1.Introduction.
This Privacy Policy (“Privacy Policy”) describes how KBS, Inc. (“Company”) collectively referred to as “we,” “our,” and “us” in this Privacy Policy, collect and use personal information from and about you when you use the Company website [https://www.helloinnerwell.com] and mobile application(s) (collectively, the “Website”), and/or when you communicate with Company by e-mail, text message, telephone conversation, chat, or other means of communicating electronically or by voice or video. Though the Website, we make certain information available to you regarding mental health therapy and ketamine treatment, and we facilitate your access to telemedicine and expert medical services (the “Services”) provided by one or more professional corporations incorporated, formed or authorized in one or more states and for which Company provides administrative services (collectively, the “Professional Entities”). Company understands that privacy of information is of great importance to our Visitors.
2.This Privacy Policy Applies to the Following Types of Information:
The Information we may collect, includes without limitation:
- Information that identifies you or can be used to identify you, such as your name; home or work address; personal or work e-mail address; home, work, and mobile telephone numbers; date of birth; credit or debit card numbers (which we collect for payment purposes only); images and videos; age, sex, and gender; Social Security Number; physical or mental health condition or history; health plan or insurance information; and other personal information;
- Information that you provide to be published or displayed (“posted”) on certain public areas of the Website or that you transmit through the Website to other users of the Website;
- Information about your Internet use or connection; the equipment you use to visit our Website; usage details, such as traffic data, logs, referring/exit pages, the date and time of your visit to our Website; error information; clickstream data; and other communication data and the resources that you access and use on our Website, including without limitation usage details, IP addresses, and information collected through the use of cookies or other tracking technologies; and
- Information provided to us by others, such as our business partners.
Personal Information
We collect information that personally identifies you, such as your name, telephone number, email address, date of birth, data generated by sensors in the devices you use to access the Services and other data which can be reasonably linked to such information (“Personal Information”) only if you choose to share such information with us. For example, you will be required to provide us with certain Personal Information to register for the Services, sign up for certain features available through the Services (such as push notifications, text messages and other communications services which may offer you the ability to share information with third parties, such as health care professionals), and at other times. The decision to provide this information is optional; however, if you decide not to register or provide such information, you may not be able to use some or all of the features of the Services. Further, Company may offer location-enabled services, for example to locate a nearby doctor or pharmacy. If you use those services, Company may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID). You will have the option to disable collection and use of location information. However, doing so may prevent you from using some features of the Services, or limit the function of some features.
Health Information
Company offers you the ability to share your Health Information with the Professional Entities in connection with the Services. “Health Information” includes both Protected Health Information and Additional Health Information. “Protected Health Information” or “PHI” is personally identifiable information which relates to your health or payment for your healthcare services that is created or received by an entity covered under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”), such as Company as a business associate of the Professional Entities, and the Professional Entities, as a covered entity under HIPAA. Protected Health Information includes the combination of your Personal Information and personal health information, such as medical records, medical history and/or information regarding a condition or treatment (e.g. information about symptoms, prescriptions, allergies, diagnoses and outcomes or side effects of treatment). “Additional Health Information” is any and all other personal health information that is not Protected Health Information, generally because such information was not created or received by a HIPAA-covered entity.
When you use the Services, you expressly authorize the sharing of your Health Information with anyone whom is part of your Services team and is also a user of the Services, which may include your healthcare professional(s).
If you allow someone to access your account, you do so at your sole risk and may risk exposing your Health Information. Company does not know and cannot control how anyone else to whom you give access to your account and/or with whom you share your Health Information may use your Health Information or account. Health Information you provide to others may not be protected, kept private, or be secure. You are solely responsible for all use of your account, by yourself or anyone whom you permit to use it. Company will not be liable for any disclosure or use of Health Information or other information by you or anyone using your account with your permission.
