Last Updated: November 11, 2022
3. INFORMATION COLLECTED BY THE SERVICE
Workit Health collects Personal Information that you choose to provide to us, including any Personal Information you provide in connection with your use of the Service, regardless of how you provide it. It is always your choice whether or not to provide us with your Personal Information. If you choose not to provide Personal Information, you may not be able to use certain features or functions of the Service. Whenever you use the Service, Workit Health also receives and records information on our server logs from your browser, including your IP address, Workit Health’s cookie information, and the pages you request, and relates it to the Personal Information you provide.
Examples of how and why Workit Health collects Personal Information include:
We collect your Personal Information as part of the registration process for our Service. For example, in order to process your registration or enrollment in the Service, we may collect Personal Information such as your email, login, password, phone number, date of birth, your interest in the Service, and how you found the Service.
Self-Reported Personal Information
We collect Personal Information that you provide or enter during the course of using the Service or that you choose to provide to us through any devices that you use to collect information regarding your health and/or medical condition and related behaviors or that you have others provide on your behalf such as information or records relating to your medical or health history, health status and laboratory testing results, prescriptions, and other health-related information.
Health Care Payer or Employer
If you are receiving the Service through your health insurance or employer, we may receive information as provided by your health care payer or employer, or information provided by a third-party on the health care payer’s or employer’s behalf.
We collect information that you provide to us pertaining to the people with whom you consent to share your Personal Information (such as a family member or caregiver), as well as communications between you and such individuals.
We collect information that you submit through the Service including messages, chats, reviews, photos, videos, images, folders, data, text and other types of submissions that you provide in connection with the use of the Service.
Automatically Tracked Information
We may also use automated tracking methods such as cookies, flash cookies, web beacons, GPS data, and connected accelerometers to collect information regarding your behaviors relative to the Service including, but not limited to, information related to your equipment, browsing actions and patterns, traffic and location data, the resources you access and use, and information about your internet connection including, but not limited to, your IP address, operating system, and browser type. We may also use these technologies to collect information regarding your interaction with our email messages such as whether you opened, clicked, or forwarded our email.
We may collect demographic information as you continue to use the Service such as your unique username and password, mailing address, age, gender, social security number, driver’s license number, geographic location, preferences, payment information (such as your payment card number, expiration date, and billing address), and insurance information.
Surveys and/or Assessments
From time to time, we may send you assessments and survey questions to help us understand your knowledge of treatment options for substance use disorder and other comorbidities and to provide us with feedback on the Service. We collect any responses that you provide.
Cookies, Web Beacons, Research and Analytics, and Other Tracking Technologies
We use technologies to automatically or passively store or collect certain information when you visit or interact with the Service. These technologies include “cookies” and “web beacons” (and subsequent technologies and methods later developed which perform a similar function), which are used to collect and store usage information regarding your use of the Service. We use this information for a variety of purposes, including, but not limited to, assessing the performance of, or enhancing your experience with, the Service.
Flash cookies are locally stored objects that may be incorporated in certain features of the Service to collect and store information about your preferences and navigation to, from and on the Service. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Web beacons (also known as clear gifs, pixel tags, and single pixel gifs) are small pieces of code placed on a web page to monitor the behavior and collect data about the visitors viewing a web page that help Workit Health manage online advertising and traffic. This information enables Workit Health to learn which emails and advertisements bring users to our Service. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. We may use web beacons for this purpose including in our emails to measure the effectiveness of our email campaigns by identifying the individuals who open or act upon an email message, when an email message is opened, how many times an email message is forwarded, the type of software, device, operating system and browser used to deliver the email and any URL accessed through our email message.
We also use analytics tools including Google Analytics and Facebook Pixel to better understand how visitors interact with our Service. These tools provide anonymous information, including, but not limited to, data on where visitors came from, what actions they took while interacting with the Service, and where visitors went when they ceased interacting with the Service.
California Do Not Track Disclosure
We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want it collecting certain information about you.
