Effective Date: 9th of July, 2020
Risalto Healthcare, Inc. (“Risalto Healthcare”, "we" or "us") is committed to protecting your privacy. This Privacy Policy (“Policy”) describes how we collect, use, disclose and protect your Personal Information (defined below). It applies to all Personal Information processed by us on any of our services, as well as written, electronic, and oral communications. However, this Policy does not describe how we collect or use your Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)), which is covered by our Notice of HIPAA Privacy Practices (“HIPAA Notice"). For clarity, the HIPAA Notice, not this Privacy Policy, explains our privacy practices with respect to your Protected Health Information.
Unless we define a term in this Policy, all capitalized terms used in this Policy have the meaning provided in our Membership Terms of Service (“Membership Terms”), which you can view here. Please make sure that you have carefully read and understand the Membership Terms before you use our Services. By using our Services, you accept the Membership Terms and accept our privacy practices described in this Policy. If you do not feel comfortable with any part of this Policy or our Membership Terms, you must not use or access our Services.
We may modify this Policy from time to time. The date of change will be shown next to “Effective Date” at the top of this page. We encourage you to read this Policy periodically to ensure you have up-to-date knowledge of our privacy practices. Whenever material changes to this Policy are made, we will provide you with notice before the modifications are effective by sending a message to the email address associated with your account. By continuing to access or use the Services after changes to this Policy become effective, you agree to be bound by the revised Policy. If any changes are unacceptable to you, you may stop using our Services at any time.
Personal Information We Collect
We collect Personal Information when you use our Services, create an account with us or submit Personal Information to us. “Personal Information” is any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular individual, including, but not limited to, a first and last name, email address, a home, postal or other physical address, and phone number.
The types of Personal Information that we may collect about you are:
a. Information You Provide to Us
We collect information you give us when you register with us for a Risalto account, when you use our Services, when you participate in surveys or promotional activities, or when you otherwise choose to submit your information to us.
When you sign up for a Risalto account we may collect your name, address, phone number, title, birth date, gender, last 4 digits of your social security number, together with other information such as occupation, industry, and personal interests.
When you use our Services, such as logging into your account or speaking with a Risalto care navigator, physician or other Risalto Employee, we may collect your name, address, birth date, social security number, etc., to verify your identity and provide Services to you.
From time-to-time, we invite users to volunteer to participate in surveys or promotional activities. When a user participates, we request certain Personal Information such as name and email address. Depending on the nature of the survey or contest, we use this information to follow-up with the participants, or, if applicable, to notify contest winners and award prizes.
b. Communications from You
When you use our Services, complete electronic forms, or contact us, by online chat, email, phone or text, we may automatically collect and store certain information about you and the activity you engaged in, for example: your name and contact information; information that you voluntarily provide to us; the nature of your communication; the purpose of the interaction, and the action we took in response to your inquiry or request.
c. Information Related to Your Use of the Services
We may automatically collect information about your use of the Services (we refer to this information as "Usage Data"), including information sent by Your mobile devices. For example, we may collect device information, such as the type of mobile device you use, the IP address of your mobile device, unique device identifiers, user settings, your operating system, and any other information your mobile device sends when you access the Services through your mobile device.
d. Location Information
When you use our online Services, we may collect and store information about your general location by converting your IP address into a rough geo-location. We may also access your mobile device’s GPS coordinates or course location but only if you have previously agreed that we can collect this information by allowing the sharing of your location information. If you do not want us to have your location information, you may disable the location sharing feature on your device. We may use this information to provide features of our Services or to improve and customize out Services. This information may be uploaded to our servers and/or to a service provider’s server or it may simply be stored on your device. You can enable or disable access to this information at any time, through the settings on your device.
e. Information from Our Clients and Partners
We may receive your Personal Information from our business clients and partners in connection with one or more business purposes, including making our Services available to you.
Analytics Technologies
We may use third-party service providers to monitor and analyze the use of our Services.
