1 WHAT WE DO
1.1 Social Health Innovations Inc. (“we,” “us,” “our”) is the owner of the Looper apps, widgets, software and the http://www.bealooper.com website (collectively, the Platform). The Platform is a mobile and web application that allows primary users (Loopers) to answer questions about how they are tracking on a scale from 1 to 10, and share their answers with secondary users that the Looper authorises to use the Platform (Followers)..
1.2 In order to achieve the above requires Users to create, store and edit electronic health records on the Personal and Health Information of the Looper (EHR).
2 PRIVACY STATEMENT – OUR COMMITMENT TO YOU
2.1 Keeping customer information private and confidential is the foremost priority for us. To enable us to provide you with our services, we need to collect certain information from you. We provide this privacy notice to inform you of what personal information we collect about you and how we treat that information.
2.4 Our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA“). We will maintain the privacy of your Health Information as required by HIPAA and the regulations promulgated under that Act.
2.5 All individuals with access to personally identifiable information (hereinafter, the Personal Information)—as defined in Title 18 of the United States Code, section 1028, subsection d—about our customers are required to follow this policy effective as of 3/1/2016.
3 PURPOSE OF OUR POLICY
(a) Providing the system and services that we offer; and
(b) The normal day-to-day operations of our business.
4 THE INFORMATION WE COLLECT
4.1 In the course of business it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business, contact the individual in the ordinary course of business and transact with the individual. Specifically, we require this information in order to verify the identity of our users, to protect our customers, and to ensure the integrity of the sales we facilitate.
4.2 Without limitation, the type of information we may collect is:
(a) Health Information. We may collect information for an EHR about the health (including mental health) injuries, disability, health services, medical histories, prescriptions, allergies and other information about an individual defined as electronic “protected health information” in the Health Insurance Portability and Accountability Act of 1996 (HIPAA);
(b) Personal Information. We may collect personal details such as an individual’s name, location, date of birth, and other information, as defined in Title 18 of the United States Code, section 1028, subsection d, that allows us to identify who the individual is;
(c) Contact Information. We may collect information such as an individual’s email address, telephone & fax number, and other information that allows us to contact the individual;
(d) Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
(e) Statistical Information. We may collect information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information;
5 HOW INFORMATION IS COLLECTED BY US AND OTHERS
5.1 Most information will be collected in association with an individual’s use of Looper, making an enquiry about Looper or generally dealing with us. However we may also receive Personal Information from sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
(a) Registrations/Subscriptions. When an individual registers or subscribes for a service, account, membership or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
(b) Payment. When an individual submits their details to open a payment account or make a payment;
(c) Sales and Purchases. When individuals transact sales and purchases using the Service;
(d) Supply. When an individual supplies us with goods or services;
(e) Contact. When an individual contacts us in any way;
(f) Access. When an individual accesses our offices we may require them to provide us with details for us to permit them such access.
(i) Third Party Links. Our Site or Services may contain links to third party websites. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personally identifiable information from you. If you submit personal information to any of those sites, your information is governed by their privacy policies. Other sites follow different rules regarding the use or disclosure of the personally identifiable information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
(j) Phishing. It has become increasingly common for unauthorized individuals to send e-mail messages to consumers, purporting to represent a legitimate company such as a bank or on-line merchant, requesting that the consumer provide personal, often sensitive information. Sometimes, the domain name of the e-mail address from which the e-mail appears to have been sent, and the domain name of the web site requesting such information, appears to be the domain name of a legitimate, trusted company. In reality, such sensitive information is received by an unauthorized individual to be used for purposes of identity theft. This illegal activity is known as “phishing”. If you receive an e-mail or other correspondence requesting that you provide any sensitive information (including your password or credit card information) via e-mail or to a Web site that does not seem to be affiliated with Looper, or that otherwise seems suspicious to you, please do not provide such information, and report such request to us at firstname.lastname@example.org
5.2 As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
5.3 Where we obtain Personal Information without an individual’s knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information.
6 THE SAFETY & SECURITY OF PERSONAL INFORMATION
6.1 Physical Facilities. We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on Looper. This includes appropriately securing our physical facilities and electronic networks.
6.2 Industry Standards. We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other Personal Information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.
6.3 Servers. We may use a variety of cloud services to store our data. Personal Information may be stored, hosted, and accessed from data centers in the United States. Data privacy laws or regulations in your home country may differ from those in United States. By using the Service, you consent to having some of your data hosted in the United States.
6.5 Internet Security. The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We do not accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
7 WHEN PERSONAL INFORMATION IS USED, SHARED & DISCLOSED
7.1 Purpose. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
7.2 Sharing With Authorised Users. The primary reason Personal Information is used or disclosed is to share EHRs with other Users authorised by the Looper to view the EHR (such as Followers). We will never use Personal Information in the Platform for any other purpose than making the individual’s EHR available to Followers or other users authorised by the Looper to receive it. We will never use the information in an EHR for any marketing or commercial purposes, and we maintain all Health Information in the strictest confidence.
7.3 Non-Disclosure. We will not disclose or sell an individual’s Personal Information to unrelated third parties under any circumstances. We do not sell, trade, or rent users personal identification information to others.