4. HOW WE USE AND DISCLOSE YOUR PERSONAL INFORMATION
Using Your Personal Information
We, or a third party on our behalf, use information we collect on the Service in a variety of ways in providing the Service and operating our business, including, but not limited to, the following:
- providing you with the Service;
- providing you with services and information that you request;
verifying your identity;
- personalizing your experience with the Service;
- processing payment card transactions;
- performing engagement and outreach activities and call monitoring;
- providing you with information about other goods and services we offer that are similar to those that you have already signed up for or inquired about;
- operating, maintaining, and improving our Service and improving the content and functionality of the Service;
- administering the Service and for internal operations, including troubleshooting, data analysis, product and functionality development, patient experience, peer review, quality control and assurance, understanding and analyzing usage trends and user preferences, support, testing, research, statistical and survey purposes, responding to law enforcement requests as required by applicable law, investigating and defending ourselves against any claims or allegations, pursue business development opportunities including, but not limited to, evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of Workit Health’s assets;
- responding to user submissions, comments, and questions;
- creating de-identified datasets, to the extent permitted by applicable law;
- creating aggregated datasets, to the extent permitted by applicable law;
- protecting the personal safety of users of the Service and defending and protecting our rights, property, employees, customers or patients;
- keeping our Service safe and secure;
- developing, displaying and tracking content and advertising tailored to your interests on our Service and other sites, including providing our advertising to you when you visit other websites or applications;
- providing services as a business associate on behalf of, or to facilitate the services of, the Workit Health Clinic including, but not limited to, disseminating the NPP, providing you with certain communications via email, text messages, or other means that contain PHI, and sending you appointment reminders; and
- rendering any services, provide information, or for any other use permitted by applicable law including for research purposes.
Disclosing Your Personal Information
- we may disclose your Personal Information to the Workit Health Clinic or other providers for treatment, payment processing, or operational purposes;
- we may disclose your Personal Information to your insurance company, health plan, employer, sponsor, or third-party administrator for purposes of billing and payment for our Service;
- we may share your Personal Information with certain third parties to provide the Service to you on our behalf under confidentiality agreements, including, but not limited to, our third-party service providers such as website, application development, cloud hosting, maintenance, payment processors, and analytics service providers;
- we may be required to disclose your Personal Information in response to a legal process, for example, in response to a court order or a subpoena to comply with its applicable legal and regulatory reporting requirements;
we may disclose your Personal Information in response to a law enforcement agency’s request, or where it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of the Terms, to verify or enforce compliance with applicable laws, or as otherwise required or permitted by law, and to take precautions against liability and to protect our property or other legal rights;
- we may transfer your Personal Information to an entity or individual that acquires, buys, or merges with Workit Health, or our other business units, including during the course of any due diligence process to explore such a transaction, or to explore and complete a divestiture, restructuring, reorganization, dissolution, bankruptcy, or change of control or ownership or sale of its assets (whether in whole or in part);
- we may license, sell or otherwise share de-identified, aggregated, or non-aggregated versions of your Personal Information with institutional clients, partners, investors and contractors for any purposes related to our marketing, business, and/or research practices;
we may disclose your Personal Information in accordance with your prior written consent or authorization;
- we may disclose Personal Information to our subsidiaries, affiliates, and related companies; and
we may disclose Personal Information to third party advertisers to develop and display advertising tailored to your interests or location.
All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Use / Disclosure of Information Submitted to Groups
You acknowledge that our Service may include features such as group discussions, discussion boards, forums, profile pages, bulletin boards, instant messaging, polls, and other communication forums (collectively, “Groups”). You acknowledge and agree that any information you submit, post, or disclose to such Groups including, but not limited to, user profile information, user profile pictures, discussion board postings, and any Personal Information included in such postings, may be visible to other users and providers of the Service including, but not limited to, your health coaches, authorized personnel, administrators, and other users of the Service.
IN THE CASE OF YOUR USE OF GROUPS, WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF ANY INFORMATION, INCLUDING PERSONAL INFORMATION, THAT IS DISCLOSED BY YOU OR ON YOUR BEHALF IN SUCH GROUPS. BY DISCLOSING ANY OF YOUR INFORMATION VIA GROUPS, YOU ACKNOWLEDGE AND ACCEPT ANY RISK AND DAMAGE ARISING FROM DISCLOSURE OF SUCH INFORMATION.