Google Analytics is an analytics service offered by Google that tracks and reports usage of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You may opt-out of certain Google Analytics features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their privacy policy: https://policies.google.com/privacy. For more information on the privacy practices of Google, please visit https://policies.google.com/privacy.
Mixpanel is an analytics service offered by Mixpanel Inc. You can prevent Mixpanel from using your information by opting-out. To opt-out of MIxpanel services, please visit https://mixpanel.com/optout. For more information on what types of information Mixpanel collects, please visit https://mixpanel.com/terms.
Amplitude is an analytics service offered by Amplitude, Inc.. For more information on what types of information, Amplitude collects, please visit https://amplitude.com/privacy.
Interest-Based Advertising
Depending on your permissions, we may receive your Personal Information from your internet service and mobile device providers. Users of mobile devices who do not want to receive interest-based advertising may opt-out in several ways. To end all targeting on a mobile device immediately, turn on “Limit Ad Tracking” in the device settings. To limit Ad Tracking on an Apple device, please see here. To limit Ad Tracking on an Android device, please see here.
Social Media
Depending on your permissions, we may receive your Personal Information from your social media accounts. You can edit or remove Personal Information usage permissions by using privacy settings on your social media account
How We Use Your Personal Information
We will only use your Personal Information as described in this Policy or otherwise through your informed consent.
a. To Provide Our Services to You
We will use your Personal Information to provide information or perform Services that you request. We may use general location information to improve and personalize our Services to you, such as providing location-relevant information and Services to you. If the applicable information is to be provided or Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing the applicable Services. Your information may be available or provided to third-party service providers who are contractually obligated to protect your information as disclosed in this Policy. We have not sold any Personal Information to any third party.
b. For the Operations and Administration of Our Business
We will use your Personal Information for the purposes of furthering our business, including creating, operating, delivering, maintaining, and improving our content, products, and Services. We may monitor how our users use our Services including without limitation time spent using our Services, pages visited and content viewed. Aggregated forms of this data may also be used for research and development purposes in order to offer new features, functionalities, products and services.
c. For Business Analytics Purposes
We analyze, and may engage third parties to analyze, your Personal Information and Usage Data to determine the usefulness of our mobile app and other elements of the Services. Analytics help us determine how effective our navigational structure is in helping users reach the information they seek, completing the task they wish to complete, etc., and to tailor features and functionalities to our users’ needs and preferences.
d. For Our Own Marketing Purposes
Marketing lets us grow our community and update you about new products and services. We process your contact information or information about your interactions on our Services to: send you marketing communications and keep you updated about our products and services; provide you with informational content; and deliver targeted marketing to you. We may periodically send you free newsletters and emails that directly promote our Services, and that we believe may be of interest to you. When you receive such promotional communications from us, you will have the opportunity to "opt-out" (either through your account or by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain administrative and transactional communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Services, this Policy, or information about billing and renewals, among others.
e. To Provide Customer Support or Respond to You
We collect information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues, so we can address your needs and support your use and enjoyment of the Services.
f. For Account and Network Security Purposes
We care about keeping you secure and safe while using our Services. Keeping you safe requires us to process your Personal Information, such as your device information, log-in information, activity information and other relevant information to proactively manage privacy and security risks. We use such information to combat spam, malware, malicious activities or security risks; improve and enforce our security measures; and to monitor and verify your identity so that unauthorized users do not gain access to your information.
g. To Maintain Legal and Regulatory Compliance
Our Services are subject to certain laws and regulations which may require us to process your Personal Information. For example, we process your Personal Information to comply with privacy laws, comply with employment laws, or as necessary to manage risk as required under applicable law.
h. To Enforce Compliance with Our Terms and Agreements or Policies
When you access or use our Services, you are bound to our Membership Terms and this Policy. To ensure you comply with them, we process your Personal Information to actively monitor, investigate, prevent and mitigate any alleged or actual prohibited, illicit or illegal activities on our Services. We also process your Personal Information to investigate, prevent or mitigate violations of our terms, agreements or policies.
