Onyx Technology LLC

Your privacy is important to you and it is important to us! This privacy policy and agreement (this “Privacy Policy” or “Policy“) describes how we collect, use, and treat personal information that you provide to Onyx Technology LLC (“Onyx“, “we“, “our“, or “us“) through our website at https://onyxhealth.io (our “Website” or “Site“), our software solutions (each, an “App“), or while otherwise using the services and information available via the Website, App, or otherwise (collectively, the “Services“) (the Services, together with our Website and App, are referred to as the “Platform“). Please read this Privacy Policy carefully. Once you consent to this Privacy Policy and its terms, it creates legal obligations on you and on Onyx. Our Privacy Policy applies to anyone using our Website, App, or otherwise participating in our Services (collectively, “you” and “your“).

1. Definitions.

1.1 HIPAA.

The term “HIPAA” means the Health Insurance Portability and Accountability Act of 1996. The HIPAA Privacy Rule standards address the use and disclosure of Protected Health Information by organizations subject to the Privacy Rule.

1.2 Personal Information.

The term “Personal Information” means any information that can be used to identify an individual, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual, and any other information that we associate with it.

1.3 Protected Health Information or PHI.

The term “Protected Health Information” or “PHI” means Personal Information that is subject to HIPAA and that includes individually identifiable health information, held or maintained by a covered entity or its business associates acting for the covered entity, transmitted or maintained in any form or medium. This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse. For purposes of this Privacy Policy, the term “PHI” is a subset of Personal Information.

2. Your Consent to this Privacy Policy.

You indicate your consent to this Privacy Policy by using our Website, an App, or otherwise participating in our Services. We may also request your express consent when you create an account with us, or at other times when we collect Personal Information from you. In any case, you are acknowledging that you have read and understood this Privacy Policy, and agree to be legally bound by it. If you do not agree with the terms of this Privacy Policy, then please do not use our Platform.

3. The Information We Collect.

To provide our Services, and to otherwise conduct our business, we rely on information provided by, and collected from, our users. This information consists of the following:

3.1 Personal Information.

The Personal Information we collect may include the following:

  • Your name, email address, and password;
  • Other contact information, including a physical address and phone / fax number;
  • The agency or organization that you represent and your title;
  • Your demographic information, such as your gender and date of birth;
  • Your healthcare information, including Protected Health Information;
  • Your geolocation information;
  • Any information or feedback you provide to us through our Platform or via social media, email, or phone;
  • Your transactions with us.

If you provide us with any Personal Information relating to another individual, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

3.2 Online Activity Information.

We also collect technical and device-related information through our Platform and third party analytics tools that we use (collectively, “Online Activity Information“). For example, we use your IP address, time and date of your visit, and your interactions within the Platform to monitor customer traffic patterns and site usage to help us improve your user experience and ensure the quality of our service to you. Subject to Section 3.2 (Treatment of Combined Information) below; otherwise we will treat it as Anonymous Information unless an applicable law establishes that Online Activity Information constitutes Personal Information.

3.3 Health Care Information.

We obtain your permission to access your own healthcare information, including PHI from other entities, such as your health care payer or provider. We maintain a copy of such health information, originally obtained either directly from you or from your provider, and use that information to provide you the Services.

3.4 Contact Information for Others with Whom You Have Chosen to Share Your Information.

If you choose to share information with individuals, companies, or health care providers through our Platform, then we will collect their contact information from you. We will also only share the information you choose to share with them.

3.5 Anonymous Information.

We may also have (i) information that does not identify you or your devices, and (ii) de-identified Personal Information that no longer identifies you (collectively, “Anonymous Information“). Information that meets either of these criteria may include, for example, certain demographic information, statistical information (e.g., page views and hit counts), and general tracking information. We use Anonymous Information for our business operations, such as to improve our Platform. Because Anonymous Information does not include Personal Information, any Anonymous Information, and our use of it, is not subject to this Privacy Policy.

3.6 Treatment of Combined Information.

If we combine Online Activity Information or Anonymous Information with Personal Information, then we will treat the resulting combination as Personal Information subject to the terms of this Privacy Policy. Moreover, we may combine Personal Information that you provide to us with other data for our business operations and for other purposes specified in this Privacy Policy. If information we combine in this manner includes your Personal Information, we will treat the combined information as your Personal Information for all purposes under this Privacy Policy.

4. How We Collect Information.

4.1 Profile Information.

In order to access certain information, products, and services on our Platform that are limited to registered users (each, a “Registered User“), we require that you complete a registration process in order to create an account profile, and to obtain a username and password associated with that profile. To create your profile, we will ask you for certain Personal Information, including your name, address, email address, telephone number, gender, and date of birth.

