to improve our AI models, so that we are constantly improving the information we provide our users. As described above, when you are using our Services, you are not only learning from people like you, but they are also learning from you and your experiences. Over the long term, this growing repository of health experiences and clinical decision-making will accelerate medical research and improve our understanding of human disease. The information we use to improve our machine learning algorithms and technology is always used in an aggregated and anonymized way and can never be traced back to you. We may use and disclose this information for any purpose, as it no longer identifies you or any other individual:

  • Accomplishing our business purposes;
  • For data analysis, for example, to improve the efficiency of our Services;
    For audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements;
  • For fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
  • For developing new products and services;
  • For enhancing, improving, repairing, maintaining, or modifying our current products and services, as well as undertaking quality and safety assurance measures;
  • For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
  • For determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
  • For operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.

Disclosure of Personal Information. We may share your Personal Information with third parties in the following manners and instances:

  • Providers: We may share your data with care providers we recommend for the purposes described in this Privacy Policy and in order for them to provide you care or coordinate your treatment.
  • Partners: We may share your data with other companies, such as companies with whom we jointly offer products and services.
  • Third-Party Service Providers: We may share Personal Information with certain service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server services, communications and content delivery networks (CDNs), data and cybersecurity services, performance measurement services, data optimization and marketing services, content providers, and our legal and financial advisors. Such service providers may have access to Personal Information according to their particular roles and purposes.
  • Health information disclosed under this Privacy Policy may be disclosed electronically.

Other Uses and Disclosures of Personal Information. We may also use and disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation to do so:

  • Applicable Law. We may share Personal Information to comply with applicable law and regulations.
    Transactions, Liquidation: We may share Personal Information with third parties in connection with a transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business, or in the event of a bankruptcy or related or similar proceedings.
  • Public and Government Authorities, Law Enforcement: Where permitted or required by applicable data protection laws, we may disclose your Personal Information pursuant to a legal request, or in compliance with applicable laws, if we have good faith belief that the law requires us to do so, with or without notice to you.
  • Protecting Rights and Safety: Where permitted or required by law, we may share your Personal Information with others if we believe in good faith that it will help protect the rights, property or personal safety of EmsanaCare, any of our users, or any member of the general public, with or without notice to you.

Other Information. “Other Information” is any information that does not reveal your specific identity or does not directly relate to an identifiable individual. The Services collect Other Information such as:

  • Browser and device information
  • App usage data
  • Information collected through cookies, pixel tags and other technologies
  • Demographic information and other information provided by you that does not reveal your specific identity
    Information that has been aggregated in a manner such that it no longer reveals your specific identity

Collection of Other Information. We and our service providers may collect Other Information in a variety of ways, including:

  • Your browser or device.
  • Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
  • Cookies. Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalize your experience. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used, and assist us with resolving questions regarding them. We do not currently respond to browser do-not-track signals. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.
  • Pixel tags and other similar technologies. Pixel tags. Pixel tags (also known as web beacons and clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
  • Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/‌partners/, and exercise the opt-out provided by Google by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
  • Physical Location. We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location.

Uses and Disclosures of Other Information. We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Privacy Policy. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.

Your Choices Regarding Personal Information. Your choices regarding our use and disclosure of your Personal Information:

  • Notifications. We may send you push notifications and similar forms of communication from us, which you can control within the Services. If you choose to use our Care Connect services, you will receive notifications to your mobile device.
    Email and SMS Messaging. We may also use your email address or phone number to send you messages, such as changes to features of the Services and special offers. If you do not want to receive such notifications, you may opt-out or change your preferences by contacting our support team at hello@emsanacare.com. Opting out may prevent you from receiving notification including notices regarding updates, improvements, or offers. You will not be able to opt-out from receiving service and payment-connected notifications from us.
  • Marketing. We give you choices regarding our use and disclosure of your Personal Information for marketing purposes.

You may opt out from: receiving marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by contacting us via the “Contact Us” information below. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages, from which you cannot opt out.

Access, Change, or Delete your Personal Information. If you would like to request to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, or if you would like to request to receive a copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contact Us” section below. We will respond to your request consistent with applicable law. If you are a California resident, please refer to the “Information for California Residents” section at the end of this Policy for more information about the requests you may make under the CCPA.

In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase, you may not be able to change or delete the Personal Information provided until after the completion of such purchase).

Third-party Services. This privacy policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which our services link. The inclusion of a link on our services does not imply endorsement of the linked site or service by us.

In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with our app or website.

Retention Period. We will keep your Personal Information for as long as your user account is active, in order to allow you to have access to your information and to provide you with our services. We may continue to retain your Personal Information even after you deactivate your user account or stop using EmsanaCare, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our users, enforce our agreements or protect our legitimate interests, consistent with applicable law. When your Personal Information is no longer required, we will ensure it is deleted.

