Onyx Technology LLC
The term “HIPAA” means the Health Insurance Portability and Accountability Act of 1996. The HIPAA Privacy Rule standards address the use and disclosure of Protected Health Information by organizations subject to the Privacy Rule.
1.2 Personal Information.
The term “Personal Information” means any information that can be used to identify an individual, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual, and any other information that we associate with it.
1.3 Protected Health Information or PHI.
3. The Information We Collect.
To provide our Services, and to otherwise conduct our business, we rely on information provided by, and collected from, our users. This information consists of the following:
3.1 Personal Information.
The Personal Information we collect may include the following:
- Your name, email address, and password;
- Other contact information, including a physical address and phone / fax number;
- The agency or organization that you represent and your title;
- Your demographic information, such as your gender and date of birth;
- Your healthcare information, including Protected Health Information;
- Your geolocation information;
- Any information or feedback you provide to us through our Platform or via social media, email, or phone;
- Your transactions with us.
3.2 Online Activity Information.
We also collect technical and device-related information through our Platform and third party analytics tools that we use (collectively, “Online Activity Information“). For example, we use your IP address, time and date of your visit, and your interactions within the Platform to monitor customer traffic patterns and site usage to help us improve your user experience and ensure the quality of our service to you. Subject to Section 3.2 (Treatment of Combined Information) below; otherwise we will treat it as Anonymous Information unless an applicable law establishes that Online Activity Information constitutes Personal Information.
3.3 Health Care Information.
We obtain your permission to access your own healthcare information, including PHI from other entities, such as your health care payer or provider. We maintain a copy of such health information, originally obtained either directly from you or from your provider, and use that information to provide you the Services.
3.4 Contact Information for Others with Whom You Have Chosen to Share Your Information.
If you choose to share information with individuals, companies, or health care providers through our Platform, then we will collect their contact information from you. We will also only share the information you choose to share with them.
3.5 Anonymous Information.
3.6 Treatment of Combined Information.
4.1 Profile Information.
In order to access certain information, products, and services on our Platform that are limited to registered users (each, a “Registered User“), we require that you complete a registration process in order to create an account profile, and to obtain a username and password associated with that profile. To create your profile, we will ask you for certain Personal Information, including your name, address, email address, telephone number, gender, and date of birth.
4.2 Casual Site Visitor.
We allow you to visit our Site and review other information about our Services without revealing your identity or otherwise providing Personal Information. In that case, the only information that we collect from your visit will be Online Activity Information or Anonymous Information. As a casual site visitor, you decide whether to provide us with your Personal Information.
4.3 Contacting Onyx.
You can contact us with questions, comments, complaints, feedback, requests for information, or other communications. In order to communicate with us, you must provide certain Personal Information. We may use Personal Information and other information submitted to provide you with the information, products, and services that you have requested.
4.4 Information Received from Third Parties.
4.5 Collection of Personal Information Offline.
We may offer newsletters and other content about the Platform, our services and initiatives, and other issues that we believe may be of interest to you. We will use your Personal Information to provide you with this content. You can opt-out of receiving this content by following the instructions set out in Section 12 (Your Choices Regarding Your Personal Information; Opting Out).
4.7 Promotions; Submitted Content.
We may give you the ability through the Platform to engage with us and others in public exchanges, and this may include opportunities for you to customize your user profile and provide comments, feedback, images and audiovisual files, and other information and materials that you wish to share (collectively, “Submitted Content“). You agree that we may use and adapt your Submitted Content (including, but not limited to, your name, experiences with us, and other provided feedback) for these purposes and without the need for compensation. We are not responsible for Personal Information you decide to include in Submitted Content, and we will not take down, remove, or edit Submitted Content, except as required by applicable law. If your Submitted Content includes Personal Information relating to others, you represent that you have full permission and authority to do so.
4.8 Employment Applications.
5. How We Collect Online Activity Information and Anonymous Information.
5.1 Logs; IP Addresses.
Either directly, or through our Service Provider, we may automatically receive and record information in our server logs from your browser, including your IP address (the Internet address of your computer), your computer’s name, the type and version of your web browser, referrer addresses, where the computer is routing from, and other generally-accepted log information. We may also record page views (hit counts) and other general statistical and tracking information, which will be aggregated with that of other users in order to understand how our Platform is being used and for security and monitoring purposes.
5.2 Computer Configuration.
A cookie is a small amount of data that is sent to your browser from a website’s computers and stored on your computer’s hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. For example, we may include cookies on our Website and use them to recognize you when you return to our Platform. You may choose not to accept cookies; however, you may need to enable cookies if you wish to access certain personalized features of our Services.
