Last Updated: August 1, 2020
The term “you”, “your”, “User” or “Consumer” shall refer to any individual that views, uses, accesses, browses or submits any content or material to the Services. The term “Provider” shall refer to mental health providers and health systems that use our marketing services. The terms “we,” “our” or “us” shall refer to Violet.
BY VISITING, SIGNING UP, USING, BROWSING, OR ACCESSING THE SERVICES, YOU CONSENT TO THE DATA PRACTICES DESCRIBED IN THIS STATEMENT. IF YOU DO NOT AGREE WITH OUT PRIVACY PRACTICES, DO NOT USE THE SERVICES.
INFORMATION WE COLLECT
We may collect information, including: Personal Health Information, Personal Information and Non-Personal Information, when you interact with us and the Services, for example when you:
PERSONAL HEALTH INFORMATION (PHI) and HIPAA
Certain demographic, health and/or health-related information that Violet collects about Consumers as part of providing the Services to Providers may be considered “Protected Health Information” or “PHI” under the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, when Violet, acting as a “Business Associate” (as such term is defined in HIPAA) receives identifiable information about a Consumer from or on behalf of a Provider, this information is considered PHI. Personal data that a Consumer provides to Violet outside of the foregoing context is not PHI. For example, when you provide information directly to us, such as when creating an account or using our interactive tools and services, searching for Providers or available appointments with Providers, and completing medical history forms; or when you voluntarily provide information in free-form text boxes through the Services or through responses to surveys and questionnaires, or post reviews; or when you send us an email or otherwise contact us, that information is not PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Violet may only use and disclose PHI in the ways permitted by a Consumer’s Provider(s) or authorized by a Consumer.
“Personal Information” means information about you that specifically identifies you or, when combined with other information we have, can be used to identify you. As a general rule, we do not collect Personal Information about you when you visit and/or use the Services, unless you choose to provide such information to us. Submitting Personal Information through the Services is voluntary. By doing so, you are giving us your permission to use the information for the stated purpose.
Through the Services, we may collect information that can identify you when you voluntarily submit it to us. Your Personal Information may include:
We will take reasonable precautions, as well as physical, technical, and organizational measures in accordance with industry standards, as described herein, to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Computer safeguards, such as firewalls and data encryption may be used to protect your information. We authorize access to your information only for those employees or agents who require it to fulfill their job responsibilities and these individuals are required to treat this information as confidential.
However, the security of information on or transmitted via the Internet cannot be guaranteed. Unauthorized entry of use, hardware or software failures, and other factors may compromise the security of your Personal Information. All information you send to us electronically or through email is not secure. Any transmission is at your own risk as the transmission of information via the Internet is not completely secure. Users are solely responsible for protecting their passwords, limiting access to their computers, and signing out of the Account after their sessions.
We collect and temporarily store certain information about your usage of the Services. Non-Personal Information means information that alone cannot identify you, including data such as cookies, pixel tags, web beacons and device information. The information includes, without limitation:
We may use information that is neither Personal Data nor PHI (including non-PHI Personal Data that has been de-identified and/or aggregated) to better understand who uses our Services and how we can deliver a better digital healthcare experience, or otherwise at our discretion.
If you do not want us to collect this information, you may either change your device’s privacy settings or DO NOT ACCESS OR USE THE SERVICES.
INFORMATION COLLECTION TECHNOLOGIES
The technologies we use for automatic information collection may include:
CHANGING YOUR DATA COLLECTION SETTINGS
We strive to provide you with choices regarding the Personal Information you provide to us. You may need to adjust the settings on your computer and/or device to restrict the collection of information by the Services, but this may prevent you from accessing all of the features of the Services.
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. You can also delete all Cookies that are already on your computer. Although you are not required to accept Violet’s Cookies, if you block, reject, or delete them, you may have to manually adjust some preferences every time you visit a site and some of the Services and functionalities may not work.
To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about Cookies, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/.
THIRD-PARTY AUTOMATIC INFORMATION COLLECTION
When you use the Services or its contents, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include:
These third parties may use tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your Personal Information or they may collect information about your online activities over time and across different websites, mobile applications and other online sites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
HOW WE USE YOUR INFORMATION
HOW WE DISCLOSE YOUR PERSONAL INFORMATION
The Personal Information you provide to us whether voluntarily or automatically, may be used and disclosed without limitations, in the following instances:
HOW WE DISCLOSE YOUR NON-PERSONAL INFORMATION
We may also disclose Non-Personal Information:
HOW TO ACCESS, UPDATE, WITHDRAW CONSENT OR DELETE YOUR INFORMATION
If the laws applicable to you grant you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether or not we process your Personal Information or ask to withdraw any consent you have previously provided to Violet in connection with our use and processing of your Personal Information. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information the accuracy of which you contest while we verify the status of that data.
If you wish to exercise any of these rights or withdraw your consent, please contact us at: firstname.lastname@example.org. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you. While we strive to honor all reasonable requests, please be aware that we backup the data to prevent accidental or malicious destruction of your information. Information on backup servers may take some time to be completely deleted from the system. If you request that we remove you from our system and delete all your information, please note that you may still receive materials while your request is being processed.
SECURITY AND DATA RETENTION
The security of your Personal Data is important to us. We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. We endeavor to follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and in storage. For example, the Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data. We store and process your information on our servers in the United States and abroad. We maintain what we consider industry standard backup and archival systems. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, for example, by making good faith efforts to store Personal Data in a secure operating environment that is not open to the public, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot and do not guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.
If at any time during or after our relationship we believe that the security of your Personal Data may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can update that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. You consent to our use of e-mail as a means of such notification. If you prefer for us to use the U.S. Postal Service to notify you in this situation, please e-mail us at email@example.com Please include your address when you submit your request. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this e-mail address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Data.
We retain Personal Data about you consistent with all internal policies and procedures. We may retain Personal Data to comply with our legal obligations, resolve disputes or collect fees owed, or as is otherwise permitted or required by our data retention policies and procedures.
COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
We represent and warrant that we will comply with all applicable laws, rules, regulations, directives and guidelines regarding the collection, use and disclosure of data collected from or about Users or specific devices which apply to the services utilized hereunder (collectively, the “Rules”). The term “Rules” shall include, without limitation, (i) United States Federal Trade Commission Laws regarding the collection, use and disclosure of data from or about users and/or specific devices; (ii) the Children’s Privacy Protection Act of 1998 (COPPA); (iii) The California Consumer Privacy Act of 2018 (“CCPA”) and (iv) if applicable, the Rules of any other jurisdiction, including and European Union General Data Protection Regulation (“EU GDPR”), rules, regulations and/or directives promulgated by a pertinent Data Protection Act, and all amendments and updates to them or regulations as replaced or superseded from time to time.
The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. If you have any questions about this section or whether any of the following applies to you, please contact us at firstname.lastname@example.org and indicate “California Rights” in the subject line of your communication.
The Services are not directed to or intended for use by children under 13 years of age. If you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any Personal Data. By accessing, using and/or submitting information to or through the Services, you represent that you are not under the age of 13. As noted in the Terms and Conditions, we do not knowingly collect or solicit Personal Data from children under the age of 13. If we learn that we have received any Personal Data directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that Personal Data only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s Personal Data. If you believe that a child under 13 may have provided us with Personal Data, please contact us at email@example.com
If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Data as otherwise provided herein.
If you use the Services on behalf of another person, regardless of age, you agree that Violet may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.
UPDATES TO THIS POLICY