- Arum Health’s digitally-based health care programs (the “Arum Health Programs”);*
- Arum Health offers SaaS apps
- Arum Health’s web and mobile applications (the “Apps”);*
- the websites that Arum Health operates (including www.arumhealth.com) (the “Sites”); and
- all related services and features that Arum Health provides.
Personal Information – In General
Protected Health Information
WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect various Personal Information from you and certain devices that you may use, as further described below. This includes information collected through clinical screeners, applications, registrations, and your use of the Services. We also collect Personal Information in connection with your inquiries. Collection starts from the time that you initially access our Services.
Information that we gather enables us:
- to administer your account,
- to provide you with the Services,
- to send you communications regarding the services we offer,
- to respond to your inquiries,
- to obtain your feedback on our Services,
- to understand who is using our Services and how the Services are performing,
- to personalize and improve our Services,
- to conduct research activities,
- to manage the security of the Services, and
- to fulfill any requirements imposed on us by applicable laws and regulations.
From time to time, we may use or augment Personal Information about you with information obtained from third parties. For example, we may use third-party information to confirm contact or financial information, to verify your coverage eligibility for an Arum Health Program, or to better understand your interests by associating demographic information with the information that you have provided.
In some cases, you will provide Personal Information, including Protected Health Information, to us in connection with your use of the Services, and in other cases, we may collect this information automatically when you visit or interact with the Site, the Apps, or other aspects of the Services. We provide more detail below on the types of Personal Information that you provide and the types of Personal Information that we collect automatically:
Personal Information that You Provide to Us
We will use the Personal Information that you provide for the purposes described above (and any other purposes intrinsic to the Services that you use) and to provide you with an engaging and personalized experience in using the Services. You can choose not to provide us with certain information, but if you do make that choice, we may be unable to provide you with access to or use of many of our features.
Personal Information Collected Automatically
In addition to any information that you provide to us through the Services, we and our third-party service providers may use a variety of technologies that store or collect certain information from you automatically (or passively) when you visit or interact with the Site, the Apps, or other aspects of the Services (“Usage Information”). This Usage Information may be stored or accessed using technologies downloaded to your device whenever you visit or interact with the Services. Examples of Usage Information include: your IP address, other unique device identifiers assigned to your device that allow our computers to recognize you, details of your device’s characteristics and functionality (e.g., browser, operating system, mobile network information), the areas within the Site, the Apps, or other aspects of the Services that you visit and your activities there, your device’s location, and certain other data regarding your device. To the extent we associate Usage Information with your Personal Information that we collect directly from you, we will treat it as Personal Information.
Information from Your Browser or Device
We automatically receive and record Usage Information from your browser on our server logs whenever you interact with the Site, the Apps, or other aspects of the Services. We may use this Usage Information to provide you with customer service and support. We also may use this Usage Information to recognize you when you arrive at the Site from an external link, such as a link appearing on a third-party site or in an email generated by us. We discuss this type of technology in more detail under “Tracking Technologies” below.
Our Services also collect Usage Information to determine how often visitors use parts of the Site, the Apps, or other aspects of the Services so that we can improve our Services and strive to ensure that the Services appeal to as many users and customers as possible. Our Services collect this data in a manner similar to how TV ratings may indicate the number of people that watched a particular show. We may provide this de-identified, aggregate data to our partners and/or customers to identify how our users use our Services, but we only use this data in aggregate form as a statistical measure to monitor how the Services function and not in a manner that would permit us to identify you personally.
You may set your browser to refuse or disable these data collection methods, but doing so may change your experience with the Site, the Apps, or other aspects of the Services, diminish certain aspects of the Services’ functionality, or render certain features inoperable. For example, the Site may not recognize or respond to your browser with “do not track” technologies employed.
We may use various tracking methods or technologies (“Tracking Technologies”) to store or collect your Usage Information, including information about your visits to or interactions with our Site, the Apps, and other aspects of the Services. We use Tracking Technologies for a variety of purposes we believe to be necessary or helpful in improving or assessing the performance of the Services (for example, as part of our analytic practices) or in offering you enhanced functionality (for example, to identify you when you sign in, to keep track of your specified preferences, or to help ensure that the security of your account has not been compromised).
Tracking Technologies may include the following technologies and methods as well as any subsequent technologies and methods later developed to perform similar functions:
Embedded Scripts. An embedded script is programming code designed to collect information about your interactions with the Site, the Apps, and other aspects of our Services, such as a link that you may click on. Embedded scripts are temporarily downloaded onto your device. Embedded scripts remain active only while you are connected to the Services and are then deactivated or deleted.