7.4 Business Operations. Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
(a) The provision of services between an individual and us;
(b) Verifying an individual’s identity;
(c) Communicating with an individual about:
i Their relationship with us;
ii Our services;
iii Our own marketing and promotions to customers and prospects;
iv Competitions, surveys and questionnaires;
(d) Improve Customer Service. Information you provide helps us respond to your customer service requests and support needs more efficiently.
(e) Personalize Your Experience. We may use information in the aggregate to understand how our users as a group use the services and resources provided on Looper.
(f) Site Improvement. We may use feedback you provide to improve our products and services.
(g) Payments. We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
(h) Emails. We may use the email address to send you information and updates pertaining to their order. It may also be used to respond to inquiries, questions, and/or other requests and will be shared with Partners. If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, related product or service information, etc. If at any time you would like to unsubscribe from receiving future emails, you may do so by contacting us.
7.5 Sharing your information. There are some circumstances in which a third party may have access to your information.
(a) Service Providers. With third parties who help manage our business and deliver services.
7.6 Liability for onward transfer. In the context of an onward transfer, SHI has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. SHI shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
7.7 Disclosure. There are some circumstances in which we must disclose an individual’s information:
(a) Subpoena. Where we are required to disclose by a United States Court of Law under subpoena.
(b) Illegal Activities. Personal information may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.
(c) Change of Ownership. Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our home page.
7.8 International Transfer. Your personal information may be disclosed, transferred to or processed outside of your country of residence. This includes to Australia, and the United States of America, where it will be subject to the laws of the country to which it is transferred. These jurisdictions may not have an equivalent level of data protection laws as those in your country.:
7.9 We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.
7.10 Consent. Except when required by law, we will never disclose your Personal Information without obtaining your consent.
8 HOW TO ACCESS AND/OR UPDATE INFORMATION
8.1 The User can modify their information in the User’s account settings page.
8.2 If for any reason an individual cannot update his or her own information, we will correct any errors in the Personal Information we hold about an individual as soon as feasible after receiving notice from them about those errors.
8.3 It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
9 RIGHTS OF THE INDIVIDUAL
9.1 You have a number of rights in relation to your personal information.
9.2 You may have these rights under applicable laws, including the EU General Data Protection Regulation (GDPR), but we offer them regardless of your location.
9.3 Informed. You have the right to be informed, which is the purpose of this section of the policy.
9.4 Access and Portability. You have the right to request a copy of your data, and for it to be in a portable format.
9.5 Correction and Rectification. Your data may be corrected by mechanism provided within the website or software. You may request correction of the personal information that we hold about you by contacting us.
9.6 Erasure. Except when required by law, we will never disclose your Personal Information without obtaining your consent.
9.7 Object and Restrict Processing. You may opt out of the service should we advise via a change in this policy that your personal information is to be disclosed to a new type of third party, or will be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Opting out of the service will ensure your personal data is not utilised for new types of services or processing.
9.8 Identification. We may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
9.9 Request process.You may exercise your rights via mechanism provided though the software or website, such as updating your details, or closing your account. Alternatively, you may contact us via the detail in the Contact Us section.
7.8 Response to requests.We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up-to-date and complete.
7.8 Cost of requests.There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
7.8 Exemption to a request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
10 TERMINATION OF ACCOUNT
10.1 Even after you close your account, we will continue to store archived copies of your Personal Information for legitimate business purposes and to comply with the law.
10.2 We will continue to store anonymous or anonymized information, in order to improve our Service.
11 COMPLAINTS AND DISPUTES
11.1 If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below.
11.2 If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
11.3 If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
12 CONTACTING INDIVIDUALS
12.1 From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
13 YOUR ACCEPTANCE OF THESE TERMS
13.1 By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use Looper. Your continued use of Looper following the posting of changes to this policy will be deemed your acceptance of those changes.
14 CHANGES TO THIS POLICY
15 EU-U.S. AND SWISS-U.S. PRIVACY SHIELD FRAMEWORK
15.1 SHI has adopted this Privacy Shield Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of Personal Data that SHI obtains from Customers, and Staff located in the European Union and Switzerland.
15.2 In compliance with the Privacy Shield Principles, SHI commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SHI at outlined in the Contact Us section of this policy.
15.3 SHI has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
15.5 SHI employees who handle Personal Data from Europe and Switzerland are required to comply with the Principles stated in this Policy.
15.6 Consumers or Employees may file a complaint concerning SHI processing of their Personal Data. SHI will take steps to remedy issues arising out of its alleged failure to comply with the Privacy Shield Principles. Consumers may contact SHI as specified below about complaints regarding the company’s Consumer Personal Data practices.
15.7 If a Consumer’s complaint cannot be resolved through SHI’s internal processes, SHI will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at www.jamsadr.com/international-mediation-rules. Consumers may launch a Privacy Shield case by visiting https://www.jamsadr.com/eu-us-privacy-shield. JAMS mediation may be commenced as provided for in the relevant JAMS rules. The mediator may propose any appropriate remedy, such as deletion of the relevant Personal Data, publicity for findings of noncompliance, payment of compensation for losses incurred as a result of noncompliance, or cessation of processing of the Personal Data of the Consumer who brought the complaint. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over SHI. Under certain circumstances, Consumers also may be able to invoke binding arbitration to address complaints about SHI’s compliance with the Privacy Shield Principles.
16 CONTACTING US
support @ bealooper.com
This document was last updated on Friday 31stAugust 2018.