- SCOPE AND PURPOSE
- WHAT INFORMATION DO WE COLLECT?
We collect various types of information from and about you on the Websites, including:
- “Personally Identifiable information” or “Personal Information,” is information relating to an identified or identifiable person, such as:
- Identifiers. First and last name, email address, postal address, billing address, telephone numbers (including mobile telephone numbers), credit/debit card number, identification number, date of birth, or an online identifier.
- Protected Health Information. Personally identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”).
- Account information, such as username and password.
- Geolocation Data. Location data.
- Internet activity information. Cookies and other technologies that collect traffic data, logs, page requests, search terms, the referring page, the time, date and duration of your visits to our Websites, or clickstream data.
- Personal information also may include information that is not personally identifiable standing alone (for example, your last check-in date) but is personally identifiable when combined with other information (for example, your check-in dates together with your first and last name). Some pages on our Websites can be visited without providing any personal information. On other Website pages, you may be prompted or invited to provide certain personally identifiable information, such as to join our mailing list or to receive alerts or other promotional materials. Certain features of some Websites may require credit card and billing information as well.
PERSONAL INFORMATION YOU PROVIDE TO US
The personal information we collect on or through the Websites may include:
- Information you provide by filling out forms on the Websites.
- Records and copies of your correspondence, including email addresses, if you contact us, or our affiliates through the Websites.
- Information you provide in response to surveys.
- Details of transactions that you carry out through the Websites.
PERSONAL INFORMATION COLLECTED FROM EMPLOYEES
We may collect certain personal information from employees including:
- Identifiers. Real name, alias, postal address, email address, social security number, driver’s license number, state identification card number, passport number, signature, and telephone number.
- Health Information
- Professional or employment-related information
- Educational information
AUTOMATICALLY COLLECTED PERSONAL INFORMATION
As you navigate through and interact with the Websites, we and our service providers may use automatic data collection technologies, such as cookies and other technologies, to collect certain Commercial Information and Internet Activity Information, including:
- Information about your visits to our Websites, such as traffic data, logs, page requests, search terms, the referring page, the time, date and duration of your visits to our Websites, clickstream data, other communication data, the links that you click, your search queries, and the resources and content that you access and use on the Websites.
- Information about your Internet connection and computer or other devices used to access the Websites, including your IP address, operating system or platform, browser type, mobile identifiers (such as Apple IFDA and Android Advertising ID) and the name of your Internet Service Provider.
- Information about traffic patterns, number of visits to certain pages, visits from other websites or to third-party websites linked to the Website, and visitors’ use of particular services and interest in services, information or features of the Website.
Sensitive Information. We ask that you not send us, and you not disclose, any sensitive personal information (such information related to racial or ethnic origin, political opinions, religion or other beliefs, criminal background or trade union membership) on or through the Websites.
Individual Health Information
To the extent that we receive, maintain, or process an individual’s protected health information, HealthPass may disclose that information as authorized by and in accordance with applicable federal and/or state law.
Our processing of data received from our customers (“Customer Data”) is governed by the agreements we enter into with our customers, which may include Business Associate Agreements as applicable and required under the Health Insurance Portability and Accountability Act (“HIPAA”). Our customers may also have their own privacy practices and/or policies that govern their collection and use of your data. We are not responsible for how our customers treat the information we collect on their behalf, and we recommend you review their own privacy policies. For further information on your rights and choices regarding Customer Data, see the “Your Rights and Choices” section below.
III. COOKIES AND OTHER TECHNOLOGIES
- HTTP request header information in order make our Websites function correctly and to personalize content presented to you, better understand how visitors use our Websites, and how we can better meet your needs.
- Cookies that are necessary for the Websites to work and enable you to navigate through and take advantage of our Websites and their features.
- Cookies that determine your browser’s ability to receive HTML email messages to determine the appropriate format for you to receive and read email.
- Advertising cookies that allow us and other advertisers to serve you advertisements. Some advertising cookies help us to provide you with content on the Websites that is tailored to your interests and needs. Advertising cookies also enable our service providers and other advertisers serve ads to you when you browse other websites and mobile applications that are based on your apparent interests, including those that are inferred based on your activities across websites and mobile applications and over time. Other advertising cookies may help prevent you from seeing the same ad twice.
