Veta Health offers care pathways via a secure, Internet-based software Platform that facilitate care coordination through data sharing. This Policy applies to anyone accessing our Service (collectively, “You”), including (a) casual visitors to our Site who are not registered to use our Platform and (b) individuals who have registered to use our Platform, including patients, care partners, healthcare providers, and health organizations (collectively, the “Users”), as defined below:
- Patients use the Service to participate in their personal health management and to facilitate care coordination through data sharing (a “Patient”).
- Care partners are authorized by a Patient or Healthcare Provider to use the Services to contribute to and monitor the Patient’s health (a “Care Partner”).
- Healthcare organizations, including hospitals and health systems, utilize our Services to streamline workflows and improve care efficiency and outcomes (collectively, a “Health Organization”).
- Clinicians, physicians, and/or pharmacists (collectively, a “Healthcare Provider”) utilize the Service to track and improve patient health outcomes.
By using the Site, Service, and/or Platform, you agree to the terms and conditions of this Policy. This Policy is incorporated and made part of our Terms of Service. Therefore, terms used in this Policy that have been previously defined will have the same meanings as provided in our Terms of Service, as applicable.
IMPORTANT NOTICE ABOUT YOUR HEALTH INFORMATION. As a User, you should understand that much of the Personal Data you provide may be related to your health, including diagnoses, x-rays, and conditions. VETA HEALTH IS NOT A HEALTHCARE PROVIDER. Veta Health is a business that facilitates the reviewability and portability of your health information. The Platforms are convenience tools, not substitutes for consultation with a healthcare provider.
What Information Do We Collect?
Personal data refers to information that alone or in combination with other information may be used to identify, locate, or contact a specific person (“Personal Data’’). We act as the controller for Personal Data that you provide when you use the Service. While using our Site and/or Services, we may ask you to provide us with certain Personal Data and may include, but is not limited to:
- Name, Contact, and Demographic Data. We may collect information such as your name, date of birth, gender, email address, phone number, physical address, and company information.
- Account Data. We may collect information from you if you register as a User to our Services, such as your username and password.
- Health and Wellness Data. We may collect information related to your wellness background such as weight, height, medication history, hospitalizations, conditions/diagnoses, laboratory results, and other health-related information in order to provide the Service (collectively, “Health and Wellness Data”).
- Protected Health Information (Users in the United States). Unless otherwise established in an agreement between Veta Health and a Covered Entity (i.e., a doctor, pharmacy, or insurer), as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), Veta Health does not collect Protected Health Information (“PHI”) as defined under HIPAA. HIPAA provides for certain privacy and security requirements relating to the use and disclosure of PHI. Personal Data that Users provide to us is generally not PHI and therefore not subject to HIPAA. Regardless, your Personal Data will be handled in accordance with this Policy. Any PHI we receive from your Healthcare Provider or Health Organization will be handled in accordance with the provisions of HIPAA and the business associate agreement between your Healthcare Provider and/or Health Organization and Veta Health.
- Special Categories of Personal Data (Users in the European Union). Veta Health only processes personal data related to the physical or mental health of a natural person (“Data Concerning Health“) in line with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR“). This means, inter alia, that Veta Health only processes Data Concerning Health if the data subject has given his or her explicit consent and Veta Health can rely on a legal ground for processing.
- Cookies and Similar Technologies. We may collect certain Personal Data using cookies and other technologies, such as web beacons, device IDs, geolocation, cookies, and IP addresses. We specifically use browser cookies for different purposes, including cookies that are used for functionality and cookies that are used for personalization, performance/analytics, and advertising. For more information, see the section titled “Information We Collect through Automated Tools” below.
- Anonymous Data. We may de-identify your Personal Data and aggregate that de-identified information with other de-identified information collected through the Platforms. We may use de-identified data and share it with third parties to enhance or develop our Platforms, our other products and services, and our business operations for marketing, to conduct research and analysis, or for other lawful business purposes.
Non-personal data refers to information that may not by itself be reasonably associated with, linked to, or used to individually identify you; for example, general, non-specific information regarding your use of the Service or derived from the information that you provide to us through the Service (“Non-Personal Data”).
