Table of Contents
- I. Categories and Sources of Personal Information We Collect
- II. Purpose for Collecting Your Personal Information
- III. Personal Information Sharing and Disclosure
- IV. Children and Privacy
- V. Cookies and Other Tracking Technologies
- VI. Global Privacy Control and Do Not Track
- VII. Links to Third Party Sites
- VIII. Our Social Media Usage
- IX. International Transfer
- X. Data Security
- XI. California and Colorado Residents
- XII. Contact Us
This Policy does not:
- Describe how we collect or use your Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)), including information collected for our COVID-related services, which is covered by our Notice of HIPAA Privacy Practices; or
- Describe how we collect or use Personal Information provided to us or collected by us about a person in the course of the person acting as a job applicant or employee with us, which is covered by our Employee Privacy Notice.
By using or interacting with our website, app, and other products or services (“Services”), you accept the privacy practices described in this Policy. If you disagree with any part of this Policy, you must not use or access our Services.
We may modify this Policy from time to time. The date of change will be shown next to “Last Updated” at the top of this page. We encourage you to read this Policy periodically to ensure you have up-to-date knowledge of our privacy practices. When we make material changes to this Policy, we will provide you with notice before the modifications are effective by sending a message to the email address associated with your account. By continuing to access or use the Services after changes to this Policy become effective, you accept the revised Policy. If any changes are unacceptable to you, you may stop using our Services at any time.
I. Categories and Sources of Personal Information We Collect
We collect Personal Information when you use our Services, including any COVID-related services, create an account with us or provide Personal Information to us. “Personal Information” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular individual, including, but not limited to, a first and last name, unique identifier, email address, a home, postal or other physical address, and phone number. The categories of Personal Information that we may collect about you are:
a. Information You Provide to Us
We collect information you give us when you register with us for an account, when you use our Services, when you participate in surveys or promotional activities, give us feedback, or when you otherwise choose to provide your information to us.
● When you sign up for an account we may collect your name, address, phone number, email address, race, ethnicity, title, birth date, sex, gender identification, credit card information, together with other information such as occupation and personal interests. We may also ask you about income or other financial information to determine if you qualify for a waiver of the Annual Membership Fee or other fees where applicable.
● When you use our Services, such as logging into your account or speaking with our administrative staff, we may collect your name, address, email address, phone number, birth date, credit card information, audio (with your permission), photos and videos (with your permission), or other files in media storage or other shared storage directories (with your permission), and/or request access to your microphone or camera in order to verify your identity and provide Services to you.
● From time-to-time, we invite users to volunteer to participate in surveys or promotional activities or give us feedback. When a user participates, we request certain Personal Information such as name and email address. We may use this information to follow-up with the participants, or, if applicable, to notify contest winners and award prizes
b. Communications from You
When you use our Services (for example on our website), complete electronic forms, or contact us by online chat, email, phone, or text, we may automatically collect and store certain information about you and the activity you engaged in, for example: your name and contact information; information that you voluntarily provide to us; the nature of your communication; the purpose of the interaction, and the action we took in response to your inquiry or request
c. Information Related to Your Use of the Services
We may automatically collect information about your use of the Services (we refer to this information as "Usage Data"), including information sent by your device. For example, we may collect:
● Device information, such as your hardware model, IP address (the Internet address of your computer), unique device identifiers, and other information such as your browser type and operating system.
● Website usage information regarding customer traffic patterns and website usage. This may include the web page that you were visiting before accessing our website or mobile application, the pages or features of our website or mobile application you browsed to inform us which part of our website, app and Services you visit and how much time you spend there.
d. Information Sent by Your Mobile Devices
We collect certain information that your mobile devices send when you use our Services, such as the unique identifier, user settings and the operating system of your device, as well as information about your use of our services on your mobile device.
e. Location Information
When you use our online Services, we may collect and store information about your general location by converting your IP address into a rough geo-location, so we can, for example, provide you with information about services available in your geographic market. We may also access your mobile device’s GPS coordinates or course location, but only if you have previously agreed that we can collect this information by allowing the sharing of your location information. If you do not want us to have your location information, you may disable the location sharing feature on your device or browser.
f. Information from Our Clients and Partners
We may receive your Personal Information from our business clients and partners, such as your employer, in connection with one or more business purposes, including to make our Services available to you.