- Analytics cookies collect information about your use of the Websites and your interaction with our content and advertisements to help us better understand and improve the way that the Websites work and to track and improve our advertising campaigns. These cookies provide us with aggregated information on metrics such as the most frequently visited pages on our Websites, help us understand how our visitors reach the Websites, show us how frequently various pages of our Websites are visited, help us understand whether our advertising is effective, and allows us to see overall patterns of the usage of our Website.
- Social Media cookies that show social media platforms whether users are logged in to those platforms. These cookies are set by social media platforms.
View the Analytics and Online Tracking sections below to learn more about how to opt-out of other advertising cookies and analytics cookies. Please keep in mind that although you may disable cookies in your browser and still access and use the Websites, disabling cookies may prevent you from taking advantage of certain features on the Websites. Please also note that disabling or clearing cookies may affect cookie-based opt-outs by either preventing you from using such opt-outs or clearing cookie-based opt-outs that you previously set, in which case you would have to revisit the applicable pages and renew your opt-out after clearing cookies. Managing cookies also will not disable non-cookie technologies present on the Websites and Apps. Other Technologies also may be used on the Websites, allowing us and our third-party service providers to: track customer response to our advertisements, Website content and emails; determine our users’ ability to receive HTML-based emails and to know how many users open an email; allow our service providers to compile aggregated statistics about our email and advertising campaigns; enable us to better target advertising and provide offers and promotions that we believe may be of interest to you; and enhance customer support and the usability of our Website.
“DO NOT TRACK” SIGNALS
We may engage in interest-based advertising provided by vendors (such as advertising networks and ad servers) in order to deliver advertisements and personalized content that we believe will be of interest to you. These vendors typically use a cookie alone or with Other Technologies to track and collect anonymous information about your interests during your visits to our Websites and other websites and mobile applications or when you view or interact with one of the advertisements they place on various websites or on mobile platforms. These vendors use this information to make predictions about your characteristics, interests or preferences and to display advertisements across the Internet and on mobile platforms that are tailored to your apparent interests. Advertisements may be provided to you based on your online behavior (on our Websites and on third-party websites and mobile applications), or based on your search activity, your geographic location or other information. This is called retargeting. You also may see the advertisements for third parties on the Websites, on third-party websites or mobile platforms based on your visits to, and activities on, the Websites, third-party websites, and mobile platforms. To the extent that third-parties are using cookies or Other Technologies for interest-based advertising, HealthPass does not control the use of the technologies or the resulting information.
Our Websites are not intended for minors under the age of 13. If you are under 13 years old, do not use our Websites. We do not knowingly gather personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at dataprivacy@HealthPass.com. We will remove the data to the extent required by applicable laws.
We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.
If you are a California resident under 18 years old, you can ask us to remove any content or information you have posted on the Website. To make a request, email us at the email address set out in “Contact Us” section with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- HOW DO WE USE PERSONAL INFORMATION?
HealthPass uses personally identifiable information for the following purposes:
- To present the Websites and their contents to you;
- To process and respond to your inquiries, comments, complaints, and requests for information;
- To improve the content and navigability of the Websites, or to administer or troubleshoot the Websites;
- For the purposes for which you provided the information;
- To improve our services and properties and to develop new services, properties and offerings;
- To alert you to new Website features, special events, products and services;
- To send you important notices and communications, including but not limited to, changes to our terms, conditions and policies;
- To conduct auditing, analytics, data analysis, monitor and analyze Website traffic and usage, and research to evaluate user needs;
- To contact you about our own and third parties’ products, services, opportunities, and events that may be of interest to you;
- To conduct customer satisfaction, market research and quality assurance surveys;
- To validate your identity or verify communications from you;
- To send you confirmations, notices, updates, security alerts, support, and administrative messages and to otherwise facilitate your use of, and our administration and operation of, the Websites;
- To protect our rights and the security or integrity of our Websites, properties and business;
- To prevent fraud and other prohibited or illegal activities, to investigate and resolve disputes, claims and problems, and to otherwise comply with applicable laws and regulations;
- To enforce our Terms of Service and our other agreements and contractual obligations;
- In any other way we may describe when you provide the information; and
- For any other purpose with your consent. You may withdraw your consent at any time by contacting us at dataprivacy@HealthPass.com
IP Addresses are automatically reported by your browser each time you view a page on the Websites. We may use your IP address for various purposes, including to: determine your general (but not precise) geographic location and to tailor advertising based on general geographic area or other information derived from your IP address; provide aggregated data to advertisers about the volume of use on the Websites; diagnose or service technology problems; estimate the total number of users visiting the Websites from specific geographical regions; and to track advertising and conversions on the Websites. We reserve the right to combine personally identifiable information we collect on the Websites with publicly available information or information otherwise obtained from third parties or affiliates. We may aggregate or anonymize information that we have collected for use in connection with interest-based advertising.
