Last updated: December 16, 2019
Veta Health, LLC. (“Veta Health,” “Company,” “Us,” “Our,” and “We”) is a service that enables patients to engage in clinically validated care plans with their doctors, care teams, and other healthcare providers.
- For patients, Veta Health provides you with access to your health data, along with interpretation and analytics tools (collectively the “Services”) to help you understand and actively participate in your personal health management.
- For care partners, Veta Health provides a tool to allow family members and/or contributors to be an active participant in the patient’s health.
- For healthcare providers, Veta Health provides a platform to facilitate care coordination through data sharing and to enable remote patient monitoring for improved patient management and engagement.
- For health organizations, Veta Health offers tools designed to streamline workflows and care coordination along with the ability to measure system wide performance to improve care efficiency and outcomes.
This Policy describes
- How Do We Use the Personal Information We Collect?
- What Are Your Data Protection Rights?
- Withdrawing Your Consent
- Retention Period
- Storing and Transferring Personal Information
Information Consumers Provide to Us
For Veta Health to help consumers become active participants in health management, we need to collect certain information about you whenever you interact with and/or use our Services or Platforms. This information includes Non-Personal and Personal Information. For purposes of this Policy:
- “Non-Personal Information” refers to information that may not by itself be reasonably associated with, linked to, or used to individually identify you. For example, general, non-specific Information regarding your use of the Platform or derived from the Information that you provide to us through the Platform.
- “Personal Information’’ refers to information about you that alone or in combination with other information may be used to identify, locate, or contact a specific person and includes: full name, address, phone numbers, email address, medical records or other health data, insurance information, financial and/or payment information (if applicable).
You may provide us with Personal Information when you:
- Request information;
- Contact us;
- Subscribe to our newsletter;
- Register with the Platforms;
- Update your profile.
The information we gather allows us to personalize and improve our Services or Platforms. The information we gather may include, but is not limited to:
- Name, username and password;
- Contact information, including physical address, email address and phone number;
- Medical records and other health data and insurance information.
The information that you provide in each case and on each Platform will vary. In some cases, we may ask you to create a username and password that should only be known to you.
If you are a Patient of a Healthcare Provider who has subscribed to the Services, we collect Personal Information about you when your Healthcare Provider invites you to use the Services. We also collect Personal Information about you when you provide it during the User registration process and as you enter information on our Platforms and/or create a Veta Health account and build your personal profile.
As a consumer, contingent upon your and your Healthcare Provider’s consent, we will collect information directly from your personal health record maintained by your Healthcare Provider to build your health profile. From time to time, we may use or augment your Personal Information with information obtained from Third Parties. For example, we may use Third-Party information to confirm contact information, verify eligibility, or to better understand your interests based on demographic information. If you choose to link your Veta Health account to other devices or services, such as calendars, smart devices, wearables, or other health monitoring devices, we may collect information to your use of such services or devices. If these services or devices are administered by a Third-Party, the applicable information practices are the responsibility of that Third-Party. We cannot warrant or guarantee the accuracy of this information.
IMPORTANT NOTICE ABOUT YOUR HEALTH INFORMATION. As a consumer, you should understand that much of the Personal Information you provide may be related to your health, including diagnoses, x-rays, and conditions. VETA HEALTH IS NOT A HEALTHCARE PROVIDER. Veta Health is a business that facilitates the reviewability and portability of your health information. The Platforms are convenience tools, not substitutes for consultation with a doctor.
If you are an individual authorized by a Patient to use the Services to contribute and monitor the Patient’s health, (“Care Partner”), we collect Personal Information about you, including, without limitation, your name, email address, phone number and your relationship to the Patient.
As a healthcare provider, we may have information about you from your healthcare organization of which you are an employee or agent. We cannot warrant or guarantee the accuracy of this information.
If you are using the Services from the United States (U.S.). Unless otherwise established in an agreement between Veta Health and a Covered Entity (i.e., a doctor, pharmacy, or insurer) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), Veta Health does not collect “Protected Health Information” as defined under HIPAA. HIPAA provides for certain privacy and security requirements relating to the use and disclosure of Protected Health Information. Personal Information that consumers provide to us (such as insurance receipts, grocery lists, etc.) is generally not Protected Health Information and therefore not subject to HIPAA. Regardless, your Personal Information will be handled in accordance with this Policy. Any Protected Health Information we receive from your provider or health organization will be handled in accordance with the provisions of HIPAA and the business associate agreement between your provider or health organization and Veta Health.
