Privacy Policy

Privacy Statement

Last Modified: March 22, 2020

For more information or if you have any questions about this privacy statement (“Privacy Statement”), please contact us at support@headsuphealth.com.

Summary of Privacy Statement

This is a summary of our Privacy Statement; please read the entire Privacy Statement below.

www.headsuphealth.com (the “Site”) is owned and operated by phase2body, Inc (DBA Heads Up Health) (“we”, “our”, or “us”).  The Site allows you to review and keep track of your health records. As used herein, “Site” includes the website located at URL www.headsuphealth.com, and all services, applications, or portals available through the website. Naturally, because of what we do, your privacy is extremely important to us. This privacy statement describes how we collect, store, and use your personal information. This Privacy Statement may change, so please check here periodically for updates. Using the Site after we make changes to this document means you agree to be bound by the updated Privacy Statement.

Notice Regarding Children

This Site is designed for use by adults over the age of 18. If you’re under age 18, don’t use this Site.

What is Personal Information?

Personal Information – or PI for short – is information about you that identifies you, and includes things like your name and your email address. If you sign up for a paid subscription through our Site, your PI also includes the data you give us for use in processing your subscription payments. Information you share or store on this Site is also your Personal Health Record information, which we call PHR Data for short. PHR Data may include your medical history, conditions, treatments, medications, health care claims, account numbers, bills, insurance information, and demographic information like your age, gender, ethnicity, and occupation. You can browse our Site anonymously. But, if you provide us PI or PHR Data, you are no longer anonymous to us.

What about my doctor or health care provider?

If your health care provider keeps your health records in digital format, the Site also can – with your permission – connect to your digital health records. However, we are not responsible for how your health care provider uses and discloses your PI and PHR Data. Ask your health care provider(s) for his/her/their privacy policy. If your health care provider gave this Site your PI or PHR Data, but it is incorrect, please contact your health care provider to correct it. We can’t change PHR Data provided by your health care provider(s).

How do we collect your Personal Information (PI) or PHR Data?

If you give us PI or PHR Data, we will store it for as long as you maintain a user account with us. If you ask us to, we will delete or change the PI or PHR Data we maintain about you. However, if we delete your PI and PHR Data, you may no longer be able to use our Site. In some cases, you may choose to allow a trusted individual, such as a caretaker, parent, or adult child to access your account. You are still responsible for all use – and for any misuse – of your account.

How do we store and protect your Personal Information (PI) or PHR Data?

The security of your PI and PHR Data is important to us. While no web site can guarantee 100% security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your PI and PHR Data, such as Secure Socket Layers (“SSL”) technology. You are also key to maintaining the security of your data: keep your password confidential and don’t write it down. We also recommend you keep a backup of your PHR Data somewhere besides this website. If our security is breached, we will inform you promptly.

How do we use and share your Personal Information (PI) or PHR Data?

We use your PI to make our Site do what you want it to do at a particular time. For example, we use your username to log you into your account and show you your data. We may email you about promotions, specials, and products or services we think you may be interested in.  We use general information about our users, which is not PI, to analyze how users interact with our Site and to improve how it works. For example, we might analyze when most users are most likely to log in to the Site, and use that information to make sure our servers are at top performance during those times.

We may also analyze de-identified PI or PHR Data from our users as a group. De-identified data is not PI or PHR Data and will not identify you personally. It will be used as statistical information to determine such things as user demographics and usage patterns for our Site. We may share or sell this de-identified data to others. If we do so, we will do so within the limits of then-current privacy and HIPAA laws and regulations.

Residents of California and the European Economic Area have additional privacy rights. Please read the applicable sections below, in the full Privacy Statement, to understand your rights if you reside in either California or the European Economic Area.

