COVID CLINIC PRIVACY POLICY

Last updated: April 21, 2020

COVID Clinic (the “Clinic,” “we,” “us” or words of similar import) respects your privacy and is committed to protecting it. This Privacy Policy describes how we may collect, use and share your personal information in connection with your use of www.covidclinic.orgwww.covidclinicregistration.comwww.CCR.com and any other Clinic related websites (collectively, the “Website”) and any of the Clinic’s applications, online services, mobile applications, application programming interfaces (APIs) and any other related services (together with the Website, the “Services”). This Policy also explains certain choices you have about how your personal information is used. By using the Services, you consent to the practices described in this Policy, unless further consent is required by applicable law.

You may see other privacy notices when we collect your personal information for certain purposes. Those notices supplement this Policy.

We encourage you to read this Policy carefully before using the Services or submitting any personal information. By accessing or using the Services, you agree to this Policy. This Policy may change from time to time, and your continued use of the Website and Services after we make changes is deemed to be acceptance of those changes, so please check this Policy periodically for updates.

Information We Collect: When you use our Website and Services, we may collect your personal information when you provide it to us, when it comes linked from other sources or through automated methods. “Personal Information” under this policy means “personal information,” “personal data” or “protected health information” as defined under applicable law, and generally speaking, may include the following:

  • Information that identifies you as an individual, such as: your name, postal address, email address, phone number, credit and debit card number, license plate information and others;

  • Unique identifiers, such as your username, password, marketing preferences, browser type, IP address, the equipment you use to access our Website and your usage and navigation details;

  • Information about health status, provision of health care or payment for health care that can be linked to a specific individual; and

  • Information about your characteristics, conditions or behavior that is associated with one of your identifiers or could otherwise reasonably be linked to you.

“Non-personal information” on the other hand, is information that has been anonymized, aggregated or de-identified such that it cannot reasonably be linked to an individual.

Personal Information.

Information You Provide to Us. We may collect from you directly some or all of the categories listed below when you fill out a form on our Website; use any of our Services; or directly contact us with questions or feedback:

  • Identifiers” such as name, address, email address, phone number, user name and similar information;

  • Demographic Information such as preferred language, age, birth date and similar information;

  • Financial Information” such as payment card information;

  • Health Information” such as symptoms, health coverage, health history and healthcare provider information;

  • User Content” such as content in your communications or responses to us; and

  • Any other information you voluntarily provide to us.

If you decline to provide requested information, we may not be able to provide one or more Services to you, or you may not receive access to certain features of a Service.

Information Automatically Collected From Your Device. When you access and use our Services, computer servers may automatically collect information from your device or browser. In some cases, we limit this collection to non-personal information, but we may collect the following personal information:

  • Online Identifiers” such as IP address, device ID, cookies and similar information;

  • Device/Browser Information” such as internet service provider (ISP), operating system, device type, browser type and settings;

  • Usage Information and Browsing History such as:

    • usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, and other logs);

    • user keystrokes in a webform (whether or not the user completes or submits the webform);

    • content interactions (including searches, views, downloads, prints, shares, streams, and displays);

    • user journey history (including clickstreams and page navigation, URLs, timestamps, page response times, page interaction information (such as scrolling, clicks and mouse-overs) and download errors), advertising interactions and preferences (including when and how you interact with marketing materials, purchases or steps you make after seeing an ad) and similar data; and

  • Geolocation Data” such as your approximate physical location when you access our Service.

Some of this information is collected through the use of “Cookies,” which include a piece of data stored on a site visitor’s hard drive to help us improve your access to the Services and identify repeat visitors. Cookies can enable us to track and target the interests of our users to enhance the experience on the Website and compile aggregate data about site traffic and site interaction. We may contract with third-party service providers to assist us in better understanding Website visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. Usage of a Cookie is not linked to any personal information on the Website. Most cookies expire after a defined period of time.

Information From Other Sources. We may work with third parties from time to time who assist us in managing or providing Services (e.g., payment processors, web hosting services, online content providers, laboratory testing facilities, health departments) and who collect some of the information described above. We may combine such information with information we collect from you. To the extent the information, alone or in combination, constitutes personal information, we will treat it as personal information as described in this Policy. We are not responsible for the accuracy of any information provided by third parties. Unless you have been notified otherwise, all information collected through our authorized third parties remains governed by security and confidentiality obligations consistent with this Policy and applicable law, including, with respect to protected health information, the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”).

How We Use Personal Information. We may use the personal information collected for the following purposes, subject to restriction under applicable law:

  • To present our Website and its contents to you;

  • To improve the content on and the Services offered through our Website;

  • To provide you with information, products or services that you request from us;

  • To respond to your inquiries;

  • To contact you with legal notice or other information that may be relevant to the Services;

  • To detect, investigate, mitigate or prevent activities that may violate our policies, threaten the security of our Services or may be fraudulent or illegal;

  • To comply with our legal obligations;

  • To market our Services;

  • To allow you to participate in interactive features on our Website;

  • To fulfill any other purpose for which you provide it; and

  • In any other way we may describe when you provide the information or pursuant to your consent.

