This Policy was last updated on July 24, 2018.
We are committed to protecting the privacy and security of the personal information we receive or collect from you. We also believe in transparency and are committed to informing you about how we treat your personal information.
Who is Responsible for your Personal Information?
TheraNest and its customers are responsible for implementing the applicable data protection principles and for safeguarding the personal information provided to us through our Services. In general, with respect to the Apps, the Telehealth Platform, and the Client Portal, TheraNest provides services as a business associate, as that term is defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and as a data processor, as that term is defined under the EU General Data Protection Regulation, 2016/679 (the “GDPR”).
If you are a user in the European Union (the “EU”) or the European Economic Area (the “EEA”), for purposes of the GDPR, TheraNest also acts as the data controller for the personal information we collect from you via the public portions of our Websites. However, as noted above, TheraNest acts as the data processor with respect to the personal information provided to us via the Apps and the Client Portal. TheraNest’s customers act as the data controllers with respect to the personal information provided to us via the Apps and the Client Portal. Questions regarding the data controller’s practices should be directed to the data controller. THE TELEHEALTH PLATFORM IS ONLY INTENDED FOR USERS LOCATED IN THE UNITED STATES, AND IS NOT INTENDED FOR USERS LOCATED IN OTHER JURISDICTIONS, INCLUDING THE EU AND THE EEA. BY USING THE TELEHEALTH PLATFORM YOU ACKNOWLEDGE AND AGREE THAT YOU ARE USING THE TELEHEALTH PLATFORM FROM, AND ONLY FOR VIDEO AND AUDIO CHAT SESSIONS WITH PERSONS WITHIN, THE UNITED STATES.
If you are a patient of a TheraNest customer and would no longer like to be contacted by that customer, please directly contact the customer/data controller with whom you interact (your health care provider). If you contact or exchange information in person or through a means other than our Services, such activity is not covered by this Policy.
What information do we collect?
We may collect and process the following personal information from you for the purposes set forth below:
Types of Data and Purpose
When you visit our Websites or use our Telehealth Platform or the Apps, including a free trial, we may ask you for your name, address, telephone number, email address, or other contact details in order to respond to your request or inquiry or to verify your identity.
TheraNest processes the contact information of a patient via the Client Portal and the Telehealth Platform at the direction of the health care provider/data controller. The health care provider/data controller may direct a patient to complete intake paperwork via the Client Portal. The health care provider/data controller may contact a patient via SMS messages via the Apps. TheraNest’s customers act as the data controllers with respect to the personal information provided to us via the Apps, the Telehealth Platform, and the Client Portal. Questions regarding the data controller’s practices will be directed to the data controller.
When you seek services from us in the course of contractual or customer relationships between you and/or your organization and us, we collect business contact information and other personal information in order to provide you with the services you have requested.
When you use our Websites, the Apps, the Telehealth Platform, and the Client Portal we collect information about your use of our Websites, the Apps, the Telehealth Platform, and the Client Portal, including your interaction with advertising and analytics services on the Websites, the Apps, the Telehealth Platform, and the Client Portal, in order to (a) serve you the content and functionality you request, and (b) to maintain the privacy and security of the Services. Location information collected includes your Internet Protocol (IP) address or unique device identifier.
If you receive email communications from us, we may use certain tools to capture data related to if/when you open our message, click on any links or banners it contains, and make purchases. Other information collected through this email tracking feature includes: your email address, the date and time of your “click” on the email, a message number, the name of the list from which the number was sent, a tracking URL number, and a destination page. We use this information to enhance our marketing efforts. We do not sell or distribute this information to third parties.
Feedback / Support / Inquiries
If you provide us with feedback or contact us for support or to ask us questions, we will collect your name, email address, other contact information, and other information needed to respond to your feedback, provide the requested support, or to answer your question.
When you sign up for one of our mailing lists, we collect your contact information, including your email address.
Sensitive Personal Information
Patients: At the direction of the data controller, TheraNest processes sensitive personal information regarding a data controller’s patients, which may include: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, financial information, sex life or sexual orientation. TheraNest’s customers act as the data controllers with respect to the personal information provided to us via the Apps, the Telehealth Platform, and the Client Portal. Questions regarding the data controller’s practices will be directed to the data controller.
Information Received as Business Associate
Some of our US-based customers (such as healthcare providers) may be subject to laws and regulations governing the use and disclosure of the health information they create or receive, including the Health Insurance Portability and Accountability Act and the regulations adopted thereunder (HIPAA). TheraNest will only use or disclose such information as permitted by the controlling business associate agreement or as otherwise permitted by law. TheraNest limits access to “protected health information” in accordance with HIPAA. TheraNest’s workforce members are trained on the privacy and security requirements applicable to protected health information, and TheraNest’s “business associates” are required, pursuant to the terms of their agreements with us, to implement required safeguards.
