Privacy Policy

PRIVACY POLICY

Last updated: Oct 10, 2020

SCOPE

This Privacy Policy is entered into by and between you and MyBodySite LLC dba BodySite.com (“BodySite”). This policy (together with our Terms of Use ) is presented to you in order to help you make an informed decision about using this website and the services provided by BodySite and to explain to you what information we collect, how we store that information, and how we may use it. By using BodySite.com, or any other BodySite website, app or service on which this policy appears (collectively the “BodySite Services”), you are consenting to have your Personal Information (defined below) and non-personally identifiable data transferred to and/or processed in the United States in accordance with the terms of this Privacy Policy. Please do not use the BodySite Services if you do not agree with this policy and any other policies listed on or within the BodySite Services.

“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, e-mail address, phone number, social security number, and insurance-issued ID numbers.  “Personal Information” also includes identifiable health information collected about you.  However, “Personal Information” does not include any information or data which has been anonymized so that it does not allow a third-party to identify a specific individual.

“Protected Health Information”, as defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), 45 C.F.R. Parts 160, 162, and 164, means information, including demographic information, which relates to an individual’s past, present, or future physical or mental health or condition or the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual.

ABOUT BodySite

BodySite licenses software to health service providers who may use the BodySite Services to provide education and digital health guidance and support to patients, monitor patient health through wearable technology and patient self-reporting, manage patient progress, collect payments, and provide other healthcare related services.  BodySite acts as a service provider for health service providers and does not own or control the data or any Protected Health Information submitted to us through the BodySite Services.  The information that is submitted through the BodySite Service will be held subject to the requirements of our health service provider clients and applicable law, such as the Health Insurance Portability and Accountability Act (HIPAA).

PLEASE NOTE: This Privacy Policy does not reflect the privacy practices of BodySite’s health service provider clients and BodySite is not responsible for our clients’ privacy policies or practices.  BodySite does not review or monitor our health service provider clients’ privacy policies or their compliance with their respective privacy policies, nor does BodySite monitor our clients’ compliance with applicable law.

INFORMATION WE COLLECT FROM YOU

Non-Personally Identifiable Information

When you use the BodySite Services, we may collect certain non-personally identifiable information. This may include your browser information (including browser type, browser version, host operating system, and browser language) and your IP address. We use this information to help diagnose problems with our servers and for other administrative purposes.

In addition, aggregate traffic information may also be compiled by the BodySite Services from this non-personally identifiable information. We may use this data for improving the features offered by the BodySite Services.

Personal Information

We may collect information, including Personal Information and Protected Health Information, about you:

when you register to use the BodySite Service;

when you interact with and use the BodySite Service;

when you provide Personal Information to your health service provider;

when you upload an image, document, or any other data to the BodySite Service;

when provided by your health service provider to us;

from third parties when you or your health service provider directs us to gather information from them; and

when you communicate with us.

Payment Information: Additionally, when you make payments through the BodySite Service, you may need to provide financial account information, such as your credit card number, to our third-party payment processor, Stripe, Inc.

BodySite’s Use of Cookies

We use cookies on the BodySite Services.  By using the BodySite Services, you accept the use of cookies in accordance with this Privacy Policy. If you do not accept the use of these cookies, please disable them following the instructions in this Privacy Policy.

We primarily use two different types of cookies on this website: (1) Strictly Necessary Cookies and (2) Analytics Cookies:

Strictly Necessary Cookies:

These cookies are essential in order to enable you to move around the website and use its features and services, such as accessing secure areas of the website.  These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.

Analytics Cookies:

These cookies collect information about how visitors use a website, for instance, which pages visitors go to most often, and if they get error messages from web pages.  These cookies do not collect information that identifies you. All the information that these cookies collect is anonymous and is used only to improve a website’s services.

Managing Cookies. You can enable, disable or delete cookies within your browser. In order to do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” menu).  Disabling a cookie or category of cookie does not delete the cookie from your browser; you will need to do this yourself from within your browser by choosing the option to delete cookies.  If you have disabled one or more analytics cookies, we may still use information collected from cookies prior to your disabled preference being set, however, we will stop using the disabled cookie to collect any further information.

USE OF INFORMATION COLLECTED

Primary Purpose of Information Collected

The information and data collected through the BodySite Services, including Personal Information and/or Protected Health Information, is primarily used for the purposes of:

providing you the products and services you request;

notifying you about changes to our service and policies; and

communicating with you.

Other Uses

BodySite may also use the information we collect about you, including Personal Information, for the following purposes:

Communications.

We may periodically contact you using information supplied to the site (e.g. to provide newsletters or marketing information on new products and services).  You may opt out of receiving marketing communications by clicking on the unsubscribe link at the bottom of such emails. Certain communications, such as those regarding changes to our policies or changes to services you have purchased, you may not opt out of.

Surveys and Ratings.  BodySite may make the content of any survey or ratings you provide public.  BodySite will notify you in advance how it will use any survey or rating feedback in such request for this information.

Anonymized and Aggregate Data.

BodySite may anonymize and aggregate any data collected through the BodySite Service, and use it for business or research purposes.  For example, we may use such anonymized and aggregate data for evaluating the performance of content and features provided through the BodySite Service.

DISCLOSURE OF PERSONAL INFORMATION

Vendors and Service Providers

We may share any information we receive with vendors and service providers retained in connection with the provision of the BodySite Service.  When Protected Health Information  is shared, as such term is defined by HIPAA, our vendors and service providers will be bound by appropriate business associate agreements as required by HIPAA.