You should not upload any Health Information regarding any person other than yourself without that person’s prior express consent. You must obtain the consent of your family member or any other person before you submit or share Health Information about that person. By submitting or sharing Health Information about a family member or anyone else, you represent and warrant that you have obtained that person’s express consent to do so or that you otherwise have the legal authority to do so (e.g., because that person is a minor and you are the parent or legal guardian).
This Privacy Policy also applies to information collected from Visitors after they register and log-in ("Members") to the password protected and secure portions of our website and mobile application ("Secure Platforms"). These Secure Platforms allow Members to utilize the Services provided by the Professional Entities.
This Privacy Policy details how we may use, share and maintain any information that you provide to us or to the Professional Entities. Company's role is limited to making such information available to you and/or facilitating your access to the Services, on behalf of the Professional Entities as its “business associate” as that term is defined under HIPAA. Company is independent from the Professional Entities and the healthcare providers that may provide you with Services through the Professional Entities. Company is not responsible for the Professional Entities’s acts, omissions or for any content of the communications made by them to you. Company does not engage in the practice of medicine or provide any health services to you. Company provides certain business associate services to the Professional Entities.
Any Health Information stored and collected by Company or added by Members into such Secure Platforms is identifiable, PHI and therefore governed by HIPAA. How the Professional Entities uses and discloses such PHI shall be in accordance with the Professional Entities’s Notice of Privacy Practices. For example, if you have consented to importing data from your healthcare
provider into the Secure Platform, you should review the Professional Entities’s Notice of Privacy Practices to understand how the Professional Entities will use and disclose such PHI.
3.Agreement to this Privacy Policy
Your access and use of the Website and Secure Platforms are subject to your agreement with this Privacy Policy and the Website Terms of Use. By using the Website, you expressly agree to the terms of this Privacy Policy and consent to the collection and use of information as discussed in this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use or access the Website for any purpose. Please print a copy of this Privacy Policy for your records.
4.Modifications to this Privacy Policy
The Company may revise this Privacy Policy regarding the collection of information at any time. Should this Privacy Policy change materially, Company will give notice to you by posting a notice regarding the new policy on the Website. The revised Privacy Policy will be effective as of its posting unless otherwise stated.
By accessing or using the Website after such changes are posted you agree to all such changes.
5.Collection, Use and Disclosure of Your Information
The Company may disclose your personal information, including, without limitation, your email address, to third parties that operate social media platforms (e.g., Facebook, Instagram, YouTube, Snapchat and Twitter) for the purpose of assisting us with our advertising efforts, including, without limitation, in connection with serving you (and people who are similar to you) with targeted advertising regarding our products and services. These third party social media platforms, in turn, will analyze your information to determine how users use the Site.
Either Company or a third-party vendor on behalf of Company may automatically collect information while Visitors browse the Website. We may collect such information by tracking, or asking a third party vendor to track, your click-stream activity when such information is not tied to a user ID through the use of "cookie" technology or by tracking internet protocol (IP) addresses, as explained below.
Because we want our Website to better serve Visitors' needs, we collect some basic information about Visitors and their devices, including, but not limited to:
- IP address (the computer's address on the Internet)
- Operating system (e.g. Windows, macOS, Linux, iOS, Android OS\)
- Browser software (e.g. Microsoft Edge, Chrome, Firefox)
- Internet Service Provider (e.g. AT&T, Verizon, Comcast, etc.)
- Geographic location (e.g. Boston, Mass.)
- Type of device (e.g. iPad, desktop)
- Mobile device crash information
- Locale and language of device and whether it has fingerprint/face sensors and other activity sensors
- Data generated by activity sensors
- Dates and times you accessed and used the Website, features you used in the Website, and how long you use the Website overall
- Links you click and pages you view within the Website
- Pages you view before and after you leave the Website
We use this Information to provide you with the Services, to enhance and improve our Website and to better serve our Visitors' needs. For example, we use this Information to know what browsers people most commonly use, what pages are most often visited, and what functionality is most used. Some of the Information we collect from Visitors, such as IP Address, may be considered identifiable Personal Information. Additionally, there are times on our Website that Visitors are able to voluntarily submit Personal Information, such as their name, phone number, and/or email address in order to obtain more information from Company. We may remove personal identifiers from your Personal Information and maintain and use it in a de-identified form ("De-Identifiable Information"). De-Identifiable Information and Personal Information are collectively referred to throughout this Privacy Policy as "Information".