Information We Collect Through Automated Tools
- Usage Data. We may collect certain information regarding your use of the Service, such as the domain name and the name of the web page from which you entered the Service, when you click on a page or other resources, how much time you spend on each of our pages, and your IP address. An IP address is a number that is assigned to your computer when you are using your browser on the Internet.
How Do We Collect Personal Data?
Personal Data that we collect and process depends on how you use our Service. For example, if you visit our Site, we might collect Personal Data through analyzing techniques. If you choose to create a profile or register with us, you will be asked to provide Personal Data which will be associated with your health information and profile information.
When You Register as a User or Otherwise Utilize Our Service
We may collect Personal Data when you to register as a User, which may include, but is not limited to your name, physical address, email address, phone number, username and password. Through your use of our Service, the Patient, Care Partner, Healthcare Provider and Health Organization may disclose Personal Data about the Patient, which may include Personal Health Data.
When Another User Invites You to Utilize Our Service
If you are a Patient of a Healthcare Provider who has subscribed to the Service, we may collect Personal Data about you from your Healthcare Provider who invites you to use the Platform. This may include, but is not limited to your name, physical address, email address, and phone number. Contingent upon your and your Healthcare Provider’s consent, we may collect information directly from your personal health record, such as PHI and/or Data Concerning Health (cumulatively, “Personal Health Data”), maintained by your Healthcare Provider to help us build your health profile and to provide you the appropriate Services.
If you are a Care Partner, we may collect Personal Data from the User who invites you to use the Service, including, but not limited to your name, physical address, email address, phone number, and your relationship to the Patient.
If you are a Healthcare Provider, we may have Personal Data about you from your Healthcare Organization of which you are an employee or agent. We cannot warrant or guarantee the accuracy of this information.
When You Contact Us or Subscribe to Our Mailing List
We may collect Personal Data such as your name, email address, and other contact information when you communicate with us, including when you submit information through the Site or contact us to ask us questions. We may also collect Personal Data when you subscribe to our mailing list, including newsletters, updates, white papers, or other information and content. If you receive emails from us, we may use certain analytics tools to capture data, such as when you open our email or click on any links or banners our email contains. This data helps us to gauge the effectiveness of our communications and marketing campaigns.
When We Collect Data from Third Parties
From time to time, we may use or augment your Personal Data with information obtained from third parties. For example, we may use third-party information to confirm contact information, verify eligibility, or to better understand your interests based on demographic information. If you choose to link your Veta Health account to other devices or services such as smart devices, wearables, or other health monitoring devices, we may collect information to your use of such services or devices. We may combine Personal Data with data we obtain from our Services, other users, or third parties, such as Health and Wellness Data, to enhance your experience and improve the Services. If these services or devices are administered by a third-party, the applicable information practices are the responsibility of that third-party. We cannot warrant or guarantee the accuracy of this information.
We need to process your Personal Data as necessary to pursue our legitimate interest of providing the Services to you (including marketing, advertising, research and an analysis of our Platforms and Services) and to fulfill our contractual obligations to you and our customers. You will be asked to provide Personal Data in certain fields that allow you to use our Service. The Personal Data we collect is used only for the purpose we state at the time of collection or may include, but are not limited to, the following:
We may use Personal Data in order to provide our Platform or Service, other than in performing our contractual obligations to you, for our “legitimate interests” for the purposes of applicable law, except where our interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our legitimate interests may include:
- To maintain the Site and provide the Service, including for technical support, to facilitate the provision of the Service to you.
- To administer your User account and Service, including to verify your identity and to authenticate and authorize access to the Site and Service.
- To communicate with you regarding the Service, including to send you communications on behalf of Healthcare Providers and to provide you important notices regarding Service updates, this Policy, and our Terms of Service.
- To provide customer support and address and respond to your requests, inquiries, and complaints.
- To develop, provide, and improve the Site and Service, including to better tailor the features, performance, and support of the Site and Service (including cookies and similar technologies), and for statistical and analytical purposes.
