Last Updated: May 18, 2020
Table of Contents
- Introduction
- Collection of Your Personal Information
- How We Share and Use Information
- Your Choices
- Access to Your Information
- Security
- Children
- International Users
- Business and Professional Users
- California Disclosures
- Updates
- Contact Us
- Effective Date
Introduction
Conversa Health (“Conversa”) is a service offered by Conversa Health, Inc. that enables users to engage in automated digital conversation sessions about their health and activities. These automated, interactive conversation (or “chat”) sessions are referred to in this Privacy Policy and in our Terms of Use for Individual Users (“Terms”) as “the Conversa Services” or the “Services.”
In general, the Conversa Services are provided to individual users on behalf of a Conversa Customer, which may be a healthcare provider, insurer, employer, or other entity.
PLEASE NOTE – If you use Conversa Services that are made available to you by a Conversa Customer, we will share the information you provide, including your chat sessions, with the Conversa Customer.
The personal information in the Services is subject to applicable privacy and security laws. Where the Services are made available by a Conversa Customer that is subject to a federal medical privacy law called HIPAA (Health Insurance Portability and Accountability Act), that law will also apply.
Conversa is committed to protecting privacy. This Privacy Policy explains how Conversa handles and protects the personal information of our users and website visitors.
This Privacy Policy is incorporated into our Terms of Agreement. When you agree to the Terms of Agreement, you are agreeing to this Privacy Policy.
Collection of your Personal Information
- Information Collected from All Visitors to our Website
We may use cookies, web beacons, log data, and similar technologies to help us verify your identity upon return visits to Conversa, improve your user experience with our Services, and improve and measure the effectiveness of our products. We may also use web beacons in communications with you to assure proper operation of the service, such as determining if a message to you was delivered and opened. We may also use third-party web analytic tools to analyze website traffic or improve our services. We will not, however, use cookies, web beacons, or similar technologies to track users for targeted advertising, nor will we permit anyone else to do so.
As background, cookies are small text files that websites can send to your browser, which your computer stores, that can automatically collect server domain names, IP addresses, type of computer, type of browser, and information about what pages are visited. We may use both session cookies and persistent cookies. You can set your browser to decline cookies or notify you before accepting cookies, although if you decline them, the website may not function properly. Web beacons, which are small bits of code embedded invisibly in web pages or emails, can be used to communicate with cookies, count visitors, and understand usage patterns. Web log data may include visitors’ IP address, browser data, operating system, prior web page, pages visited and how long visits lasted, links clicked on, and similar statistics.
If you visit our website from a mobile device, our site may collect certain information sent by your mobile browser, such as device identifier, user settings, your device’s operating system, and information about your visit and use of the site.
- Information Collected about Patients Who Use Conversa Services
Your signup process may vary depending on the Conversa Customer that has made the Services available to you. For example, some Conversa Customers place a link on their websites that their users can click to reach a webpage to start using the Services. Other Conversa Customers may talk to their users in person about whether the users would like to use the Services, and, if so, the Conversa Customer initiates the enrollment process based on the user’s input. Or, the Conversa Customer may give us certain information about you so that we can contact you to initiate Services. This information may include your name, email address, phone number, gender, age, whether you prefer to receive invitations to chat sessions via text or email, and other relevant information, depending on how the Services are deployed. A Conversa Customer that is your healthcare provider may also give us with certain medical information, which may come from your electronic health record, to help us provide you the appropriate type of Services. For example, the automated chat sessions used with patients who have diabetes are different from those used with patients recovering from knee surgery.
In any case, before you can use the Services, you will need to agree to our Privacy Policy and Terms of Agreement.
If you use the Services, you will receive regular invitations to start an automated chat session. These invitations will come to you by email or text. (See below for more information about these emails or texts.) Once you click on a link in that email or text, you’ll be taken to a website where you’ll be asked automated questions and you’ll select answers based on your experience. For example, you might be asked if your knee pain today is better than, worse than, or the same as yesterday. Your responses to the questions you’re asked in these automated chat sessions will be part of the personal information we collect.
Whether you provide personal information to us directly or we obtain it from the Conversa Customer making Conversa available to you, we will protect it and use and disclose it only in accordance with this Privacy Policy.
How We Share and Use Information
We use information about our users to perform and provide the Services, to improve and expand the Services, and, for related business operations, such as communicating with you.
Disclosures of personal information about our users can be grouped as follows:
1) Routine disclosures
- As noted above, personal information you share with us, including your responses in chat sessions, will be disclosed to the Conversa Customer that is making the Services available to you. In some cases, the Conversa Customer will receive all the information you provide, whereas in other cases, the Conversa Customer will receive a summary of the information you provide
- We will share personal information with vendors that help us provide the Services, subject to contractual limitations imposed on the vendors and applicable law.
- We may share statistical and/or anonymous information with third parties for research and analysis, marketing or business operations, or similar purposes.