The Information collected from Visitors on our Website may be shared with our suppliers and vendors and used in the aggregate to create summary statistics that help us analyze the Websites' usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Website in the most user-friendly way, and identify system performance or problem areas.
By continuing to use the Website, you hereby consent to the use and disclosure of your Information as set forth below:
- within Company or with our service providers such as a cloud service provider in the United States and Canada for data storage
- with our financial, insurance, legal, accounting or other advisors that provide professional services to us
- to respond to a subpoena, order, legal process, or government request to protect, establish or exercise our legal rights or defend against legal claims
- to investigate, detect, suppress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or physical safety of any person
- if we are to be sold, merged, or amalgamated or substantially all of our assets are to be sold or disposed of, your Personal Information may be transferred to a potential purchaser if, and to the extent necessary, it is required for the purposes of deciding whether to proceed with the proposed transaction and completing it. If such a sale, merger, acquisition, or disposal is completed, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information; or
- as otherwise required by law.
Communicating with You
By becoming a user of the Services and providing your mobile number and/or email address, certain features of the Services will be provided to you via your mobile phone or other mobile device which may include: the ability to upload content to the Website, download applications, and receive email, short message service (SMS), text message communications and mobile push notifications, each of which are not encrypted (“Mobile Features”). Standard messaging, data and/or other fees may be charged by your carrier. You can opt out of receiving email, SMS/text messages, and mobile push notifications. Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Company from any liability arising from or related to any such interception or unauthorized access. You can opt out by changing your profile settings within the Services or by notifying your healthcare provider. You agree to notify Company of any changes to your mobile number and email by updating your Company Services account to reflect any changes.
Communicating with Your Healthcare Professionals
Services concerning you may be accessed by the Professional Entities and its healthcare professionals who are linked to your account, and by Company service providers, affiliates, representatives and assigns, all of whom may: send and receive reminders, alerts or other service-related information via email and/or push notifications or the like, i.e., utilize Mobile Features to notify and be notified of information about you. The use of Mobile Features may include the sharing of your Personal Information and Health Information. Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Company from any liability arising from or related to any such interception or unauthorized access.
6.Public Areas
Please be advised that, whenever you voluntarily post information to any public forum such as a bulletin board, blog, community or related interactive area of the Services, collectively “Public Posts”, such information can and may be accessed by the public. This means that any person or entity with access to such information can potentially use it for any purpose, including to send unsolicited communications.
7.Cookies and Web Beacons
Like many companies, we use "cookies" and “web beacons” to help you better navigate the Website. A "cookie" is a small piece of information sent by Company's web-based applications that are stored by your web browser on your computer's hard drive. A “web beacon” is an electronic file placed within a website that monitors usage. Cookies and enhance your online experience by saving your preferences while you are visiting a particular Website. The cookies do not contain any identifiable information and cannot profile your system or collect information from your hard drive. Most Internet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.
For more information about the cookies that are used on the Website and your ability to change your preferences or opt out of use of those cookies, please see Company's Cookie Preferences To adjust your cookie settings, please go to your Company User Setting page and make the necessary selection.
8.Your Rights Regarding Your Personal Information
Amendment. You have a right to request that Company amend or delete the Personal Information it collects from your use of the Website if you believe it is incorrect or incomplete, and you may request an amendment or deletion for as long as the Personal Information is retained by Company. You must submit your request in writing to Company and provide a reason to support the requested amendment. Company may, under certain circumstances, deny your request by sending you a written notice of denial.