g. Mobile Applications
Depending on your permissions, we may receive your Personal Information from your internet service and mobile device providers. Users of mobile devices who do not want to receive interest-based advertising may opt-out in several ways. Learn more about your choices for mobile devices by visiting Your Ad Choices. To end all targeting on a mobile device immediately, turn on “Limit Ad Tracking” in the device settings. To limit Ad Tracking on an Apple device, please see here. To limit Ad Tracking on an Android device, please see here.
h. Social Media
Depending on your permissions, we may receive your Personal Information from your social media accounts. You can edit or remove Personal Information usage permissions by using privacy settings on your social media account. Click below for instructions on how to change or remove third party access on each platform:
II. Purpose for Collecting Your Personal Information
We will only use your Personal Information as described in this Policy or otherwise through your informed consent.
We will use your Personal Information to provide information or perform Services that you request. We may use general location information to improve and personalize Services to you, such as providing location-relevant information and Services to you. Your information may be available or provided to third-party service providers in order to provide you with the information or to support the Services you request. These third-party service providers are contractually obligated to protect your information as disclosed in this Policy.
We will use your Personal Information for the purposes of furthering our business and the business of our affiliated companies, including creating, operating, delivering, maintaining, and improving our content, products, and Services. We may monitor how our users use our Services including without limitation time spent using our Services, pages visited, and content viewed. Aggregated forms of this data may also be used for research and development purposes in order to offer new features, functionalities, content, products and services.
We analyze, and may engage third parties to analyze, your Personal Information and Usage Data to determine the usefulness of our website, mobile app, and other elements of the Services. Analytics help us determine how effective our navigational structure is in helping users reach the information they seek, completing the task they wish to complete, etc., and to tailor features and functionalities to our users’ needs and preferences.
Marketing lets us grow our community and update you about new products and services, including those offered together with our affiliated companies. We process your contact information or information about your interactions on our Services to: send you marketing communications and keep you updated about our products and services; provide you with informational content; and deliver targeted marketing to you. We may periodically send you free newsletters and e-mails that directly promote our Services, and that we believe may be of interest to you. In some instances you will be asked to opt-in to certain SMS text marketing and other electronic communications. If you choose to opt-in to receive SMS texts from us, that choice will not be shared with third parties except as necessary to fulfill your choice. When you receive such promotional communications from us, you will have the opportunity to "opt-out" (either through your account or by following the unsubscribe instructions provided in the e-mail or text you receive). We do need to send you certain administrative and transactional communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Membership Terms, this Policy, or information about billing and renewals, among others.
We collect information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues, so we can address your needs and support your use and enjoyment of the Services.
We care about keeping you secure and safe while using our Services. Keeping you safe requires us to process your Personal Information, such as your device information, log-in information, activity information and other relevant information to proactively manage privacy and security risks. We use such information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity to prevent unauthorized users from gaining access to your information.
Our Services are subject to certain laws and regulations which may require us to process your Personal Information. For example, we process your Personal Information to comply with privacy laws, comply with employment laws, or as necessary to manage risk as required under applicable law. We will ask for information to verify your identity and residence status in order to fulfill your requests related to your rights under certain state laws (described below).
When you access or use our Services, you are bound to our Membership Terms and this Policy. To ensure you comply with them, we process your Personal Information to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to investigate, prevent or mitigate violations of our terms, agreements or policies.
III. Personal Information Sharing and Disclosure
Your Personal Information is not shared with third parties without your permission, except as described in this Policy.
a. Information Shared with Our Employees and Service Providers
We engage employees and third-party services providers to work with us to administer and provide the Services or to promote our Services. These employees and third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your Personal Information for any other purpose.
b. Information Disclosed in Connection with Business Transactions
c. Information Shared with Our Affiliates
We work with our subsidiaries and affiliates (“Affiliates”) to make certain services available to consumers. We may share your Personal Information with our Affiliates in order for us and our Affiliates to provide services to you or to respond to your requests and inquiries.
d. Information Disclosed for Our Protection and the Protection of Others
We cooperate with government and law enforcement officials to enforce and comply with the law. We may disclose information about you to government or law enforcement officials as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Membership Terms, (ii) to respond to claims and legal process (including subpoenas); (iii) to protect the property, rights and safety of a third party, our users, or the public in general; (iv) to protect our property, rights and safety; (v) to stop any activity that we consider fraudulent, illegal, unethical or legally actionable; and (vi) as required by applicable local, state or federal laws.