2) Disclosures we might make under unusual circumstances
- We will make disclosures of personal information where we have a reasonable belief that the disclosures are required by law. This may include disclosures in response to subpoenas, court orders, and discovery requests, as permitted by applicable law.
- We may report what appears to be illegal or fraudulent conduct to law enforcement authorities.
- We may disclose personal information if we reasonably believe the disclosure is needed to respond to a threat of physical harm or to defend or assert legal rights.
- If we were to transfer assets or operations in connection with a sale, merger, bankruptcy, or other transaction, we may transfer personal information to the merging or acquiring entity. If so, we would make a good faith effort to require that your personal information remains subject to essentially the same restrictions as in our Privacy Policy.
Except as explained here, we will not share your personal information with third parties unless you specifically authorize us to do so.
Your Choices
Conversa gives you important choices about your personal information, including:
- Whether you want to use the Services;
- Whether you want to receive informational emails or newsletters from us, if applicable;
- Whether you want to discontinue the Services at any time—you can simply ignore the invitations to chat sessions you will receive, or you can unsubscribe through the unsubscribe methods we provide.
- Where applicable, whether you want to receive the invitation to each chat session via ordinary email or text message (SMS).
Important note about privacy and security—ordinary email and text messages are not considered secure. That’s why we won’t include any details about your health in the invitations to automated chat sessions that we send by email or text. Instead, your email or text invitation to a chat session will take you to a dedicated website where the actual session discussing your health will take place. In some cases, the chat sessions will be available by text invitations only, whereas in other cases, you can choose whether you want to receive chat invitations by email or by text.
By agreeing to use the Services, which involve sending you invitations to individual chat sessions by ordinary email or text messages, as applicable, you are indicating that you understand that ordinary email or text may not be secure and you nonetheless want to receive your invitations to chat sessions via ordinary email or text messages.
Your Rights Regarding Personal Information
You may have certain rights under applicable privacy law to access, amend, delete, or make do-not-sell requests regarding the personal information we have collected about you. Most Conversa Customers require that these requests be handled through them. If you’d like to exercise your rights regarding your personal information, you should contact the Conversa Customer making the Services available to you. You may also contact us at privacy@conversahealth.com. but please be aware that we may direct you to send your request to the Conversa Customer.
Security
We are committed to maintaining the security of personal information. We use reasonable and appropriate technical, administrative, and physical controls to protect personal information from loss, misuse, or alteration. If we share personal information with vendors, we subject them to contractual and legal controls regarding the protection, use, and disclosure of the information. However, because there is always some risk that unauthorized or illegal access to your information could occur or that data sent over the Internet could be intercepted, we cannot guarantee absolute data security.
Children
In general, Conversa users must be 18 years of age or older. However, some Conversa Customers make the Services available to users who are 16 years of age or older. Check with the Conversa Customer making the Services available to you about age-based eligibility.
International Users
The Services are intended for residents of the United States. If you are not a U.S. resident and you register or submit personal information through the Services, you agree that we may collect, us, store, and disclose that information in the U.S. or any other country outside your country of residence. You understand that data protection laws outside of your jurisdiction may not be as protective as those in your jurisdiction. By providing your information to Conversa, you are consenting to the international transfer and processing of your information for the purposes explained in this Privacy Policy, the Terms, or elsewhere in the Services.
Business and Professional Users
This Privacy Policy describes the way that personal information of individual users is protected and handled. Businesses and professionals doing business with Conversa should review the terms of any contractual or legal requirements applicable to them.
California Law
California law requires websites to explain certain online practices regarding tracking of visitors. Some web browsers have a “Do Not Track” feature that lets a user have the browser notify websites that the user does not want to have his or her online activities tracked. Our website and Services currently do not respond to such browser-initiated signals.
Conversa does not disclose personal information to third parties for their direct marketing purposes.
Conversa does not sell personal information, as defined by the California Consumer Privacy Act (CCPA), and therefore we do not have a mechanism for you to instruct us not to sell your personal information. Where a Conversa Customer makes the Services available to you, Conversa acts as a service provider, as defined by the CCPA, to that Customer. Conversa follows the instructions provided by Conversa Customers with respect to CCPA consumer rights. If you would like to exercise the rights afforded you as a California consumer under the CCPA, please contact the Conversa Customer that is making the Services available to you.
Updates
We may modify this Privacy Policy at any time. If we make only minor, editorial changes, we’ll let you know about the updated Privacy Policy when you access the Services, and the new Privacy Policy will apply to you. If, however, we make any material changes, we’ll ask if you consent to the new Privacy Policy before you continue to use the Services, and if you decline to consent, the Services might not be available to you.
Contact Us
Conversa welcomes your comments. If you have any questions or concerns about this Privacy Policy or our information practices, please contact us at privacy@conversahealth.com.
Effective Date
This Privacy Policy is effective May 18, 2020.