Privacy Statement

1. Personal Information

Your privacy is very important to all of us at Heads Up (“Heads Up” or “Company”). We have established this privacy statement (“Privacy Statement”) to explain how we collect, protect, use, and store your personal information. Personal information is information about you that is personally identifiable, such as your name, email address, and other information, that is not otherwise publicly available (“Personal Information”). We may collect Personal Information when you use our website or through emails, text messages, or mobile apps (collectively, the “Site”).

By visiting this Site, you agree to be bound by the terms and conditions of this Privacy Statement. If you do not agree, please do not use or access this Site. Heads Up may modify this Privacy Statement from time to time and post such modifications here on this Site. The date the Privacy Statement was last revised is identified at the top of the page. If we make subsequent material changes to how we treat our users’ information, we will notify you by email to the email address specified in your account and/or through a notice on the Site home page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this Privacy Statement to check for any changes. Your continued use of the Site after any such modification constitutes your acceptance of the modified agreement. By registering or subscribing through this Site, you expressly consent to our use and disclosure of your Personal Information in accordance with this Privacy Statement.

2. Applicability of this Privacy Statement

This Privacy Statement applies solely to the Site and provides you information on the specific information that Heads Up may collect from you via the Site and how Heads Up may use it in connection with the services offered by the Site, whether you are using the Site as a patient, medical provider, or other. We have established this Privacy Statement to explain to you how your personal information is collected, protected, and used. Personal information is information about you that is personally identifiable, such as your name, address, phone number, and email address, that is not otherwise publicly available (“Personal Information”).   Additionally, any information on the Site is considered PHR Data.  PHR Data might include, but is not limited to (i) your name and contact information, such as your address, phone number, or email address; (ii) your medical history, conditions, treatments, and medications; (iii) your healthcare claims, health plan account numbers, bills, and insurance information; (iv) demographic information, such as your age, gender, ethnicity, and occupation; and (v) computer information, such as your IP address and “cookie” preferences.

If you are a patient or legal representative, your medical provider’s use and disclosure of your PHR Data, whether directly or through a third party, is subject to your medical provider’s Notice of Privacy Practices. We cannot control any medical provider’s use of a patient’s PHR Data. If you are a patient or legal representative of a patient, please contact your medical provider for a copy of their Notice of Privacy Practices. Heads Up provides this Site but protects PHR Data as required by the applicable agreement between Heads Up and your medical provider or other third party and in accordance with applicable law. If you have any issues with the PHR Data managed by your medical provider’s practice, please contact them directly, as we have no ability to change the information you have provided them.  Heads Up protects PHR Data disclosed by you, whether through an upload or other mode of input, according to this Privacy Statement and in accordance with applicable law

3. Information Collection

Heads Up collects Personal Information from you through the Site to allow us to provide marketing and promotional services that will most likely meet your needs and preferences.  We only collect Personal Information about you that we consider necessary for achieving this purpose.

In general, you can browse the Site and decide to not provide us any Personal Information.  Of course, you will not be able to view any PHR Data without providing us Personal Information. If you agree to provide us with Personal Information, you are no longer anonymous to us. If you choose to use certain services through this Site, we may require you to provide contact and identity information, and other Personal Information as indicated on the forms throughout the Site. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use a particular service.

We may track certain information based upon your behavior on the Site. We use this information to do internal research on our users’ demographics, interests, and behavior to better understand our customers. This information may include the URL that you just came from, which URL you go to next, your computer browser information, and your IP address.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Site, we may collect and retain such information in a file specific to you.

4. PHR Data

When you register for our services available through the Site, the registration process requires you to create a user profile and choose a user name and password for your account, which you should keep and maintain as confidential. If you choose to share your user name or password or user profile through the Company’s Care Team access feature, you understand that those individuals with whom you share that information will have access to your PHR Data and will be able to add, modify, or delete your PHR Data as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your user name or password. You can disconnect these users from your profile at any time.

