CCPA Supplemental Policy
Last Revised: 8/2/2018
NeuroFlow (“NeuroFlow,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy applies to information we collect:
- Through our Websites and Apps.
- Through email, text, and other electronic means facilitating communication between you, your provider(s) and us through our Websites and Apps.
- Through mobile and desktop applications you download from our Websites, which provide dedicated non-browser-based interaction between you and our Websites and Apps.
- Through technical properties of compatible hardware and software used in conjunction with our product.
Information We Collect About You, How We Collect It, and How It is Controlled.
We collect several types of information from and about users of our Websites and Apps, including information:
- by which we can process your payments, such as your credit card information, or by which you may be personally identified, such as name, mailing address, e-mail address, telephone number, any other identifier by which you may be contacted online or offline (“Personal Information”);
- that your healthcare provider(s) may relay, such as diagnosis, medication, and date of visit (“Health Diagnostic Information”);
- that may come from compatible biometric activity monitoring hardware devices, such as electroencephalogram activity, heart rate, and other biometric data (“Biometric Information”);
- that is about you but individually does not identify you, such as gender and age (“Non-identifying Information”); and
- about your internet connection, the equipment you use to access our Websites and Apps and usage details (“Technical Information”).
The information you provide to us may include:
- information that you provide by filling in forms on our Websites and Apps. This includes information provided at the time of registering to use our Websites and Apps, including unique identifiers such as user name, account number, and password, or information provided while subscribing to our service, or health-related material you provide to us. We may also ask you for information when you report a problem with our Websites and Apps.
- records and copies of your correspondence including email addresses if you contact us. This can include comments or questions sent to us using email or secure messaging forms to be shared with our staff and your healthcare provider(s) who are most able to address your concerns.
- content you post on message boards, chat rooms, forums or any other interactive features on our Websites.
- details of your use of our Websites and Apps including duration of use, date of use, and result of use. Such details may be transmitted to your healthcare provider(s).
- details of transactions you carry out through our Websites and Apps to fulfill orders. While payments made through or for our services are processed through a third party payment processor, information to administer, manage, and fulfill the purchases you make may be collected by us or on our behalf.
- details you provide to your healthcare provider(s) through our Websites and Apps may be documented in your medical record.
- information that you provide to third-party health monitoring applications, such as Google Fit and Apple HealthKit, only if you authorize such third-party applications to share such information with us.
We collect this information:
- directly from you when you voluntarily provide it to us.
- directly from your healthcare provider(s) when you and your healthcare provider(s) meet and when you give your consent to the healthcare provider(s) to share the information with us.
- automatically as you navigate through the site. Information collected automatically may include usage details and IP addresses.
This information can be controlled in the following way:
- Only you, your healthcare provider(s), and NeuroFlow can have access to edit, modify, or update your Personal Information, Health Diagnostic Information, Biometric Information, and Non-identifying information.
- NeuroFlow, you and your healthcare provider(s) can view your Personal Information, Health Diagnostic Information, Biometric Information, and Non-identifying Information.
Information We Collect Through Automatic Data Collection Technologies.
As you navigate through and interact with our Websites and Apps, we may use automatic data collection technologies to collect Technical Information that may include information about your equipment, browsing action, and patterns, including:
- Details of your visits to our Websites and Apps, including the resources that you access and use on the Websites and Apps.
- Information about your internet connection, including your IP address.
- Information about and from third party websites that you visit either directly before or directly after visiting our Websites and Apps.
The technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Websites may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. Pages of our the Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
The Technical Information we collect automatically does not include individually identifiable information, but we may associate the Technical Information with individually identifiable information we collect in other ways to improve our Websites and Apps and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Monitor access to our services and safeguard certain information by limiting access only to authorized users, for example healthcare provider(s).
How We Use Your Information
We use information that we collect about you or that you provide to us including any personal information:
- To understand and meet your needs and preferences to provide you with our products and services. For example, to:
- carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- present our Websites and Apps and their content to you.
- provide you with information, products, or services that you request from us.
- send you newsletters, text messages or email communications.
- manage or respond to your inquiries and concerns.
- administer your account.
- communicate your health information, or the health information of someone under your authorized care, to healthcare provider(s) treating you or the person under your care.