5. CONFIDENTIALITY AND SECURITY
We take reasonable steps to ensure that all Personal Information collected will remain secure and in its original form (i.e., free from any alteration). We have put in place appropriate physical, electronic, and administrative safeguards in compliance with federal and state law, including HIPAA, in an effort to help prevent unauthorized access, maintain data security, and correct use of the Personal Information we collect. We cannot, however, ensure or warrant the security of any Personal Information you transmit to us and you do so at your own risk. Once we receive your transmission of information, we use commercially reasonable efforts to ensure the security of our systems. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. Furthermore, your individual user account is protected by a password for your privacy and security. To ensure that there is no unauthorized access to your account and Personal Information, we suggest that you safeguard your password appropriately and limit access to your computer and browser by signing off after you have finished accessing your account.
6. ACCESSING AND CHANGING YOUR INFORMATION
You may review and request changes to your Personal Information or request additional information about our collection, use and disclosure of such information by contacting us at firstname.lastname@example.org. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by promptly notifying us of any changes to your Personal Information. You may update, correct, or delete your profile information and preferences at any time by accessing your account preferences in the Service. Any changes you make will be reflected in active user databases within a reasonable period of time; however, we may retain all information you submit for backups, archiving, prevention of fraud or abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. We may not be able to modify or delete your information in all circumstances. In addition, you may request that we provide to you the information we hold about you; however, your rights to access your Personal Information are not absolute. We may deny you access when required and/or permitted by applicable laws or if disclosure would likely reveal personal information about a third party.
7. CHILDREN’S PRIVACY
Our Service is not directed to children under the age of 18, and we do not knowingly collect information from children under the age of 18 without obtaining parental consent. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that a person under 18 years of age has used or accessed the Service or any information has been collected on the Service from persons under 18 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an account on or otherwise accessed the Service, then you may alert us at email@example.com and request that we delete your child’s information from our systems.
8. OPT OUT
10. PROTECTED HEALTH INFORMATION
The providers you access through the Service are employed by or contracted independently with one or more professional corporations or other professional entities (collectively, the “Workit Health Clinic”), which are affiliated with Workit Health. Workit Health is not a medical group and any telehealth consults obtained through the Service are provided by independent medical providers employed or contracted through the Workit Health Clinic.
In addition, your use of the Service may involve our receipt of PHI. PHI is Personal Information that relates to
- your past, present, or future physical or mental health or condition;
- the provision of health care to you; and
- your past, present, or future payment for the provision of health care, which is created, received, transmitted, or maintained by us.
- send you communications on behalf of the Workit Health Clinic and to facilitate the provision of health care services to you by the Workit Health Clinic; and
- invite you to participate in IRB-approved research studies regarding the Service.
11. SPECIAL NOTICE TO CALIFORNIA RESIDENTS
THIS SECTION APPLIES ONLY TO CALIFORNIA RESIDENTS.
Personal Information Definition and Categories
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers (“Identifiers”).
- Any categories of personal information described in subdivision (e) of Section 1798.80.
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Biometric information.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
- Geolocation data.
- Audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information.
- Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).
- Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Information does not include information that is:
- publicly available information from government records;
- de-identified or aggregated consumer information; or
- certain information excluded from the scope of the CCPA (for example, PHI covered under HIPAA and medical information covered under the California Medical Information Act).
Collection of Personal Information for a Business Purpose
Workit Health may collect your Personal Information for business purposes. In the preceding twelve (12) months, Workit Health has collected Personal Information from the following categories from its consumers:
- Any categories of personal information described in subdivision (e) of Section 1798.80;
- Characteristics of protected classifications under California or federal law;
- Internet or other similar network activity;
- Geolocation data;
- Sensory data; and
- Professional or employment-related information.
Sources of Personal Information
Workit Health obtains Personal Information from the following categories of sources:
- Directly from you – For example, from forms you complete or products or services you purchase;
- Indirectly from you – For example, from observing your actions on the Service;
- Other people – For example, from individuals who may refer you to Workit Health or otherwise provide information about you to Workit Health.