4.2 Casual Site Visitor.

We allow you to visit our Site and review other information about our Services without revealing your identity or otherwise providing Personal Information. In that case, the only information that we collect from your visit will be Online Activity Information or Anonymous Information. As a casual site visitor, you decide whether to provide us with your Personal Information.

4.3 Contacting Onyx.

You can contact us with questions, comments, complaints, feedback, requests for information, or other communications. In order to communicate with us, you must provide certain Personal Information. We may use Personal Information and other information submitted to provide you with the information, products, and services that you have requested.

4.4 Information Received from Third Parties.

As explained further in Section 7.2 (Our Service Providers), we may engage third parties to perform certain services for us or on our behalf. The forms on our Platform may be managed by such third parties, and we may obtain from the applicable Service Provider the information that you provide using such forms (including Personal Information). We may also receive information from third parties such as our partners, public databases, and social media platforms, to supplement the information that we receive from you. This Privacy Policy will govern how we use information we collect in this manner.

4.5 Collection of Personal Information Offline.

We may ask you to provide us with Personal Information via offline interactions. If you provide information to us at our request, then we will strive to provide you with either verbal and/or written notice of this Privacy Policy upon your request for a copy of the Privacy Policy. We treat any information that you provide to us as Personal Information under this Privacy Policy.

4.6 Newsletters.

We may offer newsletters and other content about the Platform, our services and initiatives, and other issues that we believe may be of interest to you. We will use your Personal Information to provide you with this content. You can opt-out of receiving this content by following the instructions set out in Section 12 (Your Choices Regarding Your Personal Information; Opting Out).

4.7 Promotions; Submitted Content.

We may give you the ability through the Platform to engage with us and others in public exchanges, and this may include opportunities for you to customize your user profile and provide comments, feedback, images and audiovisual files, and other information and materials that you wish to share (collectively, “Submitted Content“). You agree that we may use and adapt your Submitted Content (including, but not limited to, your name, experiences with us, and other provided feedback) for these purposes and without the need for compensation. We are not responsible for Personal Information you decide to include in Submitted Content, and we will not take down, remove, or edit Submitted Content, except as required by applicable law. If your Submitted Content includes Personal Information relating to others, you represent that you have full permission and authority to do so.

4.8 Employment Applications.

In the careers section of our Website and through other public job postings, we may invite you to apply for employment opportunities with us by submitting your Personal Information, employment information, resume and other, similar kinds of information. We may also rely on Service Providers to support the collection and processing of such information in connection with employment applications. We will treat such Personal Information you provide to us directly or that we receive from Service Providers in compliance with this Privacy Policy, and use this Personal Information to assess and process your employment application. We do not guarantee that we will contact you after you submit an employment application.

5. How We Collect Online Activity Information and Anonymous Information.

5.1 Logs; IP Addresses.

Either directly, or through our Service Provider, we may automatically receive and record information in our server logs from your browser, including your IP address (the Internet address of your computer), your computer’s name, the type and version of your web browser, referrer addresses, where the computer is routing from, and other generally-accepted log information. We may also record page views (hit counts) and other general statistical and tracking information, which will be aggregated with that of other users in order to understand how our Platform is being used and for security and monitoring purposes.

5.2 Computer Configuration.

We may collect certain Anonymous Information in order to determine whether your computer is supported by our system. This information includes, but may not be limited to, your operating system and browser, the presence of any software that our Platform may require to operate with your computer, or other third party software on your computer. This information is kept strictly confidential and is not shared with third parties, except as provided for in this Privacy Policy.

5.3 Cookies.

A cookie is a small amount of data that is sent to your browser from a website’s computers and stored on your computer’s hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. For example, we may include cookies on our Website and use them to recognize you when you return to our Platform. You may choose not to accept cookies; however, you may need to enable cookies if you wish to access certain personalized features of our Services.

5.4 Tags.

We may use so-called “pixel tags” – small graphic images (also known as “web beacons” or “single-pixel gifs”) – to tell us which parts of our Platform have been visited or to measure the effectiveness of searches customers perform on our Site. Pixel tags also enable us to send email messages in a format customers can read, and they inform us whether emails have been opened, to help ensure that our messages are of interest to our customers. You can “opt-out” of receiving these types of emails from us by following the directions provided in Section 12 (Your Choices Regarding Your Personal Information; Opting Out). As noted above, any Personal Information collected using such tools will be subject to the terms of this Privacy Policy.