If you are using the Services from within the European Union (E.U.). Veta Health only processes personal data related to the physical or mental health of a natural person (“Data Concerning Health“) in line with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR“). This means, inter alia, that Veta Health only processes Data Concerning Health if the data subject has given his or her explicit consent and Veta Health can rely on a legal ground for processing.
Questions or concerns about your medical record, the Protected Health Information or Data Concerning Health provided to Veta Health by your Healthcare Provider or Health Organization should be directed to either, respectively. SUCH INFORMATION IS NOT UNDER THE DIRECT CONTROL OF VETA HEALTH.
Information We Collect Through Automated Tools
We may collect certain information regarding your use of the Platforms such as the domain name and the name of the web page from which you entered our Platforms, when you click on a page or other resources, how much time you spend on each of our pages, and your IP address. An IP address is a number that is assigned to your computer when you are using your browser on the Internet.
- Session cookies. Session cookies last for as long as you keep your browser open (they expire when you close your browser). These cookies contain session identification numbers that allow our systems to calculate each user session for analytical purposes, to recall previous sessions for authentication efforts, and to assemble information from our gathered data.
- Persistent cookies. Persistent cookies expire at a fixed point in time or if you manually delete them from your browser, whichever occurs first.
Cookies cannot pass viruses, harm your computer or pass on private information such as an email address without the computer User’s intervention. You can configure your computer’s browser to alert you when a site is attempting to send you a cookie and allow you to accept or refuse the cookie. Further information on how to prevent cookies from being stored on your device can be found here under the “Manage Cookies” section. Alternatively, you can access further information by going to the help menu within your internet browser. If you do not know how to do this, the links below set out information about how to change your browser settings for some of the most used web browsers:
One trusted Third-Party partner we use is Google Analytics. The Platforms may send aggregated, Non-Personal Information to Google Analytics for the purpose of providing us with the ability to conduct technical and statistical analysis on the Platforms’ performance. To opt-out of being tracked by Google Analytics across all websites, click here.
For consumers located in the E.U. please see the “Additional Privacy Information for Consumers Located in the European Union” section below.
You will be asked to provide Personal Information in certain fields on the Platforms that allow you to use our Services or Platforms. The Personal Information we collect is used only for the purpose we state at the time of collection or for purposes contained below. Our uses may include, but are not limited to, the following:
- We may use your information, including your Personal Information, to provide you with the Services we make available on the Platforms.
- We may use your email address to contact you about new features on the Platforms, or to provide you with other information that is relevant to your use of the Platforms.
- We may use your information for internal record keeping purposes related to purchases and transactions.
- We or our affiliates may periodically send you promotional emails about new products, special offers or other information which we believe may be of interest using the email address provided.
- We may communicate with you through our Veta Health platform or other means enabled by the Services, such as text messages, push-notifications, or in-app messaging.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail.
- We may use your information to customize the Platforms according to your interests.
- We may provide your information to our partner networks or your primary care physician in a manner consistent with federal and local laws.
- We may disclose your information to implement and enforce our Terms of Service.
- We may disclose your information to respond to subpoenas, judicial processes, or government requests or investigations.
- We may use your information to protect the security of our services, servers, network systems and databases or to protect our users and affiliates against liability or harm.
We may de-identify your Personal Information and aggregate that de-identified information with other de-identified information collected through the Platforms. We may use de-identified data and share it with Third Parties to enhance or develop our Platforms, our other products and services, and our business operations for marketing, to conduct research and analysis, or for other lawful business purposes.
For users in the U.S., we will not use your Personal Information to send commercial or marketing messages to you unless we have your consent. For users in the E.U., we will not use your Personal Information to send commercial or marketing messages to you unless we have your consent or some other lawful basis to do so.
You may unsubscribe from our marketing email list, including newsletters or other marketing or promotional messages, notifications, or updates at any time by clicking on the unsubscribe link in the emails that we send or by sending an email to firstname.lastname@example.org. In your request, please make clear that you would like to opt-out with “Opt-Out Request” in the subject line.
- With Your Consent. To provide you with the Platforms and related services or otherwise to fulfill the purpose for which you provide it. In addition, for any other purpose disclosed by us when you provide the information.
- Care Partners. To your family members or caregivers when Users add a family member or caregiver to your account. If you choose to allow Veta Health to share information with others, we may also use your Personal Information to communicate with others at your request. You can adjust your communication preferences in your Veta Health account settings or by unsubscribing to our marketing emails.