The legal basis for processing your personal information is made up of one or more of the following reasons: (i) your consent, and/or (ii) providing the services you have requested, and/or (iii) compliance with applicable laws, regulations, court orders or other legal process.
- DOES HEALTHPASS SHARE THE INFORMATION IT RECEIVES?
- To our vendors, service providers, contractors and agents that we use to support our business and services, including those performing core services such as data processing and storage, marketing, promotion and advertising services (including email marketing, direct mail, and online and mobile advertising), hardware and website support, website hosting, email management, surveys, payment processing, fraud prevention, debt collection, customer service, public relations, and security related to the operation of the Websites and the development and operation of our business and our services.
- To our affiliated companies and partners.
- To our strategic partners offering or providing products or services jointly with or on behalf of HealthPass.
- To other third parties to fulfill the purpose for which you provide it, for example, to provide services you have requested.
- To other third parties disclosed to you when you provide the information or with your consent.
- Comply with legal, regulatory or administrative requirements of any governmental or law enforcement authorities or to otherwise fulfill a government or law enforcement request for information;
- Comply with a court order, search warrant, subpoena, or other legal process;
- Respond to claims that any content on the Websites violates the rights of third parties, including without limitation providing information necessary to satisfy the notice and counter-notice procedures pursuant to the Digital Millennium Copyright Act;
- Establish or exercise our legal rights and to protect and defend the Websites, Website users, HealthPass, its affiliates, and all of their respective officers, directors, members, partners, employees, attorneys, agents, contractors, licensors, and partners, in connection with any threatened or actual legal action, claim or dispute;
- In an emergency, to protect the health and safety of our Websites’ users or the general public; or
- To enforce, apply or comply with our Terms of Service.
WE HAVE SHARED THE FOLLOWING CATEGORIES OF INFORMATION IN THE PREVIOUS 12 MONTHS:
- Commercial Information
- Personal Information
- Internet Activity Information
- Geolocation Data
VII. DOES HEALTHPASS TRANSFER INFORMATION OVERSEAS?
VIII. THIRD-PARTY WEBSITES AND THIRD-PARTY ADVERTISING
- WIDGETS AND PLUG-INS
The Websites may use widgets and plug-ins (such as the Facebook “like” button, the Twitter “Follow Us” feature, or similar mechanisms from Instagram, Google+, Pinterest, or other social media platforms), which are interactive mini-programs that run on our Websites to provide specific services from another company. Such third-party features may collect information about you, like your IP address and the page(s) you visit on the Websites, as well as personal information, such as your email address. They also may place cookies or other tracking mechanisms on your browser or device to enable the widget to function properly. Your interactions with these features are governed by the privacy policies of the third parties that created them. We encourage you to review the privacy policies of the applicable third party before using them.
- HOW SECURE IS YOUR INFORMATION?
HealthPass implements reasonable administrative, organizational and technical safeguards and security measures to protect personal information within our control from unauthorized access, acquisition, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures.
- HOW LONG WILL HEALTHPASS KEEP YOUR INFORMATION?
To the extent permissible by applicable law, we will retain your personal information for such period as necessary to satisfy or to fulfill the following:
- the purposes for which that personal information was provided,
- an identifiable and ongoing business need, including record keeping,
- a specific legal or regulatory requirement, and/or
- a requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings.
Where there is no sufficient justification to retain such personal information, such personal information will be safely and securely deleted, disposed of, anonymized and/or blocked.
XII. WHAT CAN YOU DO IF YOU HAVE ANY QUESTIONS OR CONCERNS OR WANT TO ACCESS YOUR PERSONAL DATA?
XIV. CALIFORNIA PRIVACY RIGHTS
Effective Date: January 1st, 2020
Last Reviewed: July 12, 2020
Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication (“B2B personal information”) from some of its requirements.
Information We Collect
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“Personal Information”). Personal Information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like:
o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.
In particular, our Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
- Identifiers, such as name and government-issued identifier (e.g., Social Security number);
- Personal information, as defined in the California safeguards law, such as contact information;
- Characteristics of protected classifications under California or federal law, such as sex and marital status;
- Commercial information;
- Internet or network activity information, such as browsing history and interactions with our Websites;
- Geolocation data, such as device location and Internet Protocol (IP) location;
- Professional or employment-related information;
- Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics.
