Welcome, and thank you for your interest in Virta Health Corp. ("Virta", "we," or "us"), and any related web sites, networks, embeddable widgets, downloadable software, other mobile applications (including tablet applications), and other services provided by us (collectively, together with the Site, our "Service").
Capitalized terms used but not defined in this Policy have the meaning given to them in the Virta Terms of Service (the “Terms of Service”).
The information we collect on the Service:
- User-provided Information.When you use the Service, you may provide and we may collect what is generally called “personally identifiable information,” or “personal information,” which is information that specifically identifies an individual. You may provide us with personal information of various types and in various ways on the Service. For example, you provide us with personal information when you register for an account, use the Service, post User Content, make a purchase on the Service, interact with other users of the Service, the Providers, or your Program Lead (as defined below) through communication or messaging features, or send us customer service-related requests. Examples of personal information include name, email address, mailing address, phone number, username, and password. Personal information also includes other information linked to information that identifies a specific individual, such as date of birth, gender, age, geographic area, preferences, payment information, and insurance information. We may also receive health information from you or on your behalf such as information or records relating to your medical or health history, health status and laboratory testing results, diagnostic images, and other health related information. Where your data cannot feasibly be deleted we will continue to store such data according to all applicable laws and this Policy.
- "Cookies" Information. When you use the Service, we may send one or more cookies – small text files containing a string of alphanumeric characters – to your device. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to the Service. Please review your web browser “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete, or choose not to accept, cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential.
- "Automatically Collected" Information. When you use the Service, we may automatically record certain information from your device by using various types of technology, including “clear gifs" or “web beacons.” This “automatically collected" information may include your IP address or other device address or identifier, web browser and/or device type, the web pages or sites that you visit just before or just after you use the Service, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service, and your language preferences. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users.
- Third Party Web Beacons and Third Party Buttons. We may also implement third-party content or advertising on the Service that may use clear gifs or other forms of web beacons, which allow the third-party content provider to read and write cookies to your browser in connection with your viewing of the third party content on the Service. Additionally, we may implement third party buttons (such as Facebook “like” or “share” buttons) that may allow third parties to collect information about you through such third parties’ browser cookies, even when you do not interact with the button. Information collected through web beacons and buttons is collected directly by these third parties, and Virta does not participate in that data transmission. Information collected by a third party in this manner is subject to that third party’s own data collection, use, and disclosure policies.
- Do Not Track Signals. Your device operating system or browser may include settings, options, or add-on components to control the placement and presence of cookies and access to location information. We do not track our users over time and across third party websites to provide targeted advertising and do not specifically respond to Do Not Track (“DNT”) signals. However, some third party websites do keep track of your browsing activities, including across other websites on the Internet, which enables these websites to tailor what they present to you. If you are visiting such websites, your browser may allow you to set a DNT signal on your browser so that third parties know you do not want to be tracked.
- Claims and Pharmacy Data. Virta seeks to give you better service and care. To help us give you the right care, in the right place and at the right time, your group health plan (“Health Plan”) and, at the direction of your Health Plan, any agent, contractor or vendor of your Health Plan may electronically share information with us about your care. This information will include things like visits to the doctor or hospital, medical conditions, and prescriptions you have had in the past and moving forward. Having this information will help Virta give you the best possible care, because we will have the most up-to-date information about your health. Your privacy is very important to us, and you control the use of your personal information. We put important safeguards in place to make sure all your medical information is safe. By agreeing to this Policy, you agree to allow your Health Plan to share your personal health information with Virta, except for information which the Health Plan cannot share including, but not limited to, certain information relating to alcohol or substance abuse treatment.
How we use the information we collect. We use information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:
- We may use the information that we collect on the Service (i) to operate, maintain, enhance and provide all features of the Service, (ii) to provide services and information that you request, (iii) to process payments for services you receive through the Service, (iv) to respond to comments and questions, communicate with you about the Service, and send you communications on behalf of the Providers, (v) to facilitate the provision of health care services to you by the Providers, (vi) to verify your identity, (vii) to detect, prevent, investigate and respond to fraud, intellectual property infringement, violations of our Terms of Service, or other misuse of our Service or a Provider’s services, (viii) otherwise to provide support to users, and (ix) for any other use permitted by applicable law, including for research purposes.