5.5 Click-Throughs.

We may send email messages, which use a “click-through URL” linked to content on our Platform. When you click one of these URLs, you pass through our web server before arriving at the destination web page. We track this click-through data to help determine interest in particular topics and to measure the effectiveness of our customer communications. If you prefer not to be tracked simply do not click text or graphic links in the email, or notify us in accordance with Section 12 (Your Choices Regarding Your Personal Information; Opting Out).

6. How We Use this Information.

We use the information we collect or process, including Anonymous Information, Online Activity Information, and Personal Information, as permitted under applicable law and consistent with the terms of this Privacy Policy. More specifically, we use the information we collect for the following purposes:

  • We will use the information you share with us to provide you with Services you request, and to act on your choices about sharing information with individuals and entities.
  • We will use your contact information to communicate with you about your account and our Services, such as to respond to your inquiries, comments, or complaints that you provide to us. We will not disclose PHI in emails; instead, we may send an email asking you to log into your account.
  • We will create aggregated and/or de-identified statistical, information about our users or their web usage and may disclose this statistical information when appropriate. These statistics will be aggregated and adhere to the HIPAA requirements.
  • We will only share your Personal Information with individuals, other applications, or websites, health care providers, or payers at your direction.
  • We will not use or disclose any of your Personal Information for marketing purposes, or to serve you ads related to your health, unless you specifically and explicitly consent. You also may withdraw your consent to future offers or ads at any time.
  • To allow you to post or provide Submitted Content and participate in surveys and questionnaires.
  • To process payments you make with respect to our Services.
  • To customize, enhance, and enrich your visit to and use of the Platform.
  • To consider your submittals and other expressions of interest in connection with our career opportunities.
  • To determine which content or information (including, if applicable, our newsletter) might interest you and, upon making this determination, to provide you with the associated information.
  • To track access to, and use of, our Platform, and conduct data and other analyses, including anonymization and aggregation of Personal Information.
  • To perform internal administration, auditing, operation, and troubleshooting for our Platform.
  • To perform analytics, quality control, market research, and to determine the effectiveness of our Platform.
  • To evaluate and improve our Platform, and our communications, and to develop and test new services and content.
  • To engage in the activities specified in Section 7 (How We May Disclose this Information).

We may also use information we collect as we believe to be necessary or appropriate for certain essential purposes, including to: (i) comply with applicable law and legal process; (ii) respond to requests from public and government authorities; (iii) detect, prevent, or investigate potential security incidents or fraud; (iv) provide important safety information; (v) facilitate the functionality of our Platform; (vi) enforce our terms and conditions; (vii) protect our operations or those of our affiliates; (viii) protect our rights, privacy, safety or property, security and/or that of our affiliates, you, or others; and (ix) allow us to pursue available remedies or limit the damages that we may sustain.

In addition to those uses specifically identified above, there may be instances where you request Services from us that are not described in this Privacy Policy. In our discretion, we can use any information that we have about you in order to provide such information and Services to you.

7. How We May Disclose This Information.

7.1 Your Choices For Information Sharing.

Our Platform is designed to make it easy for you to get your Personal Information from the health care entities that are involved with your care. We also enable you to share this data in various ways – but only if you elect to do so.

It is important to recognize that when you elect to share your Personal Information using our Platform, you are trusting the third party with whom you share to preserve your privacy under their privacy policies. Once you choose to share your Personal Information with a third party via our Platform, the treatment of your Personal Information is governed by the privacy policy of that the third party, and not this Privacy Policy.

We strive to give you meaningful choices about controlling the Personal Information you have provided – whom you let see it, how much, and for how long. Your choices may include:

  • What and how much Personal Information you want to create and store yourself (e.g. symptom logs, exercise records, blood pressure readings, blood glucose logs);
  • What and how much Personal Information about yourself provided by outside sources you decide to store in your account with us (e.g. medical lab results, data provided by applications);
  • What and how much Personal Information, if any, you want to share with friends and family;
  • What and how much Personal Information you want to share with your health care providers, and others only when authorized by you if at all;
  • Changing any of these preferences and choices at any time; and
  • Closing your account at any time.