Web Beacons. The Services may also include small graphic images or other web programming code called “web beacons” (also known as “1×1 GIFs” or “clear GIFs”). Any electronic image or other web programming code inserted into a page or email can act as a web beacon, and web beacons may be invisible to you. Web beacons and similar technologies may be used for a number of purposes, including to count visitors to the Services, to count how many sent emails were opened, to count how many articles or links were viewed, or to monitor how users navigate the Services.
WHO OWNS THE PERSONAL INFORMATION YOU DISCLOSE TO COMPANY?
WHAT PERSONAL INFORMATION DO WE SHARE?
The following sections describe certain circumstances when we may share your Personal Information:
Information Shared with Other Users
If you access or use any Arum Health Program, other users will have access to a range of Personal Information that you share, as further described below. These other users may include your co-workers or other acquaintances. By accessing or using any Arum Health Program, you authorize Arum Health to disclose to other users that you are clinically eligible for the Services and that you participate in relevant aspects of the Services, which may indicate that you meet the clinical enrollment criteria for relevant aspects of the Services and may identify you as living with or at risk for certain chronic diseases or conditions.
If you enroll in an Arum Health Program, on your user profile page, you may provide information about your health, symptoms, and treatments, your feelings about your health information and/or yourself, or any other information about yourself. You may also upload pictures, videos, and stories to your user profile page. Any information that you choose to include in creating, completing, or updating your user profile page may be viewable by other users, and other users may be able to post comments and view posted comments on your user profile page.
In addition, in connection with your participation in an Arum Health Program, we may place you in an online peer group, and you may choose to enroll in other group-based communities that we may offer. The Site, the Apps, and other aspects of the Services may include the ability to interact with discussion boards, chat rooms, community pages, profile pages, bulletin boards, blogs, instant messaging or other messaging services, activities, polls, games, and other communication forums to which you post or otherwise make information or materials available (“Forums”). Please note that any information, text, and images that you post or disclose on or through the Forums may be visible to the present and future users in those groups or communities. Your User ID and user photo may be viewable to these individuals as well when you send messages or when you disclose information on or through the Forums generally.
We take great care to protect your privacy, but please remember that we cannot control how other users will use or disclose any information that share on your user profile page or disclose to Forums. We urge you to exercise discretion and caution when deciding to disclose information, including your health information and other Personal Information, on your user profile page, through a Forum, or otherwise through the Services.
WE EXPRESSLY DISCLAIM ANY RESPONSIBILITY FOR THE USE BY OTHERS OF ANY INFORMATION, INCLUDING PERSONAL INFORMATION, THAT IS DISCLOSED BY YOU OR ON YOUR BEHALF ON YOUR USER PROFILE PAGE OR TO GROUPS OR OTHER PUBLIC-FACING FEATURES OF THE SERVICES, INCLUDING DISCUSSION BOARDS, CHAT ROOMS, MESSAGING SERVICES, OR OTHER FORUMS DESCRIBED ABOVE. BY DISCLOSING ANY OF YOUR INFORMATION THROUGH THESE FEATURES, YOU ACKNOWLEDGE AND ACCEPT ANY RISK AND DAMAGE ARISING FROM THE DISCLOSURE OF THAT INFORMATION.
Communications in Response to User Submissions
As part of the Services, you will receive from us email and other communications relating to your User Submissions. By posting User Submissions, you acknowledge and agree that we may send you email, text messages, phone calls, and other communications that we determine in our sole discretion relate to your User Submissions.
Information Shared with Our Agents
We employ other people and companies to perform tasks on our behalf, and we must share your information with them in order to provide products and/or services to you. By accessing or using the Services, you consent to and authorize Arum Health to disclose Personal Information about you to our authorized personnel and administrators, including, for users that enroll in an Arum Health Program, our health coaches. Unless we have your authorization or consent, we limit these agents’ rights to use any Personal Information that we share with them to what is minimally necessary to assist us. We do not permit these agents to rent or sell any of the Personal Information about you that they receive from us.
Reporting to Sponsors and Third-Party Administrators
We may, in our sole discretion, share, transfer, or otherwise disclose certain of your Protected Health Information to entities that are authorized to receive that information for legally permitted purposes under HIPAA, which may include the companies paying for your participation in an Arum Health Program. This type of sharing is described in more detail in our Notice of HIPAA Privacy Practices. We only share your Protected Health Information in accordance with HIPAA and other applicable legal requirements.
Information Available to App Providers
By downloading any of the Apps from an App Provider, such as the Apple App Store or Google Play, please note that the App Provider and its agents may be able to identify you as a user of our Services.