Information Sharing and Disclosure
Your Personal Information is not shared with third parties without your permission, except as described below.
a. Information Shared with Our Employees, Services Providers
We may engage employees and third-party services providers to work with us to administer and provide the Services or to promote our Services. These employees and third-party services providers have access to your Personal Information only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your Personal Information for any other purpose.
b. Information Shared with Our Business Clients
We may share your Personal Information with our business clients for Services provision and business operations purposes. We are a service provider to our business clients who purchase our Services for their employees and dependents. We may share your Personal Information with our business clients for the purposes of performing services for these clients in accordance with our contractual obligations, including to make our Services available to you and your dependents.
c. Information Disclosed in Connection with Business Transactions
If we are acquired by a third party as a result of a transaction such as a merger, acquisition or asset sale, or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Information, may be disclosed or transferred to a third-party acquirer in connection with the transaction. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Policy. Any information you submit or that is collected after a transfer, however, will be subject to a new privacy policy adopted by the successor entity.
d. Information Disclosed for Our Protection and the Protection of Others
We cooperate with government and law enforcement officials to enforce and comply with the law. We may disclose information about you to government or law enforcement officials as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Membership Terms, (ii) to respond to claims and legal process (including subpoenas); (iii) to protect the property, rights and safety of a third party, our users, or the public in general; (iv) to protect our property, rights and safety; (v) to stop any activity that we consider fraudulent, illegal, unethical or legally actionable; and (vi) as required by applicable local, state or federal laws.
Data Security
We safeguard the security of the information you provide to us with physical, electronic, and administrative procedures. For certain features of our Services we use industry-standard SSL-encryption to enhance the security of data transmissions. Your account information is password-protected for your privacy and security. While we strive to protect your information, we cannot guarantee the security of the Internet, and cannot ensure the security of the information that is transmitted through the Internet.
Please recognize that protecting your Personal Information is also your responsibility. We urge you to take every precaution to protect your information when you are on the Internet, or when you communicate with us and with others through the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “How to Contact Us” section.
Some portions of the Services (for example our presence on social media) allow users to submit comments, reviews, ratings and other information that may be displayed on the Services and viewed by others. We recommend that you do not post on or through the Services any information that you do not want to make available to other users or the public generally. You assume all responsibility for any loss of privacy or other harm resulting from information you post publicly.
Links to Third Party Sites
We may contain links to other sites that are owned or operated by third parties. We are not responsible for the content, privacy or security practices of any third parties. To protect your information, we encourage you to learn about the privacy policies of those third parties.
Our Social Media Usage
We have accounts on social media platforms through which we may post information or conduct promotional activities. If you use social media to follow us or interact with us, we may collect Personal Information you choose to share with us. Please understand your use of the social media services may result in the collection or sharing of information about you by those social media services. We have no control over, and decline all responsibility for, the use of your personal data by these third parties. Your use of social media, including your interactions with us on social media, are at your discretion. We encourage you to review the privacy policies and settings on the social media services with which you interact to make sure you understand how your information may be collected, used, and shared by those social media services.
This section applies only to California residents.
Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws (together “California Laws”), below is a summary of the Personal Information we collect as a Business in the preceding 12 months, the reason we collect your Personal Information, where we obtain the Personal Information we collect about you, and the third parties that we share your Personal Information. The section references relate to the sections above in this Policy.