Display or Disclosure to Health Service Providers and Others

The content you provide to the BodySite Service may be displayed on the BodySite Service or disclosed to others at your direction.  Your health service provider (including your health service provider’s staff), will have access to certain account information, including Personal Information and Protected Health Information.  For example, when you enter biometrics or activity information, manually or through wearable technology, send private messages and/or share journal entries, your provider will be able to see your name, contact information, as well as any other health information you have provided. However, your health service provider will not have access to (i) any payment information, such as your credit card number, or (ii) your account password.  You may also be permitted to share the content of your health records with third-parties.  BodySite is not responsible for the privacy practices of others who may view and use the information you disclose to others.

Marketing and Advertising

BodySite does not rent, sell, or share Personal Information about you with other third-parties or non-affiliated companies for their marketing or promotional purposes.

When Required by Law.

BodySite reserves the right to disclose your Personal Information, without prior notice to you, as required by law or when we believe that disclosure is necessary to comply with a law, regulation, or any legal request (e.g. court order or subpoena).  Furthermore, we may share your Personal Information when we believe it is necessary to address fraud or other illegal or prohibited activity perpetrated through the BodySite Services, or to prevent imminent bodily harm.

Merger, Sale, or Other Asset Transfers

If BodySite is involved in a merger, acquisition, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.  We cannot control how such successor entities may use or disclose such information.

With Your Permission

BodySite may disclose your Personal Information according to your instructions and with your permission.

ACCESS AND CORRECTION OF PERSONAL INFORMATION

With respect to most information collected, BodySite obtains your personal information on behalf of a health service provider.  To request access to, correction, amendment, or deletion of such Personal Information and/or Protected Health Information, please first contact the health service provider to which the information was provided.  If the health service provider is unable to resolve your request, and for all other inquiries regarding your Personal Information, please contact: info@BodySite.com.

SECURITY

We have implemented reasonable measures to protect the information we collect and store (e.g. hashed user password and SSL encryption), taking into consideration the types of risks we face and the reasonable protections available to us. No method of protecting information is 100% secure, and we cannot guarantee its absolute security. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your data, we take steps to ensure security on our systems and/or on the systems of our service providers. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards.

BodySite provides its services to health service providers, and when we process, receive or transmit Protected Health Information on behalf of such health service providers, we are acting as a “business associate” to them as regulated by HIPAA. Therefore, BodySite has adopted and maintains appropriate physical, technical and administrative policies and procedures to safeguard and secure the Protected Health Information we process, transmit or receive. We also will not access, use, or disclose the Protected Health Information except as permitted by health service provider clients, you, and/or applicable law, including HIPAA.  BodySite takes the privacy of its customers seriously, and strives to protect the privacy of the Personal Information it processes, and to avoid any inadvertent disclosure.

If BodySite learns of a security system breach affecting personal information and/or Protected Health Information, BodySite maintains a breach notification policy pursuant to Business Associate Agreements it may have with a health service provider clients and/or  consistent with applicable law.

By using the BodySite Service or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the BodySite Service.

Additional Limits on Use of Your Google User Data:

Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App’s use of that data will be subject to these additional restrictions:

– The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
– The App will not use this Gmail data for serving advertisements.
– The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.

INTERNATIONAL USERS

Access to and use of the BodySite Service is administered in the United States and is intended for users within the United States.

PLEASE NOTE:  If you are using the BodySite Service from the European Union or other regions with laws governing data collection and use, you are agreeing to the transfer of your information to the United States for processing. By providing you information to BodySite you consent to any transfer and processing in accordance with this Privacy Policy.

PRIVACY PRACTICES OF THIRD PARTIES

When you click on links to websites or applications outside of the BodySite Services, third parties may place their own cookies or other technological devices on your Internet browser or device.  We have no control over these third parties and no responsibility for the technologies they employ.  To learn how a particular web site collects and uses your information, you should read the privacy policy of that website.

PRIVACY OF CHILDREN

BodySite does not knowingly collect information from anyone under the age of 13. If we are made aware that we have received information from anyone under the age of 13, we will promptly locate and remove that information from our records.

YOUR CALIFORNIA PRIVACY RIGHTS

Under California’s “Shine the Light” law, California residents have the right to receive information from us regarding categories of Personal Information we shared with third-parties for their direct marketing purposes during the previous calendar year, if any. This information will be provided free of charge, once per calendar year upon request.  To request this information please email [info@BodySite.com] with the subject line “Request for California Privacy Information”.  We will respond to such written requests within 30 days following receipt at the e-mail or mailing address stated above.

CHANGES TO PRIVACY POLICY

We may modify this Privacy Policy at any time, and the revised version will be effective when posted.  If you are concerned about how your Personal Information is used, please review this Privacy Policy periodically. If we make material changes to this policy, including and new uses of your Personal Information not already disclosed in our Privacy Policy, we will notify you here at http://www.BodySite.com/privacy/, and make reasonable efforts to notify you by email or by means of a notice on our homepage. The date of the most recent revisions will also appear on this page. Changes are effective immediately upon posting. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your interactions with the BodySite Service.

QUESTIONS

For questions or concerns regarding this Privacy Policy please contact: info@BodySite.com. For our HIPAA compliance statement, click here.