THE MESSAGING SERVICE FUNCTIONALITY WITHIN THE APPS IS ONLY INTENDED FOR PERSONS LOCATED IN THE UNITED STATES, AND IS NOT INTENDED FOR PERSONS LOCATED IN OTHER JURISDICTIONS, INCLUDING THE EU AND THE EEA. BY SUBSCRIBING TO AND USING THE MESSAGING SERVICE, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE USING THE MESSAGING SERVICE FROM, AND ONLY FOR PROVIDING APPOINTMENT REMINDERS TO PERSONS WITHIN, THE UNITED STATES.
Financial and Payment Information
If you choose to purchase Services from us, you will need to give personal information and authorization for us to obtain information from various credit services. We may collect your bank account and other data necessary to process payments, including credit card numbers, security codes, expiration dates, and other related billing information. For example, you may need to provide the following information:
· Mailing address
· Email address
· Credit card number
· Home and business phone number
Please note that credit card numbers and account information are not stored on our server in order to ensure your security.
By submitting your payment card information, you expressly consent to the sharing of your information with third-party payment processers and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties). We do not store your payment information.
What do we use your information for?
When TheraNest is acting as a data processor, TheraNest collects and uses the types of personal information listed above in accordance with the instructions provided by the data controller.
When TheraNest is acting as a data controller and where the GDPR does not apply, TheraNest collects and uses the types of personal information listed above an effort to improve your experience on the Websites, the Apps, the Telehealth Platform, and the Client Portal and to provide the Services to you. Additionally, we may use your personal information in the following ways:
- To provide you with the services and products you have requested and to manage our relationship with you, including administering your account, processing payments, accounting, auditing, billing and collection and taking other steps necessary for the performance of our business relationship with you;
- To present and improve our Websites, the Apps, the Telehealth Platform, and the Client Portal, as we continually strive to improve our offerings based on the information and feedback we receive from you;
- To respond to visitor and customer inquiries, as your information helps us to more effectively respond to your customer service requests and support needs;
- To determine user interests, needs, and preferences;
- To provide notice of changes to our Websites, the Apps, the Telehealth Platform, the Client Portal, or other services and products we offer or provide;
- To deliver the Services to you and honor our contract with you, including our Terms of Service (https://theranestcom.wpcomstaging.com/terms/), but not limited to, providing you with access to publications such as our newsletter;
- To conduct research and analysis;
- To develop new products and services;
- To manage and maintain the security of our Websites, the Apps, the Telehealth Platform and the Client Portal;
- To market our services and products to you. We will only provide you with marketing-related information after you have, where legally required to do so, opted in to receive those communications and having provided you with the opportunity to opt-out of such communications at any time. We do not sell or distribute this information to third parties or use it for any other purpose;
- To comply with our legal and compliance obligations, including maintaining records, performing compliance audits, etc.;
- For insurance purposes;
- To exercise and defend our legal rights, or to comply with court orders;
- For any other purpose related to and/or ancillary to any of the purposes and uses described in this Policy for which your personal information was provided to us;
- In any other way we may describe when you provide the information; and
- For any other purpose to which you have consented or for which we have a legal basis under law;
- To personalize your experience, as your information helps us to better respond to your individual needs;
- To administer a promotion that you have opted into;
- To send periodic emails. The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
When TheraNest is acting as a data controller and where the GDPR does not apply, we may process your personal information in connection with any of the purposes and uses set out in this Policy on one or more of the following legal grounds:
- Because it is necessary to perform the services you have requested, to comply with your instructions, or to perform other contractual obligations between you and TheraNest;
- To comply with our legal obligations as well as to keep records of our compliance processes;
- Because our legitimate interests, or those of a third party recipient of your personal information, make the processing necessary, provided those interests are not overridden by your interests or fundamental rights and freedoms;
- Because you have chosen to publish or display your personal information on a public area of the Websites, such as a comment area;
- Because it is necessary to protect your vital interests;
- Because it is necessary in the public interest; or
- Because you have expressly given us your consent to process your personal information in a particular manner.
We do not use your personal information for making any automated decisions affecting or creating profiles other than as described above.
Finally, our Services allow our health care provider customers (who are the data controllers under the GDPR) to store personal information and health information about their patients. Our Services also permit those health care providers to share all or certain portions of their or their patients’ information with third parties, including the patient, other health care providers, and third-party payors. TheraNest processes information as instructed by the health care provider/data controller. We are not responsible for the actions of the health care provider/data controller, and any information that is provided to a health care provider/data controller will be subject to the terms of the agreement with that health care provider/data controller and not this Policy.
Do we disclose any information to outside parties?