Disclosures of Personal Information for a Business Purpose
Workit Health may disclose your Personal Information to a third party for business purposes. When Workit Health discloses Personal Information for a business purpose, it is pursuant to a contract between Workit Health and the third party recipient. This contract sets forth the purpose for the disclosure and the third-party service provider’s obligations to protect the confidentiality of the Personal Information.
In the preceding twelve (12) months, Workit Health has disclosed the following categories of Personal Information for a business purpose to third-party service providers:
- Personal information categories listed in the California Customer Records statute;
- Internet or other similar network activity;
- Geolocation data.
Sales of Personal Information
In the preceding twelve (12) months, Workit Health has not sold Personal Information.
California Consumer Privacy Act (“CCPA”) Rights for California Residents
The CCPA provides you with specific rights regarding their Personal Information. This section describes a California resident’s rights under the CCPA.
Access to Specific Information and Data Portability Rights
You have the right to request that Workit Health disclose certain information to you about its collection and use of your Personal Information over the past twelve (12) months. Promptly following receipt of a verifiable consumer request, Workit Health will disclose to you:
- The categories of Personal Information we collect about you;
- The categories of sources for the Personal Information we collected about you;
- Our business or commercial purpose for collecting or selling that Personal Information;
- The categories of third parties with whom Workit Health shares Personal Information;
- The specific pieces of Personal Information that Workit Health collected about you (also called a data portability request);
- If Workit Health sold or disclosed your Personal Information for a business purpose, two separate lists disclosing (i) sales, identifying the Personal Information categories that each category of recipient purchased and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that Workit Health delete any of the Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm a verifiable consumer request for deletion, Workit Health will delete (and direct our service providers to delete) your Personal Information from our records unless an exception applies.
Workit Health may deny a deletion request if retaining the Personal Information is necessary for Workit Health or our service providers to:
- Complete the transaction for which Workit Health collects the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code Section 1546 et seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with Workit Health;
- Comply with a legal obligation;
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to Workit Health by using any of the following methods:
Telephone: (734) 292-4020
Postal: Workit Health, Inc., 3300 Washtenaw Ave., Ste. 280, Ann Arbor, MI 48104
Please provide your first and last name, details of your request, along with your preferred method of contact so that Workit Health can respond to your request. Only you, a California resident, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. We may deny requests from authorized agents who do not submit proof that they are authorized by you to act on your behalf.
A California resident may only make two (2) verifiable consumer requests for access or data portability within a twelve (12) month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Workit Health cannot respond to your request or provide you with Personal Information if Workit Health cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable customer request to verify the requestor’s identity or authority to make the request.
Selling Personal Information
Workit Health does not sell your Personal Information to third parties.
Response Timing and Format
Workit Health endeavors to respond to a verifiable consumer request within forty-five (45) days of its receipt. If reasonably necessary, Workit Health may extend its duty to respond to the request by one additional forty-five (45) day period, provided that Workit Health gives you written notice of the extension within the first forty-five (45) day period. Workit Health will deliver its written response by mail or electronically, at the consumer’s option. For data portability requests delivered electronically, Workit Health will select a format to provide your Personal Information that is readily usable and should allow you to transmit your Personal Information from Workit Health to another entity without hindrance.
Any disclosures Workit Health provides will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. Workit Health’s response will also explain the reasons it cannot comply with a request, if applicable.
Workit Health will not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If Workit Health determines that the request warrants a fee, Workit Health will tell you why it made that decision and provide you with a cost estimate before completing your request.
Workit Health will not discriminate against a California resident who exercises a CCPA right. Unless permitted by the CCPA, Workit Health will not:
- deny you goods or services;
- charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- provide you a different level or quality of goods and services; or
- suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
12. USERS OUTSIDE THE UNITED STATES
13. QUESTIONS AND SUGGESTIONS
If you have questions or suggestions, or wish to correct your profile information, please email Workit Health at firstname.lastname@example.org or write to us at Workit Health Inc., 3300 Washtenaw Ave., Ste. 280, Ann Arbor, MI 48104.