7.2 Our Service Providers.

Moreover, we engage third parties to perform functions on our behalf, such as maintaining the Platform, collecting information, responding to and sending email or other messages, and other functions useful to our business (collectively, the “Service Providers“). To this end, we may provide our Service Providers with Personal Information, Online Activity Information, and Anonymous Information. The following are examples:

  • We may use Service Providers: (i) to fulfill your requests; (ii) to process and distribute email; and (iii) to manage activities related to our business. These Service Providers generally require access to your Personal Information in order to perform these services.
  • We may use Service Providers to provide customer service (where applicable) or marketing support, such as to process and distribute email. These Service Providers generally require access to your Personal Information in order to perform these services.
  • We may engage Service Providers to analyze the interests and attributes of our users and, using techniques based on Anonymous Information and Online Activity Information, identify others who might share those interests and attributes. We then use this information to reach out to relevant market segments to provide them information concerning the Platform.
  • We may use analytics Service Providers to assist us in understanding and using Online Activity Information and other information that we collect via the Site. A service we use in this regard is Google Analytics, and information concerning how Google uses the information is available at https://policies.google.com/privacy/partners. Opt-out options specific to Google Analytics are available at https://tools.google.com/dlpage/gaoptout.
  • Our Platform may include links to third party website offering services that augment our Services.
  • We may use Service Providers to anonymize and aggregate Personal Information in order to generate Anonymous Information.

We require our Service Providers to contractually commit to protect the privacy and security of the Personal Information they process on our behalf.

7.3 Questions of Harm; Legal Process.

We may disclose your Personal Information and Online Activity Information to third parties, including law enforcement agencies, attorneys, and private investigator organizations, where it is necessary, or where we have a good faith belief that it is necessary to: (i) comply with legal process; (ii) protect and defend our rights and property, including the Platform and associated content; (iii) protect against misuse or unauthorized use of our Platform; (iv) protect the personal safety or property of users or the public, including your personal safety or property (it being understood that we assume no duty to provide, or monitor the need for, such protections); and (v) cooperate with public and government authorities including, where required, authorities outside your jurisdiction. While you are not able to opt out of this use of information, we will take reasonable steps to limit such use, and disclose only the information we reasonably believe is necessary for the above purposes. If we receive legal process calling for the disclosure of your Personal Information, then we will attempt to notify you within a reasonable amount of time unless such notification is not permitted.

7.4 Corporate Transactions.

We shall be entitled to transfer information that we collect (including Personal Information) to a third party in connection with or in contemplation of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition (including a disposition in connection with a bankruptcy or similar proceedings) of all or substantially all assets or stock of the business unit or division responsible for the information under this Privacy Policy; provided the acquiring third party has agreed to safeguard your Personal Information with protections that are compatible with those set out in this Privacy Policy.

7.5 Our Affiliates.

We may choose to rely on and share the information we collect with our affiliates. By “affiliate” we mean an entity that is closely related to us, such as an entity that controls, is controlled by, or is under common control with us. Our affiliates will be bound by the terms of this Privacy Policy.

8. Disclosing Personal Information Where it is Not Specifically Requested.

If we have not specifically asked for your Personal Information, for example, in a particular portion of an online form, then you should not provide any Personal Information in that portion of the form.

9. Our Retention of Personal Information.

We retain Personal Information for the period of time necessary to fulfill the purposes for which we obtained the Personal Information and consistent with applicable law. We use the following criteria to set our retention periods: (i) the duration of our relationship with you; (ii) the existence of a legal obligation as to the retention period; and (iii) the advisability of retaining the information in light of our legal position (for example, in light of applicable statutes of limitations, litigation, or regulatory investigations).

10. Accuracy and Minimization of Personal Information.

We take reasonable steps (i) to maintain the accuracy of the Personal Information we process, and (ii) to limit the Personal Information that we process to that which is reasonably necessary for the purposes for which we obtained the information.

11. Accessing and Updating Your Personal Information

You can view the information you or others have submitted into your active account with us at any time. If you would like to review, correct, or update the Personal Information that you have provided to us, or if you would like to request an electronic copy of this Personal Information you may do so through the Platform, or make requests to us by contacting us as provided in Section 18 (Contact Us).

12. Your Choices Regarding Your Personal Information; Opting Out.

12.1 Deletion of Personal Information.

You may request that we delete your Personal Information, or to deactivate or close your account with us. Note that deletion requests are subject to a number of limitations, for example, we may keep Personal Information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, to process transactions and facilitate you requests, and for other internal business purposes consistent with the terms under which it was collected. Please also note that if you delete your information from your account with us, or deactivate or close your account entirely, it becomes inaccessible by you and cannot be viewed by anyone else through our Platform. Lastly, if you have already shared your information through our Platform with a third party – such as an individual, health care provider, or other entity, and that third party has already saved that information in their own system, such information will persist in their records and you will need to contact the third party to request the deletion of such information from their records.

12.2 Unsubscribing to Marketing Communications.

If you no longer wish to receive bulletins, updates, or other marketing-related materials from us, you can opt out of this Service by either (i) following the “unsubscribe” instructions located near the bottom of each email message, or (ii) contacting us as provided in Section 18 (Contact Us).