If you are a registered user of the Site and you choose to connect your medical provider to our site, your PHR Data (or that of the person for whom you are the legal representative) currently stored electronically in your medical provider records will become accessible to Heads Up in order to provide you access to such information through the Site. Your electronic health records are stored in the Site, and a copy of them is displayed via the Site when you are logged in with your user name and password.

You can review and change your personal information by logging into the Site and visiting your account profile page.

5. Use and Disclosure of Your Personal Information

We use your Personal Information, including your email address, to facilitate our services. You agree that we may use Personal Information, including your email address, to improve our marketing and promotional efforts, to analyze site usage, to improve our content and service offerings, and to customize the Site’s content, layout, and services.

We will not disclose your Personal Information to third parties except to:

  • Service providers who are bound by law or contract to protect the Personal Information and are only allowed to use the Personal Information in accordance with the terms of our service agreements with them.
  • Effect a merger, acquisition, or otherwise; to support the sale or transfer of business assets; to enforce our rights or protect our property; to protect the rights, property, or safety of others; investigate fraud; respond to a government request; or as needed to support auditing, compliance, and corporate governance functions. We may also disclose Personal Information to defend ourselves in litigation or a regulatory action. We may also disclose Personal Information when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate.
  • We encourage business partners to adopt and post privacy policies. However, the use of your Personal Information by such parties is governed by the privacy policies of such parties and is not subject to our control.

 

We may also disclose information about you that is not personally identifiable. For example, we may provide our business partners, or other third parties with reports that contain aggregated and statistical data about our users.

6. Aggregate Data

We may aggregate and de-identify in accordance with HIPAA PHR Data, either alone or with other data to create anonymous, de-identified “aggregate data” regarding the users of our Site. Aggregate and de-identified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you, but will be used as statistical information to determine such things as user demographics and usage patterns of our Site. We may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate data may also be provided or sold to third parties for research purposes.

7. Other Use and Ownership

We also reserve the right to share de-identified aggregate data collected from this Site with third parties for other research purposes, to the extent permitted by applicable law including, but not limited to, the requirements under HIPAA. 

In the case of non-aggregated PHR Data, pursuant to Heads Up’s business associate agreement with the applicable medical provider, your information may be shared with your applicable medical provider.

We maintain full rights to any information collected on this Site, and may freely collect, use and disclose such information unless prohibited by this Privacy Statement or applicable law as stated above.

8. Communications from the Site

We may occasionally send you information on our services offerings.  Out of respect for your privacy, we provide you a way to unsubscribe from each of these communications. If you no longer wish to receive our promotional communications, you may opt-out of receiving them by following the instructions included in each such communication or by contacting us.

9. Security

The security of your Personal Information is important to us. We follow generally accepted industry standards to protect personal information, including your email address, submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.  Accordingly, and while no web site can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the Site as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers (“SSL”) technology, to help safeguard against such occurrences. It is recommended that you personally keep a backup of your PHR Data. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, personally identifiable information, or communications a person directs to Heads Up or the clinician team) to create a protected connection between you and our Site to ensure confidentiality.

Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the Site.

In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.

In order to help maintain security, you should generally not share your user ID or password and should always sign out when you are finished using the Site. If you choose to share your user name or password or user profile through the Company’s Care Team access feature, you understand that those individuals with whom you share that information will have access to your PHR Data and will be able to add, modify, or delete your PHR Data as though they were you.

10. Access

We will maintain your information and allow you to request updates at any time by logging into your Site account to access your information. We will also take steps to make sure that any updates that you provide are processed in a timely and complete manner.

11. Log Files

As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site, and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information. We track trends in users’ usage and volume statistics to create a more efficient and usable site and product offerings, and to determine areas of the site or our services that could be improved to enhance the user and customer experience. Log files are used on the Site, and in any link to the Site from an email.

12. Cookies and Related Technologies

When you use this Site, we collect certain information by automated or electronic means, using technologies such as cookies, browser analysis tools, and web server logs. As you use this Site or our applications, your browser and other electronic devices communicate with servers operated by us and our services providers to coordinate and record the interactivity and fill your requests for services and information.