- We may use the information that we collect on the Service to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, features, and functionality.
- We may use your email address or other information we collect on the Service (i) to contact you for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to your User Content or (ii) to send communications, including updates on promotions and events, relating to products and services offered by us, by the Providers, and by third parties we work with. Generally, you have the ability to opt-out of receiving any promotional communications as described below under “Your Choices.”
- We may use “cookies” information and “automatically collected” information we collect on the Service to: (i) personalize our services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you visit the Service; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of the Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.
- We may access or store your information if it is necessary to detect, prevent or address fraud and other illegal activity or to protect the safety, property or rights of Virta or others.
- We may use information regarding your location or the location of your device through which you access the Service for a number of purposes, including without limitation to confirm you are located in a jurisdiction in which the Service is offered and identifying an appropriate Provider.
- We may collect, analyze, use, publish, and sell de-identified information, of which your protected health information might be a component, for any business or other purpose not prohibited by applicable law, including for research and marketing purposes.
When we disclose information. Except as described in this Policy, we will not disclose your information that we collect on the Service to third parties without your consent. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
- Any information that you voluntarily choose to include in a publicly accessible area of the Service, such as a public profile page, will be available to anyone who has access to that content, including other users.
- We may disclose your information to Providers for treatment, or payment or operational purposes;
- Information on your progress is shared with your support system, including your nutrition coach (“Program Lead”) through the portion of the Service available to Program Leads (“Program Lead Portal”). Your Program Lead will have full access to all program data through the Program Lead Portal to provide personalized coaching services.
- We work with third party service providers to provide website, application development, hosting, maintenance, analytics and other services for us. These third parties may have access to or process your information as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions.
- We may make certain automatically-collected, aggregated, or otherwise non-personally- identifiable information available to third parties or users of the Service for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
- We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
- Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- In the event that a user discloses, or a Program Lead observes, activities that present a concern for the safety or wellbeing of the user, such as hypertension, a sharp increase or decrease in blood glucose levels, rapid weight loss or gain or other unhealthy weight loss practices, mental health issues, or physical or mental abuse, Virta may alert the appropriate health care professional and disclose relevant personal information as Virta, in its sole discretion, deems necessary or otherwise appropriate.
- We may de-identify your information and disclose such de-identified information for any business or other purpose not prohibited by applicable law.
Protected Health Information
You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Service. You may update, correct, or delete your profile information and preferences at any time by accessing your account preferences page on the Service. You may request that we provide to you the information we hold about you, update your information, or request that we delete your information or correct any inaccuracies by emailing us at email@example.com with the subject heading “personal information request”. Please note that while any changes you make will be reflected in active user databases within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. Where your data cannot feasibly be deleted we will continue to store such data according to all applicable laws and this Policy.
You may ask us to contact you at a specific phone number or to send mail or notices to a specific mailing address or email address. If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at firstname.lastname@example.org or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.
Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to email@example.com with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
The Service may contain features or links to Web sites and services provided by third parties, and the Service may allow you to display, use or make available content, data, information, applications or materials from third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under the age of 13 without obtaining parental consent. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner. If we learn that a person under 13 years of age has used or accessed the Service or any personally identifiable information has been collected on the Service from persons under 13 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on or otherwise accessed the Service, then you may alert us at firstname.lastname@example.org and request that we delete that child’s personally identifiable information from our systems.
We use certain physical, technical, and administrative measures in an effort to protect the integrity and security of personal information that we collect and maintain. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative measures.
As part of providing you the Services, we may need to provide you with certain communications (via in app message, text and email), such as appointment reminders, service announcements, encouragement, advice and administrative messages. These communications are considered part of the Service and may occur via emails, text messages or in app messages. You acknowledge that you are aware that email and text messages are not secure methods of communication and that your communication with us is not encrypted, and that you agree to the risks including the risk that the information contained within emails or texts could be read by a third party. If you would prefer not to exchange PHI via email or text message, please notify us at email@example.com.
Although we may allow you to adjust your privacy settings to limit access to certain personal information, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.
Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify this Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of this Policy.
Our Contact Information
Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at firstname.lastname@example.org.
Virta Health Corp.
535 Mission Street 20th Floor
San Francisco, CA 94105