IV. Children and Privacy
a. General Information
We are committed to protecting the privacy of children in connection with the use of our Services. This Section explains our online information collection, disclosure, and parental consent practices with respect to information collection from children under the age of 13 or 16 (“child” or “children”) in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) or other applicable state privacy laws. For more information about COPPA and general tips about protecting children’s online privacy, please click here.
Our Services include online services that may be used to facilitate health care for a child. A parent or guardian can create an account on behalf of a dependent child and attest that they have legal authority to do so. Children under the age of 18 are not eligible to register directly for an account. If your child directly uses their account, either with or without your permission, we may collect information directly from the child. If you prefer for your child to not directly interact with us online, please do not provide account credentials to your child. Please note certain state patient privacy laws may permit a child to directly obtain certain types of health care services independent of their parent or guardian.
Children cannot directly register for our Services. During the user registration process, the parent or guardian can create a child’s account by providing certain information about the child, including name, birth date, address, email and password.
During account registration for a child, parents or guardians are asked to review and consent to our COPPA Parental Consent form. If a parent or guardian chooses not to consent to the collection and use of their child’s information, they may not create an online account for the child. At any time, a parent and guardian may revoke their consent for us to further collect personal information from their child online by contacting firstname.lastname@example.org. Once consent is revoked, a child may not use any Services online.
Section I of this Policy contains details about the information we collect, which extend to information we collect about children. The information we collect will be used for the purposes described in Section II of this Policy.
d. Instant Message Chat
We will not knowingly communicate with a child through the instant message chat functionality on our website. If a child contacts our Services via the instant message functionality and discloses their age, we will discontinue the communication immediately.
We may disclose the information in accordance with Section III. No personal information about a child will be made available to the public or sold. We may share information with our service providers if necessary for them to perform business, professional, or technology services for us, always in accordance with all applicable laws.
e. Your Rights
In addition to your right to revoke your consent for the collection of your child’s personal information, you may request to review the personal information we have collected from your child as well as request for us to delete personal information we have collected from your child, subject to our data retention requirements. Please submit your request or any questions to email@example.com.
V. Cookies and Other Tracking Technologies
i. General Information
A "cookie" is a small data file that certain websites write to your computer or smart device when you visit them. A cookie can't read data off your hard disk or read cookie files created by other websites. We use session cookies that are deleted when you leave our website and close your browser, and persistent cookies that can remain even after you leave. A cookie file can contain information such as a user ID that the website uses to track the pages you've visited. The cookies that are configured by our website do not contain directly identifying information, such as your name or sensitive information, such as your credit card number. Cookies are used:
● to make our Services function properly;
● to provide a secure browsing experience during your use of our Services;
● to collect passive information about your use of our Services;
● to support our marketing campaigns, including to measure how you interact with our marketing campaigns;
● to help us improve our Services; and
● to remember your preferences for your convenience.
ii. Types of Cookies on Our Services
Types of Cookies on Our Services. We use the following types of cookies on our Services:
● Strictly Necessary Cookies - These cookies are essential because they enable you to use our Services. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, Services cannot be provided. These cookies do not gather information about you for marketing purposes. This category of cookies is essential for our Services to work and they cannot be disabled.
● Functional Cookies - We use functional cookies to remember your choices so we can tailor our Services to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name and location. We do not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of our Services.
● Performance or Analytics Cookies - These cookies collect passive information about how you use our Services, including webpages you visit and links you click. We use the information collected by such cookies to understand our users better and to improve and optimize our Services. We do not use these cookies to target you with online marketing. You can disable these cookies.
● Third-Party Cookies - These are cookies that are provided by third-party service providers and belong in one of the cookie categories described above. These third-party providers process your Personal Information on our behalf pursuant to our instructions and obligations consistent with this Policy.
iii. How to Manage Cookies
Depending on whether you would like to manage a first-party or third-party cookie, you will need to take the following steps:
● First-Party Cookies - If you prefer not to receive cookies while browsing our website, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by changing the settings in your browser. You do not need to have cookies turned on to use and navigate through many parts of our website, although if you block or disable the cookie functions, you may not be able to access all portions or features of the website and the Services. Please follow instructions provided by your browser (usually located within the "Help", "Tools" or "Edit" settings) to disable first-party cookies. You can find more information about how to change your browser cookie settings here.