We may use non-personal information for any purpose. This may include providing a publicly accessible tally of positive COVID-19 test results, including positive COVID-19 antibody test results, on our Website. For clarity, all test results provided publicly will not include or otherwise be linked to any of your personal information, including your protected health information.

Sharing Personal Information. We do not disclose your personal information except as follows:

  • Contractors and Service Providers. We may share your information, and in some cases your personal information, with certain contractors and service providers performing functions or services inherent in our Services provided to you, such as testing laboratories that analyze and provide results for your COVID-19 test, your local Health Department, hosts of our Services, database managers, payment processors, and the like. Where necessary and appropriate, and as required under applicable law, our agreements with those parties prohibit them from using personal information we share for any purpose other than providing services to us and as contemplated by the Services we are providing to you. FOR CLARITY, ALL PERSONAL INFORMATION WE SHARE, INCLUDING YOUR PROTECTED HEALTH INFORMATION, IS SHARED AND PROTECTED BY US IN COMPLIANCE WITH APPLICABLE LAWS;

  • Mandatory Disclosures and Legal Proceedings. We may have a legal obligation to disclose personal information about you to government authorities or other third parties when required by law or pursuant to a valid subpoena, litigation demand or court order. We may also need to disclose and otherwise process your personal information in accordance with applicable law to defend our legitimate interests, for example, in civil or criminal legal proceedings;

  • Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our business, this can involve us disclosing personal information to prospective or actual purchasers and their advisers, or receiving personal information from sellers and their advisers; and

  • Your Consent. We may share your personal information with others if we have your consent to do so.

Quality and Retention of Personal Information. We take reasonable steps to keep your personal information accurate and to delete incorrect or unnecessary personal information. We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy or otherwise communicated to you, unless a longer period is required by applicable law.

Data Security. In order to safeguard personal information against unauthorized access, removal, theft or disclosure, we implement and maintain security procedures and practices appropriate to the nature of the information and reasonable in light of industry standards and our particular operations, risks and resources. We regularly assess the performance and adequacy of these procedures and practices and will adjust them when new standards, operations or risks require it. Unfortunately, in our increasingly connected digital world, no one can guarantee perfect data security, and we cannot promise that our procedures and practices will always prevent a breach of personal information. Should we detect such a breach, we will promptly notify affected individuals, third parties and law enforcement agencies as required by applicable law.

We encourage you to help maximize security by applying your own personal security measures. For more information about what you can do to protect your data, please see the tips and resources offered by the U.S. Federal Trade Commission at https://www.consumer.ftc.gov/topics/privacy-identity-online-security.

Do Not Track” Signals. The web browsers and applications that you use to visit our Website and Services may provide certain “Do Not Track” capabilities. Generally, browsers that have these features enabled send a signal to websites that inform the site operator that you do not wish for the site to track you. We do not respond to these signals because there is not yet a common understanding of how to process these signals or a consensus on what “tracking” means.

Links to Third Party Services. Our Services may contain links to third-party websites, products or services. For example, our Website may contain links provided by social media platforms that you can use to post directly from our Website. Information collected by those third parties is governed by their privacy policies, not ours, and we are not responsible for the content or privacy practices of such other websites. We encourage you to learn about the privacy practices of those third parties.

Protecting Children’s Privacy. You must be eighteen (18) or older to use our Services. Minors under the age of eighteen (18) and at least thirteen (13) years of age are only permitted to use our Services through the consent of and direct supervision by a parent or legal guardian. Our Website is not intended for children under 13 years of age. No one under age 13 may provide any personal information on or through the Website. We do not knowingly collect personal information from children under 13 without the express written consent of a parent or legal guardian. If you are under 13, do not use or provide any information on our Website. If we learn we have collected or received personal information from a child under 13 without verification of parental or legal guardian consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us.

Your Rights and Choices. You may opt-out of our email communications by using the unsubscribe link provided in emails from us or by otherwise contacting us. At any time, you may adjust settings on your browser to refuse cookies and other tracking pixels according to the instructions related to your browser. However, if you choose to disable these technologies, some features of our Services may not operate properly.

California Residents. Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. We do not sell or share your personal information with third-party companies for their direct marketing purposes without your consent. You can learn more about the CCPA here: https://oag.ca.gov/privacy/ccpa.

Changes to this Policy. We will review this Privacy Policy periodically and update it as necessary to reflect material changes in applicable law, our privacy practices or our Services. We will notify you of material changes to how we treat your personal information directly if we have your contact information, and you should periodically review this Privacy Policy to remain aware of our current practices.

Contact Us. If you have any questions or concerns about this Privacy Policy or our practices, or wish to exercise your rights regarding your personal information under applicable law, please contact us directly at: info@covidclinic.org.