WE CARE ABOUT PATIENT RIGHTS AND THEIR DATA
We won't share data without patient permission or without a patient's knowledge of who they are sharing data with. Period.
1. PERSONAL INFORMATION WE COLLECT
In conducting every aspect of our business, we may collect personal information. The information we collect will vary depending on your interaction with us. Such information may include, without limitation: your name, addresses, email addresses, telephone numbers, social security number, date of birth, age, credit or debit card numbers or other payment methods, billing information, insurance information, gender, protected health information, and other types of personal information that you choose to provide to us or that we may obtain about you. We collect personal information, as well as other information, in multiple ways.
Information You Provide to Us: We collect information you provide to us. This may include, for example, when you request information or materials from us, visit or use our Sites, purchase our products or services, create an account in our application, register for an account on the customer portal, communicate with our customer service or sales teams, respond to a survey, or respond to our advertisements.
Information We Collect from Other Sources: We may collect information about you from a variety of third parties. For example, we may obtain information about you from: covered entities such as health plans, health insurance companies, health care providers and healthcare clearinghouses; organizations, universities and private clinics conducting research studies or clinical trials; companies that search for, provide, and/or aggregate information from public records, such as LexisNexis Risk Solutions and Accurint; state and federal government agencies, such as the IRS and Medicare/Medicaid; credit bureaus and credit reporting agencies, such as Equifax; your existing health, medical, provider, or insurance accounts when you grant permission to access your accounts or information; social media networks; and publicly-available sources and data suppliers from which we obtain data to validate or supplement the information we hold.
Information We Collect Automatically: When you use or visit our Sites, we collect some information automatically. For example, when you visit our website, we may collect device, usage and log information such as your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, the search engine you used to locate the website, and the website you visited before or after our site. In addition, we gather certain navigational information about where you go on our website to help us determine which areas of the website are most frequently visited and helps us to tailor the sites to the needs and interests of our online visitors. If you use our mobile applications or use our Services on a mobile device or tablet, we may also collect your device type, mobile phone number, operating system type, wireless carrier, and device IDs, on our mobile applications.
2. HOW WE USE PERSONAL INFORMATION
We use your personal information to help us assist you.
We may use your personal information to: Complete contracts as well as any disclosures or other documents required by law; Provide, develop, maintain, and improve our products and Services (e.g. evaluate the performance of our staff, assess the quality of our products and Services, and help us improve our website and processes);Process any applications, forms, requests, inquiries, or other information submitted to us; Send marketing communications, promotional offers, and periodic customer satisfaction, market research or quality assurance surveys; Communicate with you; Administer and process payments to you or from you; Create and update your customer account, including aggregating your health and medical records and treatment information; Allow creation, maintenance, customization, enrollment, registration, and securing of accounts on your behalf; Administer and support participation in sweepstakes, special offers, special pricing, discounts, and promotions; Personalize our products, websites, and Services, including content, ads and offerings; Perform research and analytical activities (e.g. identifying trends and the effectiveness of marketing campaigns); Solicit your participation in a clinical trial or research study; Conduct audits, security and fraud monitoring and prevention; Protect our legitimate business interests and legal rights; and Assist us with legal claims, compliance, regulatory and investigative purposes as necessary (including in connection with law enforcement investigations, legal process, or litigation).
We may also use personal information we have collected and aggregated or anonymized personal information for any purpose permitted by law. For example, we may use this information to understand more about our users, such as by analyzing aggregated information to calculate the percentage of our users who have a particular telephone area code. This includes demographic data, inferred commercial interests, and other information we may collect from you or from third parties.
3. HOW WE SHARE PERSONAL INFORMATION
We have strict data sharing policies. We share data when these two things happen:
1) we have patient permission AND
2) patient's know who they are sharing the data with.
No unknown third parties. Period. We may share your personal information with the third parties when you request that we do so or when it is necessary that we to do so as described below.
Service Providers. We may share your personal information with third parties who work on behalf of, or with, us such as vendors, processors, suppliers, agents, attorneys, management companies, staffing companies, and representatives (collectively, "Service Providers”). Service Providers assist us with a variety of functions including, but not limited to, sending communications, assisting with analytics, conducting research or surveys, sending regular mail and e-mail, maintaining databases, providing software applications, or processing credit card or debit card payments.
Covered Entities. We may share your personal information with Covered Entities. “Covered Entities” are people or parties that you indicate that you would like your data shared with, such as health care providers, health plans, and healthcare clearinghouses that must comply with the HIPAA Privacy Rule. For example, we may share your personal information with your physician if you direct us to do so.
Clinical Trial Sponsors and Investigators. If you participate in a clinical trial or research study, we may share your personal information with the sponsor of the clinical trial or research study and the investigators involved in that trial or study or in related trials or studies.
Government Agencies. We may share your personal information with government agencies, law enforcement, or authorized third parties in response to a request relating to a civil or criminal investigation or other alleged illegal activity. We may also share your personal information with government agencies such as the Department of Defense and the Secretary of the U.S. Department of Health and Human Services.
Corporate Transactions. We may transfer your personal information in the event we: (i) sell or transfer, or are considering selling or transferring, all or a portion of our business or assets; or (ii) are considering or engaging in any reorganization, conversion, merger, sale, joint venture, assignment, transfer or disposition of all or any portion of our ownership interest, business or operations.
With Your Consent or At Your Direction. We may share your personal information with third parties whenever you consent to or direct such sharing.
4. USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION
We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information (“PHI”) that we obtain subject to the terms of a Business Associate Agreement. A Business Associate Agreement is a formal written contract between The Pluto Health and a Covered Entity that requires us to comply with specific requirements related to PHI. We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the Business Associate Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the Business Associate Agreement and would not violate the Privacy Rule. In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the Business Associate Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards. We may also use PHI to report violations of law to appropriate federal and state authorities.
5. PERSONAL INFORMATION OF CHILDREN
6. “DO NOT TRACK” DISCLOSURE
We do not collect or respond to Do Not Track signals and our websites do not function differently based on any Do Not Track preferences that may be received. For more information on Do Not Track signals, please visit https://allaboutdnt.com/.
7. ANALYTICS SERVICES
8. LINKING TO OTHER SITES
Our website may contain links to other sites that we do not own or operate. We do not control, recommend or endorse and are not responsible for these sites or their content, products, services or privacy policies or practices. These other sites may send their own cookies to your device, they may independently collect information about you or from you, and they may or may not have their own published privacy policies.
9. PROTECTION OF PERSONAL INFORMATION
We store your information using reasonable physical, technical and administrative safeguards. Please be aware that the Sites and data storage are run on software, hardware and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. In addition, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. We cannot ensure or warrant the security of any information you transmit to us over the internet.
We retain your personal information for as long as necessary to provide our services and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. If you access the Sites or utilize our services on behalf of an organization, we retain your organizational contact details after the termination of your organization’s transaction to continue to communicate with you.
If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt out by contacting us by email at firstname.lastname@example.org or by following the instructions in any such email you receive from us. We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.
12.LOCATION OF PROCESSING
Subject to applicable law, we will transfer personal information collected in connection with the use of our Sites or services to the United States for processing. By providing personal information to us or using the Sites, you acknowledge and consent to the transfer and processing of such information in the United States.
In certain circumstances, you may be able to review and request changes to your personal information.
Last Updated: May 5, 2021