b. Web Beacons
Web Beacons, also known as web bugs, pixel tags or clear GIFs, are tiny graphics with a unique identifier that may be included on our website to deliver or communicate with cookies, in order to track and measure the performance of our website and Services, monitor how many web visitors we have, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).
c. Analytics Technologies
The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click here.
d. Interest-Based Advertising
We use information collected about a user’s use of our Services to arrange for advertisements about our Services to be served to the user on third party’s websites. To do so, our advertising service providers place or recognize a unique cookie on the user’s browser and use other techniques, such as pixel tags. Please visit the Network Advertising Initiative for more information about this practice and to learn about your choices. Users may opt-out of receiving interest-based advertising. The opt-out may be provided through specific opt-out cookies. Please visit the following Your Ad Choices and the Network Advertising Initiative to learn more.
VI. Global Privacy Control and Do Not Track
You may opt out and we honor certain technologies broadcasting an Opt-Out Preference Signal such as the Global Privacy Control (“GPC”). This occurs on the browsers and/or browser extensions that support such a signal. This request will be linked to your browser identifier only and will not tie to your individual identity. We will process your opt-out preference using the GPC in a frictionless manner. This means that (i) we will not charge a fee or require any additional consideration if you use an opt-out signal, (ii) your experience with our Service will not change after processing of the opt-out signal, and (iii) no additional notifications, pop-ups, text, or graphics will appear in response to the opt-out signal.
Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
VII. Links to Third Party Sites
We may contain links to other sites that are owned or operated by third parties. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties.
VIII. Our Social Media Usage
We have accounts on social media platforms through which we may post information or conduct promotional activities. If you use social media to follow us or interact with us, we may collect Personal Information you choose to share with us. Please understand your use of the social media services may result in the collection or sharing of information about you by those social media services. We have no control over, and decline all responsibility for, the use of your personal data by these third parties. Your use of social media, including your interactions with us on social media, are at your discretion. We encourage you to review the privacy policies and settings on the social media services with which you interact to make sure you understand how your information may be collected, used, and shared by those social media services.
IX. International Transfer
Your information is stored on controlled servers with limited access and may be stored and processed in the United States or another country where our service providers are located. We offer our Services only to individuals located in the United States, and we do not advertise our Services outside the United States. If you are located outside the United States and choose to provide your Personal Information to us, please note that we may transfer your Personal Information to the United States or another country where our service providers are located, and such countries may not provide the same data protection. Those who choose to access and use the Services from outside the United States do so on their own initiative, at their own risk, with this understanding.
X. Data Security
We safeguard the security of the information you provide to us with physical, electronic, and administrative procedures. For certain features of our Services we use industry-standard SSL-encryption to enhance the security of data transmissions. Your account information is password-protected for your privacy and security. While we strive to protect your information, we cannot guarantee the security of the Internet, and cannot ensure the security of the information that is transmitted through the Internet.
Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your information when you are on the Internet, or when you communicate with us and with others through the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “How to Contact Us” section. If your payment information, username, or password is lost, stolen, or used without permission, please promptly update your account or notify us and we will assist you in updating your account details.
Some portions of the Services (for example our presence on social media) allow users to submit comments, reviews, ratings and other information that may be displayed on the Services and viewed by others. We recommend that you do not post on or through the Services any information that you do not want to make available to other users or the public generally. You assume all responsibility for any loss of privacy or other harm resulting from information you post publicly.
XI. California and Colorado Residents
a. Your Rights
|The Right to Know/Access||
You have the right to obtain confirmation regarding whether we are processing your Personal Information and to access that Personal Information.
You have the right to know (a) the specific pieces of personal information the business has collected about you, (b) the categories of personal information collected, the sources of collection, the business/commercial purpose for collecting or "sharing" personal information, and the categories of third parties to whom the business discloses Personal Information, and (c) for Colorado residents.
For the list of categories of Personal Information we have collected from you in the last twelve (12) months, please see Section XI(d)(i) below. Colorado residents may, up to two (2) times per calendar year, obtain your Personal Information in a portable, and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity.
The Right to
|You have the right to request the deletion of Personal Information we have collected from you, subject to certain exceptions.|
|The Right to Correct||You have the right to request that any inaccuracies in your Personal Information be corrected, taking into account the nature of the Personal Information and the purposes of the processing of your Personal Information. We may require you to provide documentation if necessary to determine whether your Personal Information, or your requested correction to the Personal Information, is accurate.|
|The Right to Opt-Out of "Sharing" for Targeted Advertising||
You have the right to opt-out of the processing of personal information for purposes of "targeted advertising" (including the "sharing" of personal information for that purpose). You can opt-out via GPC (described above).