- Service Providers and Business Partners. To contractors, service providers and other Third Parties we use to support our business. If these Third Parties act as a processor, we will enter into a data processing agreement with these Third Parties. For example, should you opt-in to receiving text messages, we share mobile phone numbers that you provide to us with a Third-Party vendor to send automated SMS messages to your mobile device.
- To your healthcare provider.
- Business Transactions. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Veta Health’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding.
- Pursuant to Legal Process. To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- Protection of Rights and Interests. If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Veta Health, our customers or others.
We may use or disclose the Non-Personal Information we collect and obtain for any lawful business purpose without any duty or obligation of accounting other wise to you, provided that the information remains Non-Personal Information.
The privacy and the security of your Personal Information is important to us. We have established reasonable and appropriate technical, physical and administrative safeguards designed to protect the information we collect. However, the security of information transmitted through the Internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the Internet or, depending upon where you are located, for changes to or losses of data. Users of the Platforms are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our Platforms. In order to protect you and your data, we may suspend your use of the Platforms, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of the Platforms are restricted to authorized users only. Unauthorized access to such areas is prohibited.
We want to provide you with relevant information that you have requested. We may give you the opportunity to opt-out of having your Personal Information used or shared for certain purposes otherwise permitted by this Policy. Any such communications you receive from us will be administered in accordance with your preferences and this Policy.
If we provide subscription-based services, such as email newsletters, we will allow you to make choices about what information you provide at the point of information collection or at any time after you have received a communication from us while you are subscribed. Any transactional or service-oriented messages are usually excluded from such preferences, as such messages are required to respond to your requests or to provide goods and services and are not intended for the purposes of marketing.
We will not intentionally send you email newsletters and marketing emails unless we otherwise have a lawful basis to do so based on the jurisdiction where you live or unless you consent to receive such marketing information. If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in these e-mail communications, or you may contact us at email@example.com to opt-out. Please note that by opting out or unsubscribing, you may affect other services you have requested we provide to you, in which email communication is a requirement of the service provided.
Likewise, should you opt-in to receiving text messages from us or our affiliates, you can also opt-out at any time by following the instructions or contacting us. For more information on text messaging, please review our Terms of Service.
We do not support Do Not Track with respect to the Platforms currently. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us. Other than as disclosed in this Policy, the Platforms Do Not Track Users over time and across third-party websites to provide targeted advertising.
For consumers located in the E.U., please see the “Additional Privacy Information for Consumers Located in the European Union” section below.
You can change or correct some of your account information at any time. To do so, send an email with your old information and your corrections to firstname.lastname@example.org with “Correction” in the subject line. Veta Health will make reasonable efforts to accommodate your request for correction. Please note that some information in Veta Health is sent by your Healthcare Provider or Health Organization, and therefore not under the direct control of Veta Health. Please direct questions about your medical record, or Protected Health Information to your Healthcare Provider or Health Organization.
For consumers located in the E.U., please see the “Additional Privacy Information for Consumers Located in the European Union” section below.
We understand the importance of protecting the privacy of all individuals, especially the very young. Our Platforms are intended audiences in the United States over the age of 18. We neither target nor sell our products to children under the age of 13, and we do not knowingly collect Personal Information from them. Subscribing to our online service is restricted to adults who are either 18 years of age or older, or as otherwise legally defined.
We will not disclose or share your Personal Information with Third Parties for the purposes of Third-Party marketing to you without your prior consent.
This section applies only to our processing of personal data, or Data Concerning Health, belonging to our Consumers located in the European Economic Area, European Union, and certain other jurisdictions. This section aims to provide increased transparency into our processing, retention, and transfer of such data.
Veta Health is the “data controller” of the Personal Data you submit through the Platforms and Services. We process Personal Data as necessary to pursue our Legitimate Interest of providing the Platforms and Services to you (including marketing, advertising, research and an analysis of our Platforms, Products, and Services), to fulfill our contractual obligations to you and our customers, to comply with our legal obligations, or with your consent.
You will be asked to provide Personal Information in certain fields on the Platforms that allow you to use our Services or Platforms. The Personal Information we collect is used only for the purpose we state at the time of collection or may include, but are not limited to, the following:
- Legitimate Interests. We may use Personal Information in order to provide our Services or Platforms, other than in performing our contractual obligations to you, for our “legitimate interests” for the purposes of applicable law, except where our interests are overridden by the interests or fundamental rights and freedoms of the data subject. Our legitimate interests may include:
- To provide you with other information that is relevant to your use of the Platforms;
- To contact you via your email address about new features on the Platforms;
- To periodically send you promotional emails via your email address about new products, special offers, or other information which we believe may be of interest to you;
- To provide customer support and address and respond to your requests, inquiries, and complaints;
- To contact you for market research purposes (via your email address and/or addresses, phone number, facsimile number, or regular mail);
- To customize the Platforms according to your interests (including your browsing history and other information collected from the Platforms) for easier use;
- To protect the security of our services, servers, network systems and databases or to protect our users and affiliates against liability or harm;
- To respond to subpoenas, judicial processes, or government requests or investigations.
