INTRODUCTION
This Privacy Statement describes the practices and policies of Even Health LLC, (“Even Health”) regarding the collection, use, storage, and disclosure of personally identifiable information (“Personal Information”) we collect from our websites (www.even.health; www.mycabana.health) (the “Website”) and related services (collectively, the “Services” or “Service”).
You may have been invited to use the Service by your Employer or your health benefits provider (an “Enterprise Customer”), or a third-party healthcare provider, or you may have subscribed or used the Service for your personal use.
BY ACCESSING OR USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND OUR WEBSITE TERMS OF USE AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS SET OUT IN THIS PRIVACY STATEMENT.
WHAT INFORMATION DO WE COLLECT?
We may collect the following types of Personal Information in connection with our delivery of Services to you:
We may also collect Personal Information that you voluntarily provide to us when you contact us with a question or comment about our Services.
HOW DO WE USE INFORMATION WE COLLECT?
PERSONAL INFORMATION
We will use and store Personal Information for the purpose of delivering the Services to you and, where applicable, to Enterprise Customers and healthcare providers, and to analyze and enhance the operation of the Service.
We also use and store Personal Information and, where applicable, information obtained from Enterprise Customers and providers, for proprietary analysis and development of personalized behavioral profiles for you and/or, where applicable, the healthcare provider or Enterprise Customers. Any Care Data, Mobile Data, Usage Data, or Survey Data provided to Enterprise Customers will be anonymized or de-identified.
In particular we use:
To allow for additional research, product development, and insights over time, Even Health may anonymize or de-identify your Personal Information and health information (if any health information is collected) in a manner that meets the Health Insurance Portability and Accountability Act of 1996 (HIPAA) de-identification standard, such that such data is no longer reasonably identifiable.
AGGREGATE INFORMATION
We create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data includes data derived from Personal Information and obtained by Even Health from other sources in aggregated, anonymous form. Aggregate Information cannot reasonably be used to identify any individual. We use Aggregate Information to understand our customer base, market our Services, and improve and enhance our site and services.
EMAIL AND OTHER COMMUNICATIONS
We may use your personal information to contact you regarding an inquiry or to provide you with more information about Even Health or other marketing information that we believe you may be interested in. We will send you email alerts or notification messages unless you unsubscribe. If you wish to opt out of these emails, you may do so by following the “unsubscribe” instructions in the email; provided however, Even Health may maintain the right to send you important emails about your account or the Services.
Email and text messaging allows healthcare providers to exchange information efficiently for the benefit of users. We recognize that email and text messaging may not be a completely secure means of communication. Your use of the Service means that you agree and consent to the use of email and/or text messaging as an acceptable form of communication.
LEGAL EXCEPTIONS
Under certain circumstances, Personal Information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders. As such, notwithstanding the above, we may in any event use Personal Information to the extent required or permitted by applicable law to resolve disputes, to enforce our agreements (including the Terms of Service) with you, or as reasonably necessary to protect our legal rights, to protect you against self-harm, or to protect third parties.
USER TESTIMONIALS
We value your feedback on, and appreciate any testimonials about, our Services. If you send us any such feedback or testimonials, they shall be deemed, and shall remain, the property of Even Health and shall be subject to any obligation of confidence on our part. However, Even Health shall obtain prior written approval of any usage of your identity or contact information, if Even Health wishes to reference you in connection with that feedback or testimonial.
WHAT INFORMATION DO WE DISCLOSE TO THIRD PARTIES?
We will not sell or rent your personal information to any other company or organization. We will not disclose your Personal Information to any third party except as follows:
ACCESSING AND UPDATING YOUR INFORMATION
You have the right to review, amend, or correct your Account Data or other Personal Information held in our database.
Subject to certain exceptions, you have the following rights under our Privacy Statement:
To exercise any of these rights please contact us by sending an email to privacy@even.health or by writing us at our office address below, with a clear description of your request. Once we verify your identity as the person whose Personal Information we have collected, we will respond to try to comply with your request as soon as reasonably practicable and always under the timeframes set forth by applicable laws.
RETENTION OF YOUR DATA
We store your Account Data and Personal Information for as long as we need it to provide you our services, to serve the purpose(s) for which your personal information was processed, or as necessary to comply with our contractual and legal obligations, resolve disputes, or enforce our agreements to the extent permitted by law.