12.3 Response to Requests.

Please be advised that Onyx will fulfill these requests in its reasonable discretion and in a manner consistent with any applicable law. Likewise, we will aim to complete such requests as soon as reasonably practicable and in a manner consistent with any applicable law. If you otherwise have concerns or objections with our processing of your Personal Information, please contact us as provided in Section 18 (Contact Us).

13. Security.

We have implemented reasonable technology and security features appropriate to the sensitivity of the information, including the use of encryption, to safeguard the privacy of your Personal Information from unauthorized access or improper use. We are committed to keeping personal information secure. We impose controls that limit internal access to your information. While online data can never be 100% secure, we work to protect your personal information from loss, misuse or unauthorized access, alteration or destruction by maintaining appropriate physical, technical, and administrative security standards and procedures to safeguard our data systems. For example, when you transmit Personal Information to us, such as your name or contact information, may be protected by: (i) an Internet connection using secure socket layer (SSL) technology; (ii) encryption during transmission to make your information unreadable as it passes over the Internet; (iii) encryption of your data at rest to make your information unreadable indirectly through the system’s backend; and (iv) use of a unique user name and password for each user. We also educate our employees on the importance of our privacy and security policies, and we require that they comply with those policies.

14. Notice of Privacy Rights to California Residents

California law requires certain businesses to respond to requests from California users who ask about business practices related to disclosing Personal Information to third parties for direct marketing purposes. The California “Shine the Light” law further requires us to allow California residents to opt out of certain disclosures of Personal Information to third parties for their direct marketing purposes.

15. Advisory Regarding Participation by Children and Teens.

Children under the age of 13 may not create an account with us or use our Platform. We do not knowingly collect or solicit Personal Information from individuals that we know to be under 13 years old; if you are a child under 13, please do not attempt to use the Service or send any Personal Information about yourself to us. If we learn we have collected Personal Information from a child under 13, we will delete that information as quickly as possible. If you are between 13 and the applicable age of majority, please review this Privacy Policy with your parent or guardian. If you wish further information concerning privacy policies in general, and concerning online social networking and safety, please visit the following website: http://www.ftc.gov/privacy/index.html.

16. Changes to this Privacy Policy

From time to time, we may change this Privacy Policy for our business purposes and to comply with changes in applicable law. In the event of substantive or material changes, we will communicate these changes to you in advance by posting the updated Privacy Policy on the Platform and/or notifying you of the change via the Platform, email, or other methods, and provide you with a reasonable period of time to review the changes before the changes become effective. Your subsequent acceptance of the Privacy Policy pursuant to Section 2 (Your Consent to this Privacy Policy) constitutes your agreement to be bound by the Privacy Policy, as updated.

17. Feedback.

We want your feedback. If you have a suggestions on how we can improve our Services or complaints you would like us to address, please contact us at the address set out in Section 18 (Contact Us). If you are a California resident, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs. Other states may provide similar avenues for lodging complaints. Please check with your state’s consumer protection authority.

18. Contact Us.

We welcome your comments. If you have any questions or concerns about our Privacy Policy, our information practices, technical or general support, please contact us at Info@onyxhealth.io.

19. Do Not Track Notice.

Our Website does not change its behavior when receiving “Do Not Track” signals from browser software.

20. Relationship to Other Contracts and the Terms of Use.

This Privacy Policy must be read in conjunction with any agreement entered into by you and us that references this Privacy Policy or that otherwise relates to Personal Information (collectively, the “Other Contracts“), as well as our Terms of Use. The provisions of such Other Contracts are incorporated herein. To the extent that the Terms of Use conflict with this Privacy Policy, this Privacy Policy shall control. To the extent that the Other Contracts conflict with this Privacy Policy or the Terms of Use, the Privacy Policy shall control with respect to our treatment of Personal Information.

21. International Considerations.

Our Services are intended for use within the United States. While our primary data centers are in the United States, we may transfer information outside of the United States. In addition, we may employ Service Providers, other companies, and other individuals to perform functions on our behalf. If we disclose Personal Information to a third party or to our employees outside of the United States, then we will seek assurances that any information we may provide to them is safeguarded adequately and in accordance with this Privacy Policy. By providing your Personal Information, you consent to any transfer and processing in accordance with this Privacy Policy and understand that we operate under applicable laws within the United States.

22. Effective Date.

The effective date of this Privacy Policy is June 26, 2020.

23. COPYRIGHT AND LEGAL NOTICE.

Copyright © 2020 Onyx Technology LLC. All Rights Reserved.