- communicate to you the health information of others under your authorized care.
- To communicate with you about new and enhance existing products. For example, to:
- make available or send to you upgrades or updates or notices of upgrades or updates of products.
- improve our Websites, Apps, and marketing efforts.
- conduct internal quality improvement or business analysis.
- To manage and develop our business operations and comply with our legal requirements. For example, to:
- detect, monitor, investigate, mitigate, or attempt to prevent fraud and technical or security issues or to protect our property.
- conduct internal testing and data analytics.
- internally improve our algorithms.
- allow for business continuity and disaster recovery operations.
- provide emergency assistance in situations that may threaten the life or physical safety of you or others.
- respond to court orders, warrants or other lawful requests or legal processes.
- enforce and protect our legal rights.
- In any other way we may describe when you provide the information or for any other purpose with your consent.
How We Secure and Store Your Information.
We have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control. These measures include:
- Encryption of data using the Secure Socket Layer (SSL) system.
- Use of a secured messaging service when we send your personal information electronically to the Websites and Apps.
- Use of Amazon Web Services (AWS) located in the U.S. for data storage and security.
- Use of a physical firewall of data in hand and cyber firewall through AWS.
Your information may be collected, used, processed, transferred, and retained in the United States, which may be outside the region in which you are situated and may have different privacy or data protection legislation, and may therefore be subject to the laws of the United States. If you are a resident of the European Economic Area or a country which restricts data transfers outside of that jurisdiction or region without your consent, by using our Websites and Apps, you consent to your information being transferred outside of the European Economic Area or your country for processing or storage by or on behalf of us.
The HIPAA Privacy Rule provides additional guidelines for the use and disclosure of electronic personal health information (“ePHI”). The covered entity in partnership with NeuroFlow is responsible for allowing patients the necessary rights and access to their ePHI. As a possible “business associate” as defined under HIPAA, NeuroFlow strives to comply with the HIPAA Privacy Rule by training employees on the proper handling of secure information, protecting and authenticating ePHI in our encrypted server, and conveying ePHI to users when instructed to do so by providers.
How We Interact with Third Parties.
Some of our services may interact directly with third party service providers. When you use a service with these third party service providers, we will not receive or store any information you provide to them nor will we provide any information to them without your consent. This may include:
- Secure messaging. Third parties may route secure messages from you to NeuroFlow through our Websites or Apps. Your IP address, operating system, and browser type may be collected by the secure messaging from third party software providers, along with the information corresponding to your provider.
- Storing ePHI records. NeuroFlow may transmit these records to a HIPAA-compliant third party server to store and secure your information.
Your interactions with these third party service providers are outside of the purview of NeuroFlow. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Children Under the Age of 13.
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features on the Website, make any purchases through the Website, or provide any information about yourself to us, including your name, address, telephone number, email address. If we learn we have collected or received personal information from a child under 13, we will delete this information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
Requests to Limit Use and Disclosure of Your Personal Information
State and federal laws may allow you to request that we limit our uses and disclosures of your personal information for treatment, payment, and health care operations purposes. You may contact us at the information in the “Questions, Complains, and Contacts” section below. We will consider all requests and, if we deny your request, we will notify you in writing. Federal law requires us to agree to your request to restrict disclosures to a health plan or insurer relating to specific health care services, if you have paid for those services in full.
We will retain your full information for as long as your account is active or as needed to provide you services. Further, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We reserve the right to retain any data that is not personally identifying, despite your account being inactive or closed.
Data Use upon Business Transfers
Accessing and Correcting Your Information
You can review your personal information by logging into our Websites or Apps and visiting your account profile page.
You may also contact us at the information in the “Questions, Complains, and Contacts” section below to request access to or correct any information that you have provided to us. We will respond to all access requests within 30 days. However, we may not accommodate a request to change information if we believe the change could violate any law or legal requirement or cause the information to be incorrect.
California Privacy Rights
California Civil Code Section § 1798.83 permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
Please read this policy carefully to understand our policies and practices regarding how we collect, keep and treat your information:
- If we make material changes to our Privacy Statement, we will post notice of the changes prior to the changes becoming effective. Any revised Privacy Statement will apply both to information we already have about you at the time of the change, and any information created or received after the change takes effect.
Questions, Complaints, and Contacts