- To periodically send you promotional emails about new products, special offers, or other information which we believe may be of interest to you.
- To contact you for market research purposes (via your email address and/or addresses, phone number, facsimile number, or regular mail).
- To protect the security of our Service, servers, network systems and databases or to protect our users and affiliates against liability or harm.
- To implement and enforce our Terms of Service, this Policy, or agreements with third parties.
- To respond to subpoenas, judicial processes, or government requests or investigations.
For the Performance of a Contract
We may use Personal Data to perform our contractual obligations, including:
- To provide you with the Service.
- To communicate with you (via your cell phone number, in-app messaging, or push-notifications) regarding the Service, including to send you communications on behalf of Healthcare Providers.
- To provide your information to Users in a manner consistent with federal and local laws.
- To provide your Personal Data to our service providers.
- For internal record keeping purposes related to purchases and transactions.
To Comply with Legal Obligations
We may use Personal Data to respond to subpoenas, judicial processes, or government requests or investigations. Additionally, for internal record keeping purposes related to purchases and transactions.
In some cases where we are not already authorized to process your Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:
- Special Categories of Personal Data. We may need to collect certain special categories of Personal Data from Users, such as Personal Health Data, in order to provide the Service. We will only process your Personal Health Data with your explicit consent as required by law, which is obtained separately when you register for our Service and then log-in to specific tools that utilize our Service.
- Marketing. To periodically send you promotional emails and/or text messages about new products, special offers or other information which we believe may be of interest to you and for other marketing purposes. You can adjust your communication preferences in your Veta Health account settings or by unsubscribing to our marketing emails.
We may disclose Personal Data that we collect, or you provide as described in this Policy:
- Authorized Users. If you choose to allow Veta Health to share information with others, we may use your Personal Data to communicate with others in order to provide the Service at your request. For example, when a Patient communicates with us or submits information through the Service, we may share that information with the Patient’s Care Partner and/or Healthcare Provider to enable them to communicate with the Patient and provide the Service. We will only process your Personal Health Data with your explicit consent as required by law, which is obtained separately when you register for our Service and then log-in to specific tools that utilize our Service.
- Analytics. We use third-party solutions to help us understand how visitors use the Site and to evaluate usage trends.
- Service Providers and Business Partners. To contractors, service providers and other third parties we use to support our business. If these third parties act as a processor, we will enter into a business associate agreement or data processing agreement. We have taken appropriate measures to ensure that your Personal Data will only be processed for the purposes stated in this Policy and in accordance with applicable laws.
- Social Media. We may use widgets and tools from social networks to enable sharing and other functions through social networks.
- Business Transactions. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all Veta Health’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding.
- Pursuant to Legal Process. To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- Protection of Rights and Interests. If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Veta Health, our customers or others.
- To enforce or apply our Terms of Service and other agreements.
We may use or disclose the Non-Personal Data we collect and obtain for any lawful business purpose without any duty or obligation of accounting otherwise to you, provided that the information remains Non-Personal Data.
How Do We Protect the Information We Collect?
We implement technical and organizational security measures designed to safeguard Personal Data. However, the security of information stored and transmitted through the Internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the Internet or, depending upon where you are located, for changes to or losses of data.
Users are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our Platforms. In order to protect you and your data, we may suspend your use of the Platforms, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of the Platforms are restricted to authorized users only. Unauthorized access to such areas is prohibited.
We currently do not support Do Not Track with respect to the Platforms. Other than as disclosed in this Policy, the Platforms Do Not Track Users over time and across third-party websites to provide targeted advertising. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us.
Data Subject Rights
Data subjects in the European Economic Area, European Union, and certain other jurisdictions have certain rights under applicable data protection law, including the right to request confirmation from us as to whether we are processing your Personal Data, including Data Concerning Health.
Where we are processing your Personal Data, you have certain rights under applicable data protection laws. These may include the right to:
- Request access to, modification or rectification, or erasure. You may have the right to access your Personal Data, correct inaccuracies in your Personal Data, and request the erasure of your Personal Data.