Security. We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.

Information for California Residents. If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by EmsanaCare to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to legal@emsanacare.com or write to us using the mailing address provided in the “Contact Us” section below.

Currently, various browsers — including Internet Explorer, Firefox, and Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites’ visited by the user about the user’s browser DNT preference setting. We do not currently respond to browsers’ DNT signals with respect to sites we provide, in part, because no common industry standard for DNT has been adopted by industry groups, technology companies or regulators, including no consistent standard of interpreting user intent.

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing the following additional details regarding the categories of Personal Information that we collect, use, and disclose about California residents.

Collection and Disclosure of Personal Information
The following chart includes: (1) the categories of Personal Information, as listed in the CCPA, that we plan to collect and have collected and disclosed within the preceding 12 months; and (2) the categories of third parties to which we disclosed Personal Information for our operational business purposes within the preceding 12 months. For a description of the third parties listed below, please see the “Disclosure of Personal Information” section above.

Categories of Personal Information

Categories of Personal Information

Disclosed to Which Categories of Third Parties for Operational Business Purposes

Identifiers, such as name, contact information, unique personal identifiers, IP address that can reasonably be linked or associated with a particular consumer or household online identifiers, and government-issued identifiers (e.g., Social Security number and driver’s license number)
Affiliated doctors, mental health professionals, and pharmacy; third-party service providers; and joint partners.
Personal information as defined in the California customer records law/strong>, such as name, contact information, signature; financial account number; insurance policy number; medical, insurance, financial, education and employment information; physical characteristics or description.
Affiliated doctors, mental health professionals, and pharmacy; third-party service providers; and joint partners.
Protected Class Information, such as characteristics of protected classifications under California or federal law, such as sex, age, gender, race, medical conditions, genetic information, sexual orientation, gender identity and expression, and marital status.
Affiliated doctors, mental health professionals, and pharmacy.
Commercial Information, such as transaction information and purchase history, including purchases considered.
Affiliated doctors, mental health professionals, and pharmacy; third-party service providers; and joint partners.
Internet or network activity information, such as browsing history, search history and interactions with our online properties or ads.
Third-party service providers.
Geolocation Data, such as device location and approximate location derived from IP address.
Affiliated doctors, mental health professionals, and pharmacy; and third-party service providers.

Under the CCPA, if a business sells Personal Information, it must allow California residents to opt out of the sale of their Personal Information. However, we do not “sell” and have not “sold” Personal Information for purposes of the CCPA in the last 12 months. For example, and without limiting the foregoing, we do not sell the Personal Information of minors under 16 years of age.

Sources of Personal Information. As described in the “Collection of Personal Information” section above, we collect this information from you and third parties.

Use of Personal Information. As described in the “Use of Personal Information” section above, we may use this Personal Information to operate, manage, and maintain our business, to provide our products and services, to fulfill your requests, and to accomplish our business purposes and objectives, including, for example, to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; create aggregated and/or anonymized data; maintain our facilities and infrastructure; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

If you are a California resident, you may make the following requests under the CCPA:

Request to Know. You may request that we disclose to you the following information covering the 12 months preceding your request:

  • The categories of Personal Information we collected about you and the categories of sources from which we collected such Personal Information;
  • The specific pieces of Personal Information we collected about you;
  • The business or commercial purpose for collecting (if applicable) Personal Information about you;
  • The categories of Personal Information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such Personal Information (if applicable).

Request to Delete. You may request that we delete Personal Information we collected from you. To make a Request to Know or a Request to Delete, please contact us in accordance with the “Contacting Us” section below. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the Personal Information subject to the request. Note the following:

We may require you to log into the servicers to make the request or request additional Personal Information from you, such as your name and data of birth, in order to verify your identity and protect against fraudulent requests.

We may verify your identity through our existing authentication practices for your account and require you to re-authenticate yourself before disclosing or deleting your Personal Information.

If you make a Request to Delete, we may ask you to confirm your request before we delete your Personal Information.

If you want to make a Request to Know or a Request to Delete as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent, which also may include:

  • Proof of your registration with the California Secretary of State to conduct business in California;
  • Proof of a power of attorney from the resident pursuant to Probate Code sections 4121-4130. If you are an authorized agent and have not provided us with a power of attorney from the resident pursuant to Probate Code sections 4121-4130, we may also require the resident to: Verify the resident’s own identity directly with us; or Directly confirm with us that the resident provided you permission to make the request.

You have the right to be free from unlawful discriminatory treatment for exercising your rights under the CCPA.

Contact Us:
EmsanaCare Privacy Officer
legal@emsanacare.com
EmsanaCare, Inc.
275 Battery Street, Suite 480
San Francisco, CA 94111