Information Shared with Other Affiliated Businesses We Do Not Control
In order to provide you with the optimal user experience, we anticipate that we may work with a variety of third-party businesses. In certain situations, we may enable you to buy products or services of third-party businesses through the Services. In other situations, we may provide services or sell products jointly with affiliated businesses. You should be able to recognize when an affiliated business is associated with your transactions. Throughout the course of those transactions, we will share Personal Information that is related to those transactions with those affiliated business.
Referrals to Family, Colleagues, and Friends
From time to time, we may ask or invite you to refer our Services to family members, colleagues, or friends. We ask you to limit your invitations to people in your inner circle that may have an interest in our Services. In these cases, it is your responsibility to ensure that these persons are indeed family members (by marriage, common-law partnership, or parent-child relationship) or people with whom you have a personal relationship (based on frequency of communication, sharing of interests or opinions, etc.). If we refer one of these persons to the Services, we may inform them that you have suggested that they may be interested in trying our Services. If they request that we do not contact them again, we will not contact them again.
Our Business Transfers
Protection of Arum Health and Others
We may release your Personal Information when we believe in good faith that releasing that information is necessary to comply with applicable law, to enforce our conditions of use and other agreements, or to protect the rights, property, or safety of Arum Health, our employees, our users, or others. We may exchange information with other companies and organizations to detect, suppress, or protect against fraud and for credit risk reduction. If necessary and required by law, we will disclose any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted, electronically stored “personal information” or “medical information” (as defined by applicable laws). To the extent permitted by applicable laws, we may make these disclosures to you via email or a conspicuous posting on your private profile in the Services in the most expedient time possible and without unreasonable delay, so long as this is consistent with the legitimate needs of law enforcement and any other measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
IS MY PERSONAL INFORMATION SECURE?
We employ industry-standard administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. In addition, when we collect, maintain, use, disclose, and process your Personal Information, we will do so using systems and processes consistent with the information privacy and security requirements of applicable federal and state laws, including HIPAA.
Your individual user account is also protected by a password for your privacy and security. To help avoid unauthorized access to your account and Personal Information, we suggest that you safeguard your password appropriately, limit access to your devices and browsers, and sign off after you have finished accessing your account.
In addition, to the extent that you use one of the Apps and your device permits that App to send you push notifications, we may send you push notifications that include Personal Information and, in limited instances, PHI that is not encrypted. Depending on your device settings, push notifications may be visible to other people who encounter your device. In most cases, you can opt out of receiving push notifications by adjusting the settings on your device. To the extent that you do not opt of receiving push notifications, you agree to receive push notifications and to be responsible for the security and confidentiality of any information displayed in push notifications on your devices.
Although we take great care to protect your Personal Information, we cannot guarantee that criminals or others acting unlawfully will not succeed in efforts to undermine our security measures. Unauthorized entry to, access to, or use of our systems or locations, hardware or software failure, loss, and other factors may compromise the security of your information at any time.
WHAT PERSONAL INFORMATION CAN I ACCESS AND CORRECT?
If you have an account with us to receive one of the Arum Health Programs, you can access certain information about you described below through the App or otherwise through the Arum Health Program in order to view, and in certain situations, update that information. This list may change as the Services change.
- First and last name
- Account and user profile information (e.g., nickname and picture)
- User email address
- User mailing address
- User phone number
- Username and password
- Communication preferences (e.g., email and push notifications)
- Weight data
- Activity tracking data
- Blood glucose measurements (if applicable to the Services you receive)
- Blood pressure measurements (if applicable to the Services you receive)
WHAT RIGHTS AND CHOICES DO I HAVE REGARDING MY PERSONAL INFORMATION?
Choosing Not to Disclose
You may choose not to disclose information to us, even though that information may be required to take advantage of certain features of the Services.
You also have the right to request certain information from us, specifically:
- a copy of the Personal Information that we collect from you,
- a description of the specific pieces of Personal Information that we collect from you,
You also have rights concerning our access to and use of your Protected Health Information, which are described more fully in our Notice of HIPAA Privacy Practices.
Unsubscribing from Communications
Deleting Your Personal Information
HOW DO WE PROTECT CHILDREN’S PERSONAL INFORMATION?
The Services are not directed to children, and we do not knowingly collect Personal Information from children. We do not knowingly allow or solicit anyone under the age of 18 to participate independently in any of the Services. If a parent or guardian becomes aware that a child has provided us with Personal Information, please contact us. If we become aware that a user of the Services under the age of 18 has provided us with Personal Information without verifiable parental consent, we will delete such Personal Information from our files.
HOW CAN YOU CONTACT US WITH QUESTIONS OR CONCERNS?
We will make every effort to respond to your questions, concerns, and requests within a reasonable time.
Effective Date: January, 2020