- Request restriction of processing. In certain circumstances, you may have the right to restrict the processing of your Personal Data.
- Object to processing. In certain circumstances, you may have the right to object to our processing of your Personal Data, such as a request to stop the processing of your Personal Data for marketing purposes. To opt-out of marketing communications, please see the instructions in the “Withdrawing Your Consent” section of this Policy.
- Data portability. In certain circumstances, you may have the right to receive Personal Data concerning you that you provided to us and request that we transmit your Personal Data to another data controller.
- Lodge a complaint. You have the right to lodge a complaint with a supervisory data protection authority.
To exercise your rights, you may send an email to firstname.lastname@example.org. As permitted by law, certain data elements may not be subject to access, modification, erasure, restriction, and/or portability. We will make reasonable efforts to respond to and accommodate requests as soon as practicable and as required by law. To protect your privacy and security, we may take steps to verify your identity in order to respond to your request.
Please note that some information is sent by your Healthcare Provider or Health Organization, and therefore is not under our direct control. Questions or concerns about your medical record or Personal Health Data provided to Veta Health by your Healthcare Provider or Health Organization should be directed to either, respectively. Such information is not under the direct control of Veta Health.
Withdrawing Your Consent
Where the basis of processing is legitimate interest, you have a right to object to the processing of your Personal Data. Please note that, subject to applicable law, we may continue to process your Personal Data even where you object if there are compelling legitimate grounds for processing that override your interests and rights, or where processing is necessary to establish, exercise, or defend legal claims.
If we are relying on your consent to process your Personal Data, you have the right to withdraw your consent you provided for the processing of your Personal Data at any time by contacting us at email@example.com with “Withdraw Consent” in the subject line, provided that we are not required by applicable law or professional standards to retain such information. Please note that if you withdraw your consent, we will not be able to provide you with access to the Platforms and Services.
We will not use your Personal Data to send commercial or marketing messages to you unless we have your consent or other lawful basis to do so. If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you can do so at any time by clicking on the unsubscribe link in the emails that we send or by sending an email to firstname.lastname@example.org with “Opt-Out Request” in the subject line. Likewise, should you opt-in to receiving text messages from us or our affiliates, you can also opt-out at any time by following the instructions or contacting us. For more information on text messaging, please review our Terms of Service. Please be advised that you may not be able to opt-out of receiving certain messages from us, including legal notices.
Data Concerning Minors
We understand the importance of protecting the privacy of all individuals, especially the very young. Our Platform is intended for audiences over the age of 18 and subscribing to our Service is restricted to adults who are either 18 years of age or older or as otherwise legally defined. We neither target nor sell our Services to children under the age of 13, and we do not knowingly collect Personal Data from them. If our Platforms are used in a pediatric setting, all children under the age of 13 require a parent or guardian to register and consent as the primary User.
Transfer of Data to the United States
Veta Health stores the Personal Data it processes about you in the United States. If you are located outside of the United States, the transfer of Personal Data is necessary to provide you with the requested information and Service and/or to perform any requested transaction. We will only transfer your Personal Data using appropriate safeguards, such as standard contractual clauses adopted by the European Commission. By using any portion of the Site, you acknowledge and consent to the transfer of your information to our facilities in the United States.
We will not disclose or share your Personal Data with third parties for the purposes of third-party marketing to you without your prior consent.
Personal Data will be retained for as long as necessary to fulfill the purposes for which we obtained the Personal Data. We will also retain your Personal Data as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We use the following criteria to set our retention periods:
- The duration of our relationship with you.
- The purposes for processing your Personal Data and associated legal bases.
- The existence of a legal obligation as to the retention period.
- The advisability of retaining the information in light of our legal position.
Updates to this Policy
We may update this Policy from time to time. Your acceptance of any minor changes to this Policy is indicated by your continued use of our Services. If we make any material changes to our Policy, we will message a notice about the change at a prominent location on the Service. We encourage you to periodically review our Site, Platform, and Services and this Policy for any changes.
Last updated: February 12, 2020