If you would like your Account Data or other Personal Information permanently removed from our database, please contact us at privacy@even.health. We will then terminate your account, you will no longer be able to use our services, and you will no longer receive emails from Even Health. Subject to applicable law and necessary record retention requirements, your identifying Personal Information shall be deleted from our records. Please note that we may need to retain certain information for recordkeeping purposes, to complete any transactions that you began prior to your request, or for other purposes as required or authorized by law.
INFORMATION SECURITY
Our Services are hosted on [Microsoft Azure] and use reasonable security measures, including adhering to the Center for Internet Security’s Critical Security Controls to protect the security and integrity of your Personal Information in accordance with this Privacy Statement and applicable law. Such measures include restricting access to Personal Data on a “need-to-know” basis. We secure information using industry standard administrative, physical, and technical safeguards including encryption of information that is stored and transmitted. While we attempt to always protect our systems, sites, operations and information against unauthorized access, use, modification and disclosure, it is important for you to know that, despite using these current industry-recommended practices, we cannot guarantee against breaches in security.
You have an important role in protecting Personal Information. You are responsible for maintaining the security of your login ID and password. If you believe that your login ID or password may have been compromised, you should immediately change your password and contact our support services. We are not responsible if someone else accesses your account through registration information they have obtained from you or through a violation by you of the Terms of Service.
LINKS
The Even Health Services may contain links to other websites. Even Health is not responsible for the privacy practices or the content of those websites. Users should be aware of this when they leave our Service and are encouraged to review the privacy statements of each third-party website. This Privacy Policy applies solely to information collected by Even Health.
USE OF COOKIES / WEB BEACONS
We may use cookies, both session and persistent cookies, or web beacons on certain webpages and/or html email correspondence to anonymously track visitors, save website preferences or allow us to recognize visits from the same computer and browser. You have the option to disable cookies in your browser and still use our services, although it may limit your access to the services.
CHILDREN
Even Health does not knowingly collect or maintain personally identifiable information from persons under 18 years of age, and no part of the Service is directed at persons under 18.
PROTECTING THE PRIVACY OF FELLOW EVEN HEALTH USERS
In using Even Health’s services, you may communicate with other users, and as such, you are expected to respect other users’ privacy as outlined below and in Even Health’s End User License Agreement that you agree to when you register for the Services. To keep user’s privacy safe, Even Health prohibits the following actions from its users:
Please refer to Even Health’s End User License Agreement for detailed and complete information regarding acceptable use of its Services.
California Consumer Privacy Act (CCPA) Use AND DISCLOSURE OF PERSONAL DATA
California Users should understand that Even Health does not sell User data to third parties. State Law requires Even Health to retain such records for at least seven years. The CCPA does not generally apply to medical information governed by the California Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request, once a year, if Even Health has shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. This is California’s “Shine-the-Light Law.” To request a copy of the information disclosure provided by Even Health, please contact us at privacy@even.health. Please allow reasonable time for a response.
If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted on our site. Even Health does not have User below the age of 18 and does not typically allow Users to publicly post information. However, if you feel you publicly posted information on the Site and you are between the ages of 13 and 17, please contact us at privacy@even.health. Please allow reasonable time for a response. Please be aware that such a request does not ensure complete or comprehensive removal of the data/content you have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested.
California Right to Know: You may request access to the specific pieces of personal data we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal data we have collected about you, the sources of such collection, the categories of personal data we share for a business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us at privacy@even.health.
California Designated Agent. You may designate an agent to make a request on your behalf. That agent must have access to your account in order for us to verify the request.
California Non-Discrimination. Even Health will never discriminate against you, including by denying or providing a different level of service should you choose to exercise your rights under the CCPA.
VISITORS FROM OUTSIDE THE UNITED STATES
Even Health and its servers are located in the United States and are subject to the applicable state and federal laws of the United States. If you choose to access or use the Service, you consent to the use and disclosure of information in accordance with this Privacy Policy and subject to such laws.
CHANGES
We may modify or amend this Privacy Statement from time to time. If we make any material changes in the way in which Personal Information is collected, used or transferred, this Privacy Statement will be revised to reflect such changes. We will post the updated Privacy Statement and ask for your consent if legally required. The effective date appears at the top of this Privacy Statement.
QUESTIONS
To submit a question or concern, please contact us at privacy@even.health or by writing us at:
Privacy Office
Even Health