- For the performance of a contract. We may use Personal Information to perform our contractual obligations, including:
- To provide you with the Services we make available on the Platforms;
- To communicate with you (via your cell phone number or mobile application) through our Veta Health platform or other means enabled by the Services;
- To provide your information to your primary care physician and health care providers in a manner consistent with federal and local laws;
- For internal record keeping purposes related to purchases and transactions.
- To comply with legal obligations. We may use Personal Information to respond to subpoenas, judicial processes, or government requests or investigations. Additionally, for internal record keeping purposes related to purchases and transactions.
- Consent. In some cases where we are not already authorized to process your Personal Information under applicable law, we may ask for your consent to process your Personal Information, including:
- Special Categories of Personal Data. We may need to collect certain special categories of Personal Data, such as Data Concerning Health, in order to provide the Services or Platforms. We will only process your Data Concerning Health with your explicit consent as required by law, which is obtained separately when you register for our Services and then log-in to specific tools that utilize our Services.
- To periodically send you promotional emails about new products, special offers or other information which we believe may be of interest to you.
Where we are processing your Personal Data, you have certain rights under applicable data protection laws. These may include the right to:
- Request access to, modification or rectification, or erasure. You may have the right to access your Personal Data, correct inaccuracies in your Personal Data, and request the erasure of your Personal Data.
- Request restriction of processing. In certain circumstances, you may have the right to restrict the processing of your Personal Data.
- Object to processing. In certain circumstances, you may have the right to object to our processing of your Personal Data, such as a request to stop the processing of your Personal Data for marketing purposes.
- Data portability. In certain circumstances, you may have the right to receive Personal Data concerning you that you provided to us and request that we transmit your Personal Data to another data controller.
- Lodge a complaint. You have the right to lodge a complaint with a supervisory data protection authority.
You have, under certain conditions, the right to object to our processing of your personal data. To exercise your rights, please send your request in reasonable detail to email@example.com with “Withdraw Consent” in the subject line. Please note that as permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion.
If we are relying on your consent to process your Personal Information, you have the right to withdraw your consent at any time. To withdraw your consent, you may contact us at firstname.lastname@example.org with “Withdraw Consent” in the subject line. Please note that if you withdraw your consent, we will not be able to provide you with access to the Platforms and Services.
Under certain conditions, you have the right to object to our processing of your personal data for marketing purposes. You can unsubscribe from our marketing email list, including newsletters or other marketing or promotional messages, notifications, or updates at any time by clicking on the unsubscribe link in the emails that we send or by sending an email to email@example.com. In your request, please make clear that you would like to opt-out with “Opt-Out Request” in the subject line.
We will store your Personal Data for as long as necessary to fulfill the purposes for which we obtained the Personal Data. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We will not store your Personal Data longer than necessary to achieve the purposes stated in this privacy statement, unless we are required by law to do so. We use the following criteria to set our retention periods:
- The duration of our relationship with you;
- The purposes for processing your Personal Data and associated legal bases;
- The existence of a legal obligation as to the retention period;
- The advisability of retaining the information in light of our legal position.
Veta Health stores the personal data it processes about you in the United States. If you are using the Services from the European Union, we will only transfer your Personal Data to the United States through the use of appropriate safeguards, such as standard contractual clauses adopted by the European Commission or with your consent.
We understand the importance of protecting the privacy of all individuals, especially the very young. Our Platforms are intended for audiences over the age of 18. We neither target nor sell our products to children under the age of 16, and we do not knowingly collect Personal Information from them. Subscribing to our online service is restricted to adults who are either 18 years of age or older or as otherwise legally defined.
If you are a resident in the E.U., the “data controller” of your personal information is Veta Health. Veta Health has appointed Dr. Sebastian Kraska to be its data protection officer in the E.U. You can contact them directly regarding the processing of your information by Veta Health by email at firstname.lastname@example.org, by telephone at 089-18917360, or by regular mail to: IITR Datenschutz GmbH, Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich.