Healiom Inc. ("Healiom," "we," or "us") owns and operates the website located at www.healiom.com and may have previously, now or in the future own and/or operate a related mobile application (collectively, the "Platform"). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content ("Content"), any products or services provided through the Platform or otherwise by Healiom, and any affiliated website, software or application owned or operated by Healiom (collectively, including the Platform and the Content, the "Service") are subject to this Privacy Policy unless specifically stated otherwise. Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the Healiom, Inc. Terms of Use ("Terms of Use").
We are committed to respecting the privacy of users of the Service. We created this Privacy Policy ("Privacy Policy") to tell you how Healiom collects, uses and discloses information in order to provide you with the Service.
As with our Terms of Use, by creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are automatically accepting and acknowledging the most recent version of this Privacy Policy. If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the "Last updated" date of the Privacy Policy.
If you are using the Service on behalf of an indiv idual other than yourself, you represent that you are authorized by such individual to act on such individual's behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.
Our Service is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. The Service is not designed or intended to attract, and is not directed to, children under eighteen (18) years of age, let alone thirteen (13) years of age. If we obtain actual knowledge that we have collected personal information through the Platform from a person under thirteen (13) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.
Furthermore, if you are under sixteen (16) years of age, then you (or your parent or legal guardian if you are under age 13) may at any time request that we remove content or information about you that is posted on the Platform. Please submit any such request ("Request for Removal of Minor Information") to either of the following:
By mail: Healiom, Inc., Attn: Compliance, 204 East 2nd Ave #204, San Mateo, CA 94401 with a subject line of "Removal of Minor Information. If you send by mail, please send by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking.
By email: Compliance@healiom.com with a subject line of "Removal of Minor Information"
For each Request for Removal of Minor Information, please state "Removal of Minor Information" in the email or letter subject line, and clearly state the following in the body of the request:
Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires Healiom to maintain the content or information; when Healiom maintains the content or information on behalf of your Providers (as defined in our Terms and Conditions) as part of your electronic medical record; when the content or information is stored on or posted to the Site by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when Healiom anonymizes the content or information, so that you cannot be individually identified; when you do not follow the aforementioned instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.
The foregoing is a description of Healiom's voluntary practices concerning the collection of personal information through the Service from certain
minors, and is not intended to be an admission that Healiom is subject to the Children's Online Privacy Protection Act, the Federal Trade Commission's Children's Online Privacy Protection Rule(s), or any similar international, federal, state, or local laws, rules, or regulations.
When you set up an account with Healiom, you are creating a direct customer relationship with Healiom that enables you to access and/or utilize the various functions of the Platform and the Service as a user. As part of that relationship, you provide information to Healiom, including but not limited to, your name, email address, shipping address, phone number and certain transactional information, that we do not consider to be "protected health information" or "medical information".
However, in using certain components of the Service, you may also provide certain health or medical information that may be protected under applicable laws. Healiom is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, " HIPAA"). One or more of the Pharmacies or Medical Groups (as defined in our Terms of Use) may or may not be a "covered entity" or "business associate" under HIPAA, and Healiom may in some cases be a "business associate" of a Pharmacy or Medical Group. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Healiom, the Medical Groups, the Providers or the Pharmacies. To the extent Healiom is deemed a "business associate" however, and solely in its role as a business associate, Healiom, may be subject to certain provisions of HIPAA with respect to "protected health information," as defined under HIPAA, that you provide to Healiom, the Medical Group or the Providers (" PHI"). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, "Protected Information" ), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.
The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).
By accessing or using any part of the Service, you are agreeing that even if HIPAA does apply to Healiom, the Medical Groups, the Providers or the Pharmacies, any information that you submit to Healiom that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers or prescription fulfillment by the Pharmacies, is not considered Protected Information, and will only be subject to our Privacy Policy and any applicable state laws that govern the privacy and security of such information.
We collect any information you provide when you use the Service, including, but not limited to:
If you use your mobile device to visit, access or use the Service, then additional categories of information that we collect may include
We also collect certain medical information on behalf of the Medical Groups and your Providers, which may include, but is not limited to:
How Information Is Collected
Healiom might collect personal and non-personal information directly from you when you visit, access or use the Service; when you register with or subscribe to the Service or any products or services available through the Service; when you "sign in," "log in," or the like to the Service; when you allow the Service to access, upload, download, import or export content found on or through, or to otherwise interact with, your computer or mobile device (or any other device you may use to visit, access or use the Service) or online accounts with third-party websites, networks, platforms, servers or applications (e.g., your online social media accounts, your cloud drives and servers, your mobile device service provider); or whenever Healiom asks you for such information, such as, for example, when you process a payment through the Service, or when you answer an online survey or questionnaire. In addition, if you or a third party sends Healiom a comment, message or other communication (such as, by way of example only, email, letter, fax, phone call, or voice message) about you or your activities on or through the Site and/or the App, then Healiom may collect any personal or non-personal information provided therein or therewith.
In addition to the information we collect directly from you, we may also collect certain information from the Medical Group and/or Providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service.
We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
Finally, Healiom might use various tracking, data aggregation and/or data analysis technologies, including, for example, the following:
Cookies, which are small data files (e.g., text files) stored on the browser or device you use to view a website or message. They may help store user preferences and activity and may allow a website to recognize a particular browser or device. There are several types of cookies, including, for example, browser cookies, session cookies, and persistent cookies.
Cookies may record information you access on one page of a website to simplify subsequent interaction with that website, or to help streamline your transactions on related pages of that website. Most major browsers are set up so that they will initially accept cookies, but you might be able to adjust your browser's or device's preferences to issue you an alert when a cookie is downloaded, or to block, reject, disable, delete or manage the use of some or all cookies on your browser or device. Cookies can be set by the website owner (i.e., us), or they can be set by third parties (e.g., Facebook, Google, etc.)
Cookies are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Third party cookies may also be used to enable analytics (e.g. Google Analytics) or advertising functionality (e.g., ad re-targeting on third-party websites) that enables more customized services and advertising by tracking your interaction with our Service and collecting information about how you use the Service.
Flash cookies, which are cookies written using Adobe Flash, and which may be permanently stored on your device. Like regular cookies, Flash cookies may help store user preferences and activity, and may allow a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies. Web beacons, which are pieces of code embedded in a website or email to monitor your activity on the website or your opening of the email, and which can pass along information such as the IP address of the computer or device you use to view the website or open the email, the URL page on which the web beacon is located, the type of browser that was used to access the website, and previously set cookie values. Web beacons are sometimes used to collect advertising data, such as counting page views, promotion views or advertising responses. Disabling your computer's, device's or browser's cookies may prevent some web beacons from tracking or recording certain information about your activities.
Scripts, which are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user's interactions with the website, such as the links the user clicks on. Scripts are often times temporarily downloaded to the user's computer or device from the website server, active only while the user is connected to the Site and/or the App, and deactivated or deleted when the user disconnects from the website.
Analytic tools and services, which are sometimes offered by third parties, and which track, measure and/or generate information about a website's or program's traffic, sales, audience and similar information, and which may be used for various reasons, such as, for example, statistical research, marketing research, and content ratings research, and conversion tracking. Examples of the analytic tools and services which Healiom might use include Google Analytics and Taplytics. Healiom may also use other third-party analytic tools and services.
Please be advised that if you choose to block, reject, disable, delete or change the management settings for any or all of the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies, then certain areas of the Platform might not function properly.
By visiting, accessing or using the Service, you acknowledge and agree in each instance that you are giving Healiom permission to monitor or otherwise track your activities on the Service, and that Healiom may use the aforementioned technologies and/or other tracking, data aggregation and data analysis technologies. Notwithstanding the foregoing, Healiom does not permit third parties or third-party cookies to access to any communications you have with the Providers, or medical information that you submit to the Providers for diagnosis and treatment purposes.
In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to:
We may de-identify your information and use, create and sell such de-identified information, or any business or other purpose not prohibited by applicable law.
Subject to the limitations described in the Protected Health Information section above, we may disclose your information to third parties in connection with the provision of our Service or as otherwise permitted or required by law. For example, we may disclose your information to:
We may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.
Healiom may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Service or Healiom. Healiom may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by Healiom or as required by law.
Similarly, the Medical Groups and Providers may retain your information for as long as they believe necessary; as long as necessary to comply with their respective legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Medical Groups and Providers. The Medical Groups and Providers may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by the Medical Groups or Providers or as required by law.
In connection with any transaction that you conduct through the Service (e.g., the purchase or sale of any products or services on or through the Service), you may be asked to supply certain information relevant to the transaction, including, without limitation, your credit card number and expiration date, your billing address, your shipping address, your phone number and/or your email address. By submitting such information, you grant Healiom without charge the irrevocable, unencumbered, universe-wide and perpetual right to provide such information to third parties (e.g., payment processing companies, buyers on the Service, sellers on the Service) for the purpose of facilitating the transaction.
All credit card, debit card and other monetary transactions on or through the Service occur through an online payment processing application(s) accessible through the Service. This online payment processing application(s) is provided by Healiom's third-party online payment processing vendors, Braintree (" Braintree") and Stripe (" Stripe ").