The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to this Site by your computers or mobile devices. These servers are operated and the cookies managed by us or our service providers.

For example, when you visit this Site, Heads Up and our service providers and business partners may place cookies on your computers or mobile devices. Cookies allow us to recognize you when you return, and track and target your interests in order to provide a customized experience. They also help us provide a customized experience and help us to detect certain kinds of fraud. A “cookie” is a small amount of information that a web server sends to your browser that stores information about your account and preferences.

Some cookies are temporary, whereas others may be configured to last longer.  “Session” cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases session cookies once you exit your browser. “Persistent” cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. We use persistent cookies for a number of purposes, such as retrieving certain information you have previously provided and storing your preferences.

We or certain third parties also may use these technologies to collect information about your activities over time and across third-party websites, apps, or other online services (Online Behavioral Tracking) in accordance with the guidelines set forth by the Digital Advertising Alliance (the “DAA”). We do not control these third parties’ tracking technologies or how they may be used. Certain third-party advertising networks, such as Facebook Ads, Google AdSense, and AdRoll, use the collected information to serve ads to you on our behalf on other sites throughout the Internet. These cookies do not contain personally identifiable information or PHR Data, nor are they linked to any personal information collected by us.

The information practices of these third-party advertising companies are governed by their own privacy policies and are not covered by this Privacy Statement. Some of these advertising companies may be members of the Network Advertising Initiative (“NAI”), a cooperative of online marketing companies that offers a centralized tool for opting out of behavioral advertising delivered by each of its member companies. If you would like to obtain more information about the NAI and make choices about their members’ use of your information, please visit the NAI website at http://www.networkadvertising.org/consumer/opt_out.asp. Also, through the DAA, several media and marketing associations have developed an industry self-regulatory program to give consumers a better understanding of and greater control over ads that are customized based on their online behavior across different websites. To make choices about interest-based ads from third parties participating in the DAA, please visit the DAA consumer opt out page at http://www.aboutads.info/choices/.

You may view Facebook’s Privacy Statement at: https://www.facebook.com/about/privacy/. You may opt-out of the Facebook Ads partner network by logging into your Facebook account by managing your settings at: https://www.facebook.com/ads/settings. You may view Google’s Privacy Statement at: http://www.google.com/privacypolicy.html. You may opt-out of the AdSense partner network cookie at: http://www.google.com/privacy/ads/ or by using the Network Advertising Initiative’s (NAI’s) multi-cookie opt-out mechanism at: http://www.networkadvertising.org/managing/opt_out.asp.  Further, you may view the AdRoll Privacy Statement and opt-out from their network and affiliated networks, at: https://www.adroll.com/account/privacy.  These opt-outs are valid only for the computer and browser combination used to opt-out.  Clearing cookies will remove these opt-outs because they stored in cookies.

If you opt-out of AdRoll or an NAI third-party advertising network, you will no longer receive ads based on your browsing history from that network. You may, however, continue to receive generalized online advertising.

13. Manage Your Security Settings

You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third party advertising companies online at www.networkadvertising.org/consumer/opt_out.asp or http://preferences.truste.com/truste/.

You may manage how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.

14. Links to Other Sites

This Site may contain links to other sites that are not owned or controlled by Heads Up.  Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies only to information collected by this Site.

15. Rights to Access and Control Your Personal Data

Any personal data that we collect is based upon your consent as detailed in Section 2.  You have many choices concerning the collection, use, and sharing of your data, including the ability to:

  • Delete Data: You may request that we delete your personal data. Please note that we cannot delete your personal information except by also deleting your user account.
  • Change or Correct Data: You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
  • Object to, or Limit or Restrict, Use of Data: You may request that we do not use your personal data, but keep in mind that this will terminate our ability to provide any Service(s) to you.
  • Right to Access and/or Take Your Data: You can ask us for a copy of your personal data.