We do not have actual knowledge of "sharing" personal information of those under sixteen (16) years of age.
|"Sensitive" Personal Information||We process "sensitive" personal information only for the limited purposes that do not require a corresponding opt-out right. This is described further in Section XI(d)(i).|
b. Exercising Your Rights
You may exercise your right to access, correct, or delete your Personal Information by submitting your request here. Alternatively, you can contact us with your request at firstname.lastname@example.org. We may ask you for certain information or require email verification to verify your identity and state of residence. If we cannot verify your identity or residence from the initial information you provide, we may request additional information from you, which will only be used for the purposes of verifying your identity or residence and for security or fraud-prevention purposes. In some instances, we may ask you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. We will delete any new personal information collected for the purposes of verification as soon as practical after processing your request, subject to legal retention requirements or permissions.
You may designate an authorized agent to make certain requests. We will respond to your authorized agent’s request if they submit proof that they are properly authorized to be able to act on your behalf or submit evidence you have provided them with power of attorney in accordance with the law. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf.
We will not discriminate against those who exercise their rights. Specifically, if you exercise your rights, we will not deny you goods or services, charge you different prices or rates for goods or services or provide you a different level or quality of goods or services. In addition, we shall not require you to create a new account in order to exercise any of your rights.
d. Notice at Collection
i. Categories of Personal Information Collected (See Section I of this Policy for additional detail)
- Identifiers, such as name, address, ISP address, email address, and other similar identifiers.
- California Customer Records (Cal. Civ. Code § 1798.80(e)), such as birth date, contact information, and payment information.
- Protected Classification Characteristics, such as age and gender.
- Internet/Network Information, such as device information, logs, and analytics data.
- Geolocation Data, such as location information from your device or generated based on IP address or Wi-Fi.
- Audio, images, and other similar information.
- Professional/Employment Information, such as your employer if your membership is tied to an account sponsored by your employer.
- Sensitive Personal Information, such as account log-in and password. Sensitive Personal Information is used for the limited purposes specified under California law that do not require a corresponding opt-out right, such as the provision of goods or services reasonably expected by the consumer requesting such goods or services.
ii. Categories of Sources of Personal Information We Collect (See Section I of this Policy for additional detail)
- Information you provide to us.
- Communications from you.
- Information collected during your use of the Services.
- Information sent by your mobile devices.
- Information from our clients and partners.
- Social media.
- Mobile applications.
iii. The Purposes for which Personal Information is disclosed to third parties (See Section II of this Policy for additional detail)
- To provide services to you.
- For the operation and administration of our business.
- For business analytics purposes.
- For our own marketing purposes.
- To provide customer support to you.
- For account and network security purposes.
- To maintain legal and regulatory compliance.
- To enforce compliance with our Terms, Agreements, and Policies.
iv. Categories of Third Parties that your Personal Information has been disclosed for business purposes (See Section III for additional detail)
- Vendors and other Service Providers
- Our business clients
- Third parties in connection with business transactions
- Our affiliates
- Government and other law enforcement agencies
v. The Purpose for Sharing Your Personal Information
We share limited information to help ensure you receive more useful and relevant ads and to measure their effectiveness. Any personal information we may have shared for the purpose of cross-context behavioral advertising, as that term is defined by applicable California law, in the twelve months prior to the effective date of this Policy includes identifiers such as a cookie, a device identifier, or other unique identifiers; we never share your name or other information that directly identifies you.
The categories of third parties with whom we may share personal information for the purpose of cross-context behavioral advertising are identified in Section V.
e. No Sale of Personal Information.
In the twelve months prior to the effective date of this Policy, we have not sold any personal information of consumers, as those terms are defined under the applicable California law.
f. Retention of Personal Information.
We keep your personal information to enable your continued use of our Services, for as long as it is required to fulfill the relevant purposes described in this Policy, as permitted or as may be required by law, or as otherwise communicated to you.
XII. Contact Us
If you have questions or concerns about our collection, use, or disclosure of your Personal Information, please email us at email@example.com. Or write to us at: Privacy Officer, 1Life Healthcare, Inc., One Embarcadero Center, 19th FL, San Francisco, California 94111.