Category of Information We Collect
Purposes for Collection of Personal Information
Sources of Personal Information
Types of Third Parties with Whom We Share Personal Information
Category of Personal Information We Collect
Purposes for Collection of Personal Information
Sources of Personal Information
Types of Third Parties with Whom We Share Personal Information
Information You Provide to Us
- To Provide Our Services to You
- For the Operations and Administration of Our Business
- For Business Analytics Purposes
- For Our Own Marketing Purposes
- To Provide Customer Support or Respond to You
- For Account and Network Security Purposes
- To Maintain Legal and Regulatory Compliance
- To Enforce Compliance with Our Terms and Agreements or Policies
- Forms on our Services that you fill out
- Information you provide when you contact or interact with us
- Analytic Technologies
- Information Shared with Our Employees and Services Providers
- Our Business Clients
- Information Disclosed in Connection with Business Transactions
- Information Disclosed for Our Protection and the Protection of Others
Communications from You
- To Provide Our Services to You
- For the Operations and Administration of Our Business
- For Business Analytics Purposes
- To Provide Customer Support or Respond to You
- Forms on Our Services That You Fill Out
- Cookies and Other Tracking Technologies
- Information Shared with Our Employees and Services Providers
- Our Business Clients
- Information Disclosed in Connection with Business Transactions
- Information Disclosed for Our Protection and the Protection of Others
b. California Residents Rights
Under California Laws, California residents have the following rights (“Rights”) listed below. Your Right to Know and Right to Deletion are not absolute and are subject to certain exceptions. For instance, we cannot disclose specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of the Personal Information, your account with us or the security of the business’s systems of networks.
Right to Notice. You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
Right to Access/Right to Request. The CCPA permits you to request and obtain from us information regarding the disclosure of you Personal Data that we have collected in the past 12 months.
Right to Know. You have the right to know the Personal Information we collect, use, disclose, and sell about you. You have the right to request in writing from us a copy of the categories of Personal Information we have collected about you, the categories of sources from which we collected that information, why we collected that information, the categories of third parties with whom we shared your Personal Information, the categories of Personal Information that we disclosed about you for a business purpose, and the specific pieces of Personal Information we have collected about you. Please note that we are only required to respond twice per calendar year to your Rights to Know.
Right to Deletion. You have the right to request that we delete any Personal Information we have collected from you or maintain about you. However, we are not required to comply with such requests if it is necessary for us or our partners to maintain the Personal Information in order to:
complete the transaction for which the Personal Information was collected;
detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity;
debug to identify and repair errors that impair existing intended functionality;
exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
comply with the California Electronic Communications Privacy Act;
engage in public or peer-reviewed scientific, historical, or statistical research in the public interest;
comply with a legal obligation; or
use Personal Information internally in a lawful manner that is compatible with the context in which a California resident provided the information and is reasonably aligned with the expectations of the resident based on the resident’s relationship with the business.
Right to Opt-Out of the Sale of Your Personal Information. If a business sells your Personal Information you have the right to opt-out of having your Personal Information sold. We do not sell any of your Personal Information.
Right to Non-Discrimination. We will not discriminate against those who exercise their Rights. Specifically, if you exercise your Rights, we will not deny you goods or services, charge you different prices or rates for goods or services or provide you a different level or quality of goods or services.
c. Asserting Your Rights
You may exercise your right to know by submitting your request to info@risaltohealth.com. If you would like to exercise your right to deletion, please submit your request info@risaltohealth.com. We may ask you for certain information or require email verification to verify your identity. If we cannot verify your identity from the initial information you provide, we may request additional information from you, which will only be used for the purposes of verifying your identity and for security or fraud-prevention purposes. In some instances, we may ask you to submit a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. We will delete any new personal information collected for the purposes of verification as soon as practical after processing your request, subject to legal retention requirements.
You may designate an authorized agent to make a request to know or a request to delete. We will respond to your authorized agent’s request if they submit proof that they are registered with the California Secretary of State to be able to act on your behalf, or submit evidence you have provided them with power of attorney pursuant to Probate Code section 4000 to 4465. We may deny requests from authorized agents who do not submit proof that they have been authorized by you to act on their behalf.
Contact Us
If you have questions or concerns about our collection, use, or disclosure of your Personal Information, please email us at info@risaltohealth.com. Or write to us at: Privacy Officer, Risalto Health, 600 5th Ave, New York City, NY 10020.