Additional information about Braintree, its privacy policy and its information security measures (collectively, the " Braintree Policies") should be available on the Braintree website located at https://www.braintreepayments.com/legal/braintree-privacy-policy or by contacting Braintree directly. Reference is made to the Braintree Policies for informational purposes only and are in no way incorporated into or made a part of this Privacy Policy. Healiom's relationship with Braintree, if any, is merely contractual in nature, as Braintree nothing more than a third-party vendor to Healiom, and is in no way subject to Healiom's direction or control; thus, their relationship is not, and should not be construed as, one of fiduciaries, franchisors-franchisees, agents-principals, employers-employees, partners, joint venturers or the like.
Additional information about Stripe, its privacy policy and its information security measures (collectively, the "Stripe Policies") should be available on the Stripe website located at https://stripe.com/privacy or by contacting Stripe directly. Reference is made to the Stripe Policies for informational purposes only and are in no way incorporated into or made a part of this Privacy Policy. Healiom's relationship with Stripe, if any, is merely contractual in nature, as Stripe nothing more than a third-party vendor to Healiom, and is in no way subject to Healiom's direction or control; thus, their relationship is not, and should not be construed as, one of fiduciaries, franchisors-franchisees, agents-principals, employers-employees, partners, joint venturers or the like.
The Service may only be used within certain states within the United States as described in our Terms of Use. Accordingly, this Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. law.
This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information or other practices of any third parties, including, without limitation, the Medical Group or its Providers, the manufacturer of your mobile device, and any other third-party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the Medical Group's Notice of Privacy
Practices and the privacy policies of each website and application you visit and use.
The following table summarizes our personal information collection, use, and sharing practices in the preceding 12 months since we last updated this Policy. As reflected in this table, we may share your personal information with a variety of outside entities.
California Residents
If you are a California resident, you have the right to know what personal information we collect, use, disclose or sell about you under the CCPA. Additionally, you have the right to access and delete your personal information.
To exercise these privacy rights and choices, please follow the instructions below:
How to request access to your personal information: You may request access to your personal information twice in a 12-month period. To do so, please email us at Compliance@healiom.com with the subject heading "California Privacy Rights," In response, we will produce an Access Report detailing the personal information we have collected, disclosed, and/or sold about you. This Access Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
How to request deletion of your personal information: You may request that we delete the personal information it has collected and/or maintained about you. To do so, please email us at Compliance@healiom.com. Note, we may need to retain certain personal information as permitted by law, such as to complete the transaction for which the personal information was collected, maintain an electronic medical record for a Medical Group or Provider, provide a requested good or service, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, comply with legal obligations or to enable solely internal uses that are reasonably aligned with your expectations or lawful within the context in which you provided the information. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. If you maintain an account with us, we will verify your identity through existing authentication practices for the account (e.g., login and password). If you are not a registered member, we will verify your identity by matching two or three data points that you provide with data points that we maintain and have determined to be reliable for the purposes of verification (e.g., browser or device ID).
Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your or your minor child's personal information. In order to designate an authorized agent to make a request on your behalf, you must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. You must also verify your identity directly with us by providing a copy of your government issued identification.
Response Timing and Format: If you are a Healiom customer with an online account, we will deliver our written response to that account online or via email. If you are not a Healiom customer or do not have an online account, we will deliver our written response by mail or electronically, at your preference. The response will also explain the reasons we cannot comply with a request, if applicable. Please note, that if you are submitting a request regarding information you provided to a Medical Group, a Providers, or a Pharmacy, your request should be directed to that entity.
Anti-Discrimination Right: We will not discriminate against you for exercising any of your CCPA rights. But note that some of the functionality and features available to you may change or no longer be available to you upon deletion of your personal information or opt-out of sale of your personal information.
We do not sell your personal information for money, but we use cookies and similar technologies. We do not and will not sell the personal information of minors under 16 years of age without affirmative authorization.
We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the "Contacting Us" section below.
When using the Service, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Service all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. We do not currently respond to web browser "do not track" signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy.
Healiom may supplement, amend, or otherwise modify this Privacy Policy at any time. Such supplements, amendments and other modifications will be posted on this or a similar page of the Service, and shall be deemed effective as of the "Last Updated" date; provided, however, that Healiom will notify you and/or require you to accept the updated Privacy Policy if the supplemented, amended or otherwise modified Privacy Policy implements material changes from Healiom's then-current Privacy Policy. It is your responsibility to carefully review this Privacy Policy each time you visit, access or use the Service.
If you have any questions about this Privacy Policy, please contact us by email at Compliance@healiom.com or by regular mail at:
Healiom, Inc.
204 East 2nd Ave #204
San Mateo, CA 94401
We will attempt to respond to your questions or concerns promptly after we receive them.
Last Updated: May 24, 2023.