You may send us an email at support@headsuphealth.com to request access to, obtain copies of, correct, or delete any personal information that you have provided to us.

Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.

16. Account Closure and Discontinuation of Services

We will retain your personal information as long as you maintain your use of the Site, or as needed to provide you Site-related services.  Once you request to discontinue use of the Site and deletion of your personal information, we will delete it within 30 days from the date of your request, unless we must retain it to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our terms of use, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after you have discontinued your use of the Site.

17. Notice to California Residents.

California Civil Code Section § 1798.83 permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. To make such a request, please send an email to support@headsuphealth.com.

Please see our CCPA Policy available at https://headsuphealth.com/california-privacy-policy/ for information about how we comply with the California Consumer Privacy Act of 2018.

18. Notice to Residents of Countries outside the United States of America

Heads Up is headquartered in the United States of America. Personal Information may be accessed by us or transferred to us in the United States or to our affiliates, business partners, or service providers elsewhere in the world. By providing us with Personal Information, you consent to this transfer. We will protect the privacy and security of Personal Information according to this Privacy Statement, regardless of where it is processed or stored.

The GDPR took effect on May 25, 2018, and is intended to protect the data of European Union (EU) citizens.

As a company that markets its Site, content, products and/or services online we do not specifically target our marketing to the EU or conduct business in or to the EU in any meaningful way. If the data that you provide to us in the course of your use of our Site, content, products and/or services is governed by GDPR, we will abide by the relevant portions of the Regulation.

If you are a resident of the European Economic Area (EEA), or are accessing this site from within the EEA, you may have the following rights

Rights to Access and Control Your Personal Information for residents of the European Economic Area

Any personal data that we collect is based upon your consent as detailed in this Privacy Statement.  You have many choices concerning the collection, use, and sharing of your data, including the ability to:

  • Delete Data: You may request that we delete your Personal Information. Please note that in some cases we cannot delete your Personal Information except by also deleting your user account.
  • Change or Correct Data: You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate.
  • Object to, or Limit or Restrict, Use of Data: You may request that we do not use your Personal Information, but keep in mind that this will terminate our ability to provide any Service(s) to you.
  • Right to Access and/or Take Your Data: You can ask us for a copy of your Personal Information.

To make any of these requests, please contact our GDPR contact at support@headsuphealth.com. Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement. 

19. Important Note Regarding Children

This Site is not directed toward children under 18 years of age and Heads Up does not knowingly collect or use information from children under 18 through this Site. No one under age 18 may provide any information to the Site.  If you are under 18, do not use or provide any information on this Site or on or through any of its features/register on the Site, make any purchases through the Site, use any of the interactive or public comment features of this Site or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If any information submitted via the Site regarding a minor under the age of 18 must be submitted by the minor’s legal representative. To the extent permitted by applicable state law, minors may access their PHR Data through their medical provider. If we learn we have collected or received personal information from a minor under 18 without verification of consent from the minor’s legal representative, we will delete that information. If you believe we might have any information from or about a minor under 18, please contact us at support@headsuphealth.com.

20. The HIPAA Privacy Rule

The US Department of Health and Human Services provides:  “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.  The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.”

You acknowledge that our operation of the Site does not constitute the practice of medicine, and specifically does not create a doctor-patient relationship between you and any healthcare provider (a “Provider”).  The information provided on the Site is for educational purposes only. 

Notwithstanding the fact that the Site does not create a doctor-patient relationship between you and a Provider, our preservation of your personal health information shall be HIPAA compliant.

For purposes of this Privacy Policy, “patients” are those individuals who have secured the in-person services of a Provider.  If you are a patient of a Provider, you will be provided with a copy of the Provider’s HIPAA Privacy Statement by the Provider, which governs the information collection practices of patients’ personal information by Provider.

© 2020 by Head’s Up Inc.