We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your electronically stored "personal data" (as defined in applicable statutes on security breach notification) to your email or in writing in an expedient manner and without unreasonable delay, insofar as these are consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
We collect, receive, generate and store the following types of information:
Company may use the information submitted, collected, received or generated from and/or about you for any of the following purposes:
Company does not rent, sell or publicize your Personal Information/PHI without your prior consent. Use of personally identifiable health information is further subject to the restrictions described in more detail below.
Information provided by our users is an important part of our business. Company will share and disclose information submitted, collected, received or generated from and/or about you only as compatible with the purposes described above (except for certain personal health information which shall be kept confidential as described below), when we have your consent (as may be provided by you from time to time through the Services or otherwise), and as described in this section as follows:
The Services may include or interoperate with applications, services, features or functionalities provided by third parties. In connection with such third party applications, services, features or functionalities, you may send (or such third parties may get access to) certain information about or related to you or your activities therewith. The use, storage and disclosure of such information by these third parties is subject to their own privacy policies and Company has no responsibility or liability for such third parties’ acts or omissions or the information provided to them.
Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit certain individually identifiable health information or “Protected Health Information” (as such term is defined by HIPAA) on behalf of a health care provider, we do so as its “business associate” (as also defined by HIPAA) under a Business Associate Agreement (bagel.md/baa). Under this agreement, we are prohibited from, among other things, using Protected Health Information in a manner that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of Protected Health Information we store and process on behalf of such providers. We are also subject to laws and regulations governing the use and disclosure of certain personal and health information, including HIPAA, when we operate as a business associate of a healthcare provider.
Except as may be inherent in the features and functionality of the Services, Company does not have a mechanism for you to review, edit or delete all of your information on or stored in the Services or otherwise by Company. If in the future, the Company may implement a system to allow for a complete review and deletion of all you information, but Company has no obligation to provide or create such a mechanism.
If you would like us to delete your Personal Information in our system, please contact us at email@example.com and we will accommodate your request (but will not do so if we have any legal obligation to retain the record). In such cases, we ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests. If Company is unable to destroy or delete the information due to legal obligations or because it is not feasible or because it is unduly burdensome or impractical or would jeopardize the privacy of others or the integrity of the Services, Company is not obligated to do so, but Company shall provide a written response stating the reason(s) it cannot fulfill the request. Because of the way we maintain certain Services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. We are not responsible for updating, correcting or removing any of your information disclosed to or held by third parties.
Please be aware the Company is under no obligation to maintain and store any of your information (including any Personal Information or User Content) or otherwise to maintain and operate the Services. The Company reserves the right to cease or modify operation of the Services at any time – in such case, your information (including any Personal Information and User Content) may no longer be available. If you desire to maintain access to any such information, you are encouraged to keep a backup of such information in other locations.
Log file information may be automatically reported by your browser or smartphone application each time you access a web page, app or other electronic location. When you use the Services, our servers may record certain information that your web browser, the Services or other application sends whenever you utilize the Services, visit any website or utilize any other services or applications.
Our Services are hosted in the United States. If you use the Services from the European Union, Asia or any other country outside the United States with laws or regulations governing personal data collection, use and disclosure that differ from the United States laws and regulations, please be advised that through your continued use of the Services, you are transferring your information to the United States and you consent to that transfer. Your information may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us or use the Services, Company transfers personal information to the United States and processes it there, and your submission of such information represents your consent and agreement to that transfer.
In order to use our Services you must represent and warrant that you are over the age of 13 before using, downloading or accessing the Services. Children under the age of 13 are not eligible to use the Services and must not attempt to download the Services, register with the Company and/or submit any personal information to us. We do not knowingly collect personal information from any person who is under the age of 13 or allow them to register. If it comes to our attention that we have collected personal data from a person under the age of 13, we will delete this information as quickly as possible.
Without limiting the generality of the foregoing, our Services do allow users above the age of 18 years old – such as care providers, parents and guardians – to submit personal information about others, including minors. Such users assume full responsibility over their submission, use and transmission of such information.
Our Services may contain links to, interoperate with, and allow you to share content to and from third party services, websites and applications. The fact that we link to a website, service or application or allow you to share content through these third parties is not an endorsement, authorization or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. Other websites, services and applications follow different rules regarding the collection, use, storage or disclosure of the personal and other information. We encourage you to read the privacy policies or statements of the other websites, services and applications you use.
Unless expressly provided otherwise in writing by the Company and the Services are provided “AS IS” without warranty of any kind. The Company makes no, and hereby disclaims any and all, representations and warranties of any kind, express or implied, with respect to the Services, including without limitation, warranties of merchantability, fitness for a particular purpose and non-infringement.
Updated 6 December, 2018
© Bagel Health, Inc. 2021