Withdrawal of Consent. Subject to applicable law, you may withdraw your consent to uses and disclosures of Personal Information as outlined in this Privacy Policy. You must submit your request in writing to Company. Withdrawing consent does not invalidate consent to any collection, use or disclosure of Personal Information to which you consented before consent was withdrawn. If you withdraw consent, or refuse further consent, Company’s ability to offer services to you may be limited.
9. Notice to California Residents/Your California Privacy Rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by Company to third parties for the third parties' direct marketing purposes. These requests only cover information for the immediately prior calendar year (e.g. requests made in 2022 will receive information about 2021 sharing activities) and information about our sharing in general, not specific to you. To make such a request, please send an email to care@helloinnerwell.com. If you are a California resident, the California Consumer Privacy Act (the "CCPA") gives you additional rights about the collection, processing and storage of your personal data, which we will explain below. Information Collected We will not collect additional categories of personal information or use Personal Information collected for additional purposes without providing you with notice.
Information Disclosed for Business Purposes
We may disclose your contact information and financial information with our Service Providers to help us provide the Services. Please note that we do not sell any of your Personal Information to third parties.
Your Rights under CCPA
Additionally, you have the following rights under the CCPA and you may exercise these rights no more than twice in any twelve (12) month period by following the instructions below. To exercise more than one right at a time, please submit each request individually. If you submit multiple requests, we cannot guarantee the order in which your requests will be processed:
∙ Right to Know:
You have the right to know what categories of Personal Information we collected in the preceding twelve (12) months, including the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business or commercial purposes for which such Personal Information was collected and shared. You also have the right to know the categories of Personal Information which were disclosed for business purposes, and the categories of third parties with whom we shared your Personal Information in the preceding twelve (12) months.
a. To exercise your right to know, please email us at care@helloinnerwell.com and follow these instructions:
i. Write to us from the email address or mailing address that is affiliated with your account and include "Right to Know Under CCPA" in the subject of the email or written request;
ii. Please include sufficient Personal Information for us to verify the identity affiliated with your account. For example, provide your full name, phone number, address, email and account number if applicable. At a minimum. We may request additional information to complete the verification process if we are unable to verify your identity initially;
iii. If you would like to know the categories of sources from which we collected your Personal Information, write "I am writing to request the categories of sources from which my personal information was collected" in your request;
iv. If you would like to know the specific Personal Information that we have collected about you, write "I am writing to request the specific personal information we have collected about you" in your request;
v. If you would like to know the business or commercial purposes for which we collected or shared your Personal Information, write "I am writing to request the business or commercial purposes for which my personal information was collected" in your request;
vi. If you would like to know the categories of Personal Information collected about you, write "I am writing to request the categories of personal information that was collected" in your request; and
vii. If you would like to know the categories of third parties with whom we shared your Personal Information in the preceding 12 months, write "I am writing to request the categories of third parties with whom you shared my personal information" in your request.
∙ Right to Access:
You have the right to receive the Personal Information that you gave us. The information that we will provide to you will be masked, meaning that portions of it will be omitted so that it can't be used fraudulently. For example, your telephone number may display as (123) - XXXXXX67. In order to exercise your right to access, email us at care@helloinnerwell.com and follow these instructions:
a. Write to us from the email address or mailing address that is affiliated with your account and include "Right to Access Personal Information Under CCPA" in the subject of the email or written request;
b. Please include sufficient Personal Information in your request for us to verify the identity affiliated with your account. For example, provide your full name, address, Email, Phone Number and account number if applicable. We may request additional information to complete the verification process if we are unable to verify your identity initially; and
c. In the body of your request, please write "I would like access to all of the information that I have given to you over the past 12 months."
∙ Deletion:
You can request to have your Personal Information deleted and we will ask our Service Providers to do the same. Please note that if we delete your Personal Information, many of our Services will not work the same. For example, you will not have an account (since any prior saved data will be deleted). If you make multiple requests under this section, we recommend sending your deletion request last, as we will not be able to fulfill your other requests once we have deleted your information.