We may send email messages, which use a “click-through URL” linked to content on our Platform. When you click one of these URLs, you pass through our web server before arriving at the destination web page. We track this click-through data to help determine interest in particular topics and to measure the effectiveness of our customer communications. If you prefer not to be tracked simply do not click text or graphic links in the email, or notify us in accordance with Section 12 (Your Choices Regarding Your Personal Information; Opting Out).
6. How We Use this Information.
- We will use the information you share with us to provide you with Services you request, and to act on your choices about sharing information with individuals and entities.
- We will use your contact information to communicate with you about your account and our Services, such as to respond to your inquiries, comments, or complaints that you provide to us. We will not disclose PHI in emails; instead, we may send an email asking you to log into your account.
- We will create aggregated and/or de-identified statistical, information about our users or their web usage and may disclose this statistical information when appropriate. These statistics will be aggregated and adhere to the HIPAA requirements.
- We will only share your Personal Information with individuals, other applications, or websites, health care providers, or payers at your direction.
- We will not use or disclose any of your Personal Information for marketing purposes, or to serve you ads related to your health, unless you specifically and explicitly consent. You also may withdraw your consent to future offers or ads at any time.
- To allow you to post or provide Submitted Content and participate in surveys and questionnaires.
- To process payments you make with respect to our Services.
- To customize, enhance, and enrich your visit to and use of the Platform.
- To consider your submittals and other expressions of interest in connection with our career opportunities.
- To determine which content or information (including, if applicable, our newsletter) might interest you and, upon making this determination, to provide you with the associated information.
- To track access to, and use of, our Platform, and conduct data and other analyses, including anonymization and aggregation of Personal Information.
- To perform internal administration, auditing, operation, and troubleshooting for our Platform.
- To perform analytics, quality control, market research, and to determine the effectiveness of our Platform.
- To evaluate and improve our Platform, and our communications, and to develop and test new services and content.
- To engage in the activities specified in Section 7 (How We May Disclose this Information).
We may also use information we collect as we believe to be necessary or appropriate for certain essential purposes, including to: (i) comply with applicable law and legal process; (ii) respond to requests from public and government authorities; (iii) detect, prevent, or investigate potential security incidents or fraud; (iv) provide important safety information; (v) facilitate the functionality of our Platform; (vi) enforce our terms and conditions; (vii) protect our operations or those of our affiliates; (viii) protect our rights, privacy, safety or property, security and/or that of our affiliates, you, or others; and (ix) allow us to pursue available remedies or limit the damages that we may sustain.
7. How We May Disclose This Information.
7.1 Your Choices For Information Sharing.
Our Platform is designed to make it easy for you to get your Personal Information from the health care entities that are involved with your care. We also enable you to share this data in various ways – but only if you elect to do so.
We strive to give you meaningful choices about controlling the Personal Information you have provided – whom you let see it, how much, and for how long. Your choices may include:
- What and how much Personal Information you want to create and store yourself (e.g. symptom logs, exercise records, blood pressure readings, blood glucose logs);
- What and how much Personal Information about yourself provided by outside sources you decide to store in your account with us (e.g. medical lab results, data provided by applications);
- What and how much Personal Information, if any, you want to share with friends and family;
- What and how much Personal Information you want to share with your health care providers, and others only when authorized by you if at all;
- Changing any of these preferences and choices at any time; and
- Closing your account at any time.
7.2 Our Service Providers.
Moreover, we engage third parties to perform functions on our behalf, such as maintaining the Platform, collecting information, responding to and sending email or other messages, and other functions useful to our business (collectively, the “Service Providers“). To this end, we may provide our Service Providers with Personal Information, Online Activity Information, and Anonymous Information. The following are examples:
- We may use Service Providers: (i) to fulfill your requests; (ii) to process and distribute email; and (iii) to manage activities related to our business. These Service Providers generally require access to your Personal Information in order to perform these services.
- We may use Service Providers to provide customer service (where applicable) or marketing support, such as to process and distribute email. These Service Providers generally require access to your Personal Information in order to perform these services.
- We may engage Service Providers to analyze the interests and attributes of our users and, using techniques based on Anonymous Information and Online Activity Information, identify others who might share those interests and attributes. We then use this information to reach out to relevant market segments to provide them information concerning the Platform.
- We may use analytics Service Providers to assist us in understanding and using Online Activity Information and other information that we collect via the Site. A service we use in this regard is Google Analytics, and information concerning how Google uses the information is available at https://policies.google.com/privacy/partners. Opt-out options specific to Google Analytics are available at https://tools.google.com/dlpage/gaoptout.
- Our Platform may include links to third party website offering services that augment our Services.
- We may use Service Providers to anonymize and aggregate Personal Information in order to generate Anonymous Information.
We require our Service Providers to contractually commit to protect the privacy and security of the Personal Information they process on our behalf.