When TheraNest is acting as a data controller and where the GDPR does not apply, we may share your personal information in the following contexts. When TheraNest is acting as a data processor or a business associate, disclosures in the following contexts will be limited in accordance with the instructions from the data controller or the terms of the business associate agreement:
Subsidiaries and Acquisitions
We may share your personal information with our corporate parents, subsidiaries, and affiliates. In addition, we may disclose your personal information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our website users is among the assets transferred. For example, if another company acquires TheraNest, we will share your personal information with that company.
Disclosures With Your Consent
We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your personal information in this context with your consent.
Disclosures Without Your Consent
We may disclose your personal information in response to subpoenas, warrants, court orders or other legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our legal rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property or a violation of our Terms of Service (https://theranestcom.wpcomstaging.com/terms).
You may consent through account registrations to having your contact information shared with other account holders.
Third Parties, including your health care providers
We may provide personal information about you to third parties that offer products and services specifically requested by you.
We may share your personal information with our service providers. Among other things, service providers may help us to administer the Websites, the Apps, the Telehealth Platform, and the Client Portal and support our provision of the Services requested by you; provide technical support; send marketing, promotions, and communications to you about our services; provide payment processing; and assist with other legitimate purposes permitted by law.
We may disclose aggregated information about our users, and information that does not identify any specific individual, such as groupings of demographic data and customer preferences, for new product and marketing development. When permitted, aggregated data is only created in accordance with HIPAA and any controlling business associate agreement.
How long do we store your personal information?
TheraNest will retain personal information as needed to fulfill the purposes for which it was collected. We will retain and use personal information as long as necessary to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements. We will retain personal information we process on behalf of our customers for as long as needed to provide services to our customers.
When we no longer have a purpose to retain personal information, we will securely destroy the personal information in accordance with applicable law and our policies. We take reasonable steps to delete the personal information we collect if your registration to use our Services lapses and you opt out of receiving further communications from us, or if you ask us to delete information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When permitted, aggregated and de-identified data is only created in accordance with HIPAA and any controlling business associate agreement.
If you no longer wish to receive communications from us via email, you may opt-out by contacting us at firstname.lastname@example.org and providing the name of the service for which information was provided, your full name, mailing address, phone number and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take corrective action.
How do we protect information?
TheraNest has put in place reasonable and appropriate administrative, technical, and security measures to protect personal information from being accidentally lost, used or accessed in an unauthorized manner, altered, or disclosed. While our security measures seek to protect the integrity, availability, and confidentiality of your personal information in our possession, no security system is perfect and TheraNest cannot promise that your personal information will remain absolutely secure in all circumstances.
The safety and security of your personal information also depends on you. Where you use a password for access to the Apps, the Telehealth Platform, and the Client Portal, you are responsible for keeping the password confidential. Do not share your password with anyone.
If a security breach causes an unauthorized intrusion into our Websites, Apps, Client Portal, or systems that compromises your data, we will notify you and any applicable regulator when we are required to do so by applicable law.
Updating Your Personal Information
If any of the personal information provided to us changes, please let us know. For instance, if your email changes, you wish to cancel any request you have made of us, or if you become aware of inaccurate personal information about you, use our Contact Us details provided at the end of this Policy to update your information. You may also edit your account details if you have a user account through our Websites, the Apps, the Telehealth Platform, or the Client Portal.
Requests regarding any information provided to a health care provider, who is a TheraNest customer, should be directed directly to the health care provider.
We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Your Rights To Access And Control Your Personal Information
Please use the Contact Us details at the end of this Policy to exercise your rights and choices under this Policy. If you would like to manage, change, limit or delete your personal information or you no longer want to receive any email, postal mail, or telephone contact from us or our affiliates in the future, such requests may be submitted via the Contact Us details at the end of this Policy. Requests regarding any information provided to a health care provider who is a TheraNest customer should be sent directly to the health care provider.
Right of Access. If required by law (e.g., under the GDPR), upon request, we will grant reasonable access to the personal information that we hold about you. An individual who seeks access under the GDPR to their personal information provided to a health care provider who is a TheraNest customer should send their request directly to the health care provider (TheraNest’s customer), who is the data controller. An individual who seeks to access or amend their “protected health information” under HIPAA should direct such inquiries to his or her health care provider (TheraNest’s customer).
Accuracy. Our goal is to keep your personal information accurate, current and complete. Please contact us if you believe your information is not accurate or changes. Requests regarding any information provided to a health care provider who is a TheraNest customer should be sent directly to the health care provider.
Right to Object. In certain circumstances, as permitted under applicable law, you have the right to object to processing of your personal information and to ask us to erase or restrict our use of your personal information. If you would like us to stop using your personal information, please contact us, and we will let you know if are able to agree to your request. Requests regarding any information provided to a health care provider who is a TheraNest customer should be sent directly to the health care provider.