● Exceptions: We may not be able to fulfill your request if we (or our Service Providers) are required to retain your Personal Information for one or more of the following reasons:
i. Transactional: to receive the Services for which the Personal Information was collected, provide a good or service requested by you, or perform a contract we have with you;
ii. Security: to detect data security incidents;
iii. Error Correction: to debug or repair any errors;
iv. Legal: to protect against fraud or illegal activity or to comply with applicable law or a legal obligation, or exercise rights under the law, such as the right to free speech; or
v. Internal Use: to use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information (i.e., to improve our services).
● To exercise your right to deletion, email us at care@helloinnerwell.com and follow these instructions:
i. In the body of your request, please write "I would like my information deleted" and provide the information that you would like deleted;
ii. Please include sufficient Personal Information for us to verify the identity affiliated with your account. For example, provide your full name, address, Email, Phone Number, and account number if applicable. We may request additional information to complete the verification process if we cannot verify your identity initially. Our ability to fulfill your deletion request is limited by the information you provide us, and the information associated with your account. For example, if you have multiple email addresses and you include only one in your request, we will only delete the email address that you included in the request. To delete multiple email addresses, you must verify you own applicable email account by sending the request from the applicable email address.
∙ Non-Discrimination:
We will not discriminate against you for exercising any of your rights, and we will not deny you good or services, charge you a different price, or provide you with a lesser quality of goods or services if you exercise any of your rights, unless by exercising any of your rights we are unable to provide the Services for which the Personal Information was collected, or perform a contract we have with you.
10. Third Party Website and Social Media Platforms
Our Website and Services may contain links to and from other websites or allow you to share certain content on third party websites or social platforms, such as Facebook and Twitter. A link to a third party's website or social platform does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third party websites or social platforms; you access such third-party websites or social platforms at your own risk. You should always read the privacy policy of a third-party website and social platform before sharing any information on or with them.
11.Service Providers
From time to time, we may establish a business relationship with other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours ("Service Providers"). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by us.
12.Other Transfers
We may share Personal Information and usage data with businesses controlling, controlled by, or under common control with Company. If Company is merged, acquired, or sold, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Information and usage data in connection with such transaction. You will have the opportunity to opt-out of any such transfer if, in our discretion, it will result in the handling of your Personal Information in a way that differs materially from this Privacy Policy.
13. Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of Company or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
14. Security
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Website or Services, we cannot and do not guarantee the security of any information you transmit on or through the Website or Services, and you do so at your own risk.
15. Children's Privacy
The Site and Services are intended for users who are 18 years old or older. We do not knowingly collect Personal Information from children under the age of 18.
16. Processing in the United States
Please be aware that your Personal Information and communications may be transferred to and maintained on servers or databases located outside your state, province, or country. If you are located outside of the United States, please be advised that we process and store all information in the United States. The laws in the United States may not be as protective of your privacy as those in your location. By using the Site or Services, you are agreeing to the collection, use, transfer, and disclosure of your Personal Information and communications will be governed by the applicable laws in the United States.
17.Online Tracking
We will respect "do not track" signals from your device. However, certain functionality on the Website will not work unless cookies are enabled.
18.International Users.
We are headquartered in the United States. Your Personal Information may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting the Website from outside the United States, be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated. By using the Website, you consent to any transfer of this information.
We will protect the privacy and security of Personal Information according to this privacy statement, regardless of where it is processed or stored, however you explicitly acknowledge and consent to the fact that Personal Information stored or processed in the United States will be subject to the laws of the United States, including the ability of governments, courts or law enforcement or regulatory agencies of the United States to obtain disclosure of your Personal Information.
19.How to Contact Us
Questions or comments regarding this Policy should be submitted by electronic means at care@helloinnerwell.com.
Effective date: October 13, 2022