Our Website is intended to provide information to our business clients and their employees, among end users. If you are an employee of a business client, you understand and agree that information collected about you is solely within the context of (i) your role as an employee; and, (ii) HealthPass conducting due diligence regarding, or providing or receiving a service to or from your employer.
If you are a California resident and we, as a service provider, have processed Personal Information about you on behalf of your employer and you wish to exercise your CCPA rights, please inquire with your employer directly. If you wish to make your request directly to us, please provide the name of the employer on whose behalf you believe we processed your Personal Information. We will refer your request to the employer if that employer is a business client of HealthPass and will support them to the extent required by California privacy law in responding to your request.
The categories of sources from whom we collected Personal Information are:
- Directly from a California resident or the individual’s representatives
- Public Record Sources (Federal, State or Local Government Sources)
- Information from our Affiliates
- Website/Mobile App Activity/Social Media
- Information from Client Directed Third Parties or Institutions representing a Client
- Information from business clients about individuals associated with the
business clients (e.g., an employee or board member)
The categories of third parties to whom we disclose Personal Information for our business purposes described in this Notice are:
- Affiliates and Subsidiaries of HealthPass
- Vendors and Service Providers who provide services such as website hosting, data analysis, payment processing, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities
- Partners and Third Parties who provide services such as communication infrastructure, storage, legal expertise, tax expertise, notaries and auditors
- Business Clients and their employees, contractors, vendors, and visitors
- Government Agencies as required by laws and regulations
Use of Personal Information
In the past 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our Websites, to provide our products and services, and to accomplish our business purposes and objectives, including one or more of the following:
- To fulfill or meet the reason you provided the information.
- To provide, support, personalize, and develop our Websites, content, and services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, transactions, and payments and to prevent fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your Website experience.
- To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
- To help prevent and address fraud, breach of policies or terms, and threats or harm.
- Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- For testing, research, analysis, and product development, including to develop and improve our Websites, products, and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To send you advertising.
- To fulfil any other business or commercial purposes at your direction or with your notice and/or consent.
Sale of Personal Information
In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.
Rights Under the CCPA
Beginning January 1, 2020, pursuant to California Civil Code Sections 1798.100-1798.199, individuals who reside in California who have provided their personal information to HealthPass may have the right to:
- Request we disclose to you free of charge the following information covering the 12 months preceding your request:
o the categories of Personal Information about you that we collected;
o the categories of sources from which the Personal Information was collected;
o the purpose for collecting Personal Information about you;
o the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
o the specific pieces of Personal Information we collected about you;
- Request we delete Personal Information we collected from you; and
- Be free from unlawful discrimination for exercising your rights under the CCPA.
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request. If we cannot verify your identity or if we cannot verify that a third party has the authority to make a request on behalf of a California resident, we may not be able to honor such requests. Additionally, we will not honor a request where the Personal Information is not subject to the CCPA’s access or deletion rights.
We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
How to Exercise Your Rights
If you are a California resident, you may submit a request by:
- send an email to dataprivacy@HealthPass.com
Changes to This California Consumer Privacy Act Disclosure
We may change or update this Disclosure from time to time. When we do, we will post the revised Disclosure on this page with a new “Last Updated” date.
Right to Opt-Out and Opt-In
To the extent HealthPass sells your Personal Information as the term “sell” is defined under the CCPA, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). Consumers who opt-in to Personal Information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to opt-out by emailing us at dataprivacy@HealthPass.com.
Once you make an opt-out request, you may change your mind and opt back into personal information sales at any time by emailing us at 312 Maxwell Rd, Suite 200 Alpharetta, GA 30009.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Other California Privacy Rights- Direct Marketing
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents and who have provided their personal information to request information about our disclosure of certain categories of personally identifiable information to third parties for the third parties’ direct marketing purposes. Such requests must be submitted to us at one of the following addresses: 312 Maxwell Rd, Suite 200 Alpharetta, GA 30009 or Covid 19 Screen LLC, Attention: Privacy Department, 312 Maxwell Rd, Suite 200 Alpharetta, GA 30009. Please include the subject heading “California Privacy Rights.” Within thirty (30) days after receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year (if any), along with the names and addresses of these third parties. This request may be made no more than once per calendar year. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.