Right to Erasure and Deletion of Your Personal Information. You may have a legal right (for instance, if you are located in the EU or EEA under the GDPR) to request that we delete your personal information when it is no longer necessary for the purposes for which it was collected, or when, among other things, your personal information has been unlawfully processed. All deletion requests made to TheraNest should be sent to the address noted in the Contact Us section of this Policy. However, requests regarding any information provided to a health care provider who is a TheraNest customer should be sent directly to the health care provider.
We may decide to delete your personal information if we believe it is incomplete, inaccurate or that our continued storage of your personal information is contrary to our legal obligations or business objectives. When we delete personal information, it will be removed from our active servers and databases and our Websites, the Apps, the Telehealth Platform, and the Client Portal, but it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Withdraw Consent. If you have provided your consent to the collection, processing and transfer of your personal information, you have the right to fully or partially withdraw your consent. To withdraw your consent, please notify us using the information in the Contact Us section of this Policy and you may follow opt-out links on any marketing communications sent to you. However, requests regarding any information provided to a health care provider who is a TheraNest customer should be sent directly to the health care provider.
Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our services.
Right to Complain. If you believe that your rights relating to your personal information have been violated, you have a right to lodge a complaint with the applicable enforcement authority, or to seek a remedy through the courts. You may also lodge a complaint with us by contacting us using the information provided in the Contact Us section of this Policy. You may also lodge a complaint directly with your health care provider regarding any information provided to the health care provider.
Online Tracking. We do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. It is a standard that is currently under development. As it is not yet finalized, we adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on our Websites, the Telehealth Platform, the Apps, the Client Portal, or on third-party websites or online services where we may collect information.
California Residents. California residents may be entitled under California Civil Code Section 1798.83 to ask us for a notice describing what categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing. If you are a California resident and would like a copy of such notice, please submit a written request to us using the information in the “Contact Us” section of this Policy. Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent. As part of the California Online Privacy Protection Act, customers may make any changes to their information at any time by logging into TheraNest and going to the ‘Manage Profile’ page.
European Union or European Economic Area Residents. If you are located in the EU or EEA and believe we have not processed your personal information in accordance with applicable provisions of the EU GDPR, you may lodge a complaint with your local data protection or supervisory authority.
Cross Border Transfers of Personal Information
TheraNest is located and established in the United States and, therefore, your personal information may be transferred to, stored or processed in the United States. While the data protection, privacy and other laws of the United States might not be as comprehensive as those in your country, we take necessary and appropriate steps to protect the privacy and security and privacy of your personal information. By using our Websites, the Apps, and the Client Portal or by requesting other services from us, you understand and consent to the collection, storage, processing and transfer of your information to our facilities in the United States and those third parties with whom we share it as described in this Policy.
THE TELEHEALTH PLATFORM IS ONLY INTENDED FOR PERSONS LOCATED IN THE UNITED STATES, AND IS NOT INTENDED FOR PERSONS LOCATED IN OTHER JURISDICTIONS, INCLUDING THE EU AND THE EEA. BY USING THE TELEHEALTH PLATFORM YOU ACKNOWLEDGE AND AGREE THAT YOU ARE USING THE TELEHEALTH PLATFORM FROM THE UNITED STATES.
Links to Other Sites
The Websites may contain links to, and media and other content from, third party websites. These links are to external websites and third parties with which we have no relationship. Because of the dynamic media capabilities of the Websites, it may not be clear to you which links are to the Websites and which are to external, third party websites. If you click on an embedded third-party link, you will be redirected away from the Websites to the external third-party website. You can check the URL to confirm that you have left our Websites.
TheraNest cannot and does not (i) guarantee the adequacy of the privacy and security practices employed by, or the content and media provided by, any third parties or their websites, (ii) control third parties’ independent collection or use or your personal information, or (iii) endorse any third party information, products, services, or websites that may be reached through embedded links on the Websites.
Children’s Online Privacy Protection Act Compliance
The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the internet. Our Websites, the Apps, the Client Portal, and the services we provide are not directed to children aged 18 or younger, nor is information knowingly collected from children under the age of 18. No one under the age of 18 may access, browse, or use the Websites, the Apps, or the Client Portal, or provide any information to or on the Websites, the Apps, or the Client Portal. If you are under 18, please do not use or provide any information on the Websites, the Apps, or the Client Portal. If we learn that we have collected or received personal information from a child under the age of 18 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it.
For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
Terms and Conditions
Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our Websites, the Apps, the Telehealth Platform, and the Client Portal at https://theranestcom.wpcomstaging.com/terms.
Attn: Privacy Officer
2 20th St N Suite 500
Birmingham, AL 35203
Questions regarding information provided to a health care provider who is a TheraNest customer should be sent directly to the health care provider.