7.3 Questions of Harm; Legal Process.
We may disclose your Personal Information and Online Activity Information to third parties, including law enforcement agencies, attorneys, and private investigator organizations, where it is necessary, or where we have a good faith belief that it is necessary to: (i) comply with legal process; (ii) protect and defend our rights and property, including the Platform and associated content; (iii) protect against misuse or unauthorized use of our Platform; (iv) protect the personal safety or property of users or the public, including your personal safety or property (it being understood that we assume no duty to provide, or monitor the need for, such protections); and (v) cooperate with public and government authorities including, where required, authorities outside your jurisdiction. While you are not able to opt out of this use of information, we will take reasonable steps to limit such use, and disclose only the information we reasonably believe is necessary for the above purposes. If we receive legal process calling for the disclosure of your Personal Information, then we will attempt to notify you within a reasonable amount of time unless such notification is not permitted.
7.4 Corporate Transactions.
7.5 Our Affiliates.
8. Disclosing Personal Information Where it is Not Specifically Requested.
If we have not specifically asked for your Personal Information, for example, in a particular portion of an online form, then you should not provide any Personal Information in that portion of the form.
We retain Personal Information for the period of time necessary to fulfill the purposes for which we obtained the Personal Information and consistent with applicable law. We use the following criteria to set our retention periods: (i) the duration of our relationship with you; (ii) the existence of a legal obligation as to the retention period; and (iii) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).
We take reasonable steps (i) to maintain the accuracy of the Personal Information we process, and (ii) to limit the Personal Information that we process to that which is reasonably necessary for the purposes for which we obtained the information.
You can view the information you or others have submitted into your active account with us at any time. If you would like to review, correct, or update the Personal Information that you have provided to us, or if you would like to request an electronic copy of this Personal Information you may do so through the Platform, or make requests to us by contacting us as provided in Section 18 (Contact Us).
12. Your Choices Regarding Your Personal Information; Opting Out.
12.1 Deletion of Personal Information.
You may request that we delete your Personal Information, or to deactivate or close your account with us. Note that deletion requests are subject to a number of limitations, for example, we may keep Personal Information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, to process transactions and facilitate you requests, and for other internal business purposes consistent with the terms under which it was collected. Please also note that if you delete your information from your account with us, or deactivate or close your account entirely, it becomes inaccessible by you and cannot be viewed by anyone else through our Platform. Lastly, if you have already shared your information through our Platform with a third party – such as an individual, health care provider, or other entity, and that third party has already saved that information in their own system, such information will persist in their records and you will need to contact the third party to request the deletion of such information from their records.
12.2 Unsubscribing to Marketing Communications.
If you no longer wish to receive bulletins, updates, or other marketing-related materials from us, you can opt out of this Service by either (i) following the “unsubscribe” instructions located near the bottom of each email message, or (ii) contacting us as provided in Section 18 (Contact Us).
12.3 Response to Requests.
Please be advised that Onyx will fulfill these requests in its reasonable discretion and in a manner consistent with any applicable law. Likewise, we will aim to complete such requests as soon as reasonably practicable and in a manner consistent with any applicable law. If you otherwise have concerns or objections with our processing of your Personal Information, please contact us as provided in Section 18 (Contact Us).
We have implemented reasonable technology and security features appropriate to the sensitivity of the information, including the use of encryption, to safeguard the privacy of your Personal Information from unauthorized access or improper use. We are committed to keeping personal information secure. We impose controls that limit internal access to your information. While online data can never be 100% secure, we work to protect your personal information from loss, misuse or unauthorized access, alteration or destruction by maintaining appropriate physical, technical, and administrative security standards and procedures to safeguard our data systems. For example, when you transmit Personal Information to us, such as your name or contact information, may be protected by: (i) an Internet connection using secure socket layer (SSL) technology; (ii) encryption during transmission to make your information unreadable as it passes over the Internet; (iii) encryption of your data at rest to make your information unreadable indirectly through the system’s backend; and (iv) use of a unique user name and password for each user. We also educate our employees on the importance of our privacy and security policies, and we require that they comply with those policies.
California law requires certain businesses to respond to requests from California users who ask about business practices related to disclosing Personal Information to third parties for direct marketing purposes. The California “Shine the Light” law further requires us to allow California residents to opt out of certain disclosures of Personal Information to third parties for their direct marketing purposes.
We want your feedback. If you have a suggestions on how we can improve our Services or complaints you would like us to address, please contact us at the address set out in Section 18 (Contact Us). If you are a California resident, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs. Other states may provide similar avenues for lodging complaints. Please check with your state’s consumer protection authority.
18. Contact Us.
Our Website does not change its behavior when receiving “Do Not Track” signals from browser software.
21. International Considerations.
22. Effective Date.
23. COPYRIGHT AND LEGAL NOTICE.
Copyright © 2020 Onyx Technology LLC. All Rights Reserved.