Last Updated: August 11, 2020
When you use our Services, Uwill may receive protected health information and we may collect, use, and disclose other personally identifiable information. Under the Health Insurance Portability and Accountability Act and its implementing regulations (“HIPAA”), certain demographic, health, and/or health-related information that Uwill receives as part of providing the Services may be considered “protected health information” or “PHI.” HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Uwill may only use and disclose your PHI in the ways permitted by you in the HIPAA Privacy Authorization provided under the Terms and upon your log-in to your account with the Services or otherwise in compliance with HIPAA. In addition, “personally identifiable information,” as used in this Policy, is information that specifically identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual, such as an individual’s name, address, telephone number, e-mail address, or other similar information that can be used to identify or be linked to you. Personally identifiable information also includes information about an individual’s activity on our Services, including profile information and other identifiable information entered by you. PHI and personally identifiable information are collectively referred to in this Policy as “Your Information.”
Your Information does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. We may use and disclose aggregate information, and other non-personally identifiable information for various purposes.
INFORMATION WE COLLECT
Information You Provide to Us
We collect Your Information in various ways on our Services. More specifically, when you use our Services, we may collect the following:
- User Accounts and Profiles. Our Services may give you the ability to register for an account or to create and update a user profile. To create an account, we will collect Your Information as provided in the course of registering for an account or creating or updating a user profile. This information may include, for example, name, postal address and zip code, telephone number, e-mail address, information about your health, and related demographic information. Some of Your Information is required for you to register for the account or to create the profile, while some may be optional. Failure to provide any required information may affect your ability to use or enjoy all functionalities of the Services. Additional examples of information we may collect include the following:
- Identifiers such as an alias, unique personal identifier, online identifiers, account name, Social Security number, driver’s license number, passport number, or other similar identifiers;
- Signature, physical characteristics or description, state identification card number, insurance policy number, education, employment, employment history, medical information, or health insurance information;
- Characteristics of protected classifications under California or federal law(sex, race, religion, color, national origin, age, handicaps);
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Biometric information;
- Audio, electronic, visual, thermal, olfactory, or similar information;
- Professional or employment-related information;
- Education information;
- Inferences drawn from any of the information identified in this section to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes; and
- Any other information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.
- Payment Information. You may select to purchase additional credits for continued use of the Services. If you choose to do so, you will be transferred to a third-party payment card processor. We do not store your payment card information.
- Interactive Features. Our Services may contain interactive functionality that allows you to engage with the Services, communicate electronically, and upload files, reports, contacts and other content. If you use any interactive functionality on our Services, we collect the information that you provide to us in the course of using these interactive features.
- Correspondence. If you contact us by e-mail, using a contact form on the Services, or by mail, fax, or other means, we collect Your Information as contained within, and associated with, your correspondence.
Information We Collect Automatically
When you visit our Services, some information is collected automatically. This includes:
- Your browser type and operating system;
- Your device type (for example, if you are on a computer or iPhone);
- Your Internet Protocol (IP) address, which can sometimes be used to derive your general geographic location;
- Server logs and other communication data;
- How you found our Services (for example, if you clicked on a link from a social network);
- Actions you take on our Services, and the content, features, and activities that you access and participate in on our Services;
- Information collected through cookies, Web beacons, and other similar Internet technologies;
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement; and
- Information regarding your interaction with e-mail messages, such as whether you opened, clicked on, or forwarded a message.
We, or our third-party providers, may collect personal information about your online activities over time and across different websites when you use our Services. This website does not respond to browser “Do Not Track” signals.
Information We Collect from Third Parties and Other Sources
We may receive information about you, including PHI and personal information from third parties, including higher education institutions and any of our service providers, and may combine this information with Your Information that we maintain about you. If we do so, this Policy governs any combined information that we maintain in personally identifiable format.
USE OF YOUR INFORMATION
We use Your Information in the following ways:
- To provide services and information that you request;
- To enhance, improve, operate, and maintain our Services, our programs, and other systems;
- To display personalized health content and appointment reminders;
- To prevent fraudulent use of our Services and other systems;
- To prevent or take action against activities that are, or may be, in violation of our Terms or applicable law;
- To tailor content and other aspects of your experience on and in connection with the Service;
- To maintain a record of our interactions with you;
- For other administrative purposes, including sending you direct email regarding our Services;
- For any other purposes which we may disclose to you at the point in which we request Your Information;
- For any other legitimate business activities not otherwise prohibited by law; and
- Pursuant to your authorization or consent.
We may also use Your Information for business purposes such as:
- Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Debugging to identify and repair errors that impair existing intended functionality;
- Short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction;
- Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services;
- Undertaking internal research for technological development and demonstration;
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us; or
- Any commercial purposes, including any purpose to advance your commercial or economic interests, such as by inducing you to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction,
SHARING YOUR INFORMATION
Except as described in this Policy, we will not disclose Your Information that we collect or display on the Services to third parties without your authorization. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
- Trusted Third-Party Service Providers. To the extent legally permissible, we may disclose and/or exchange Your Information to third-party service providers (e.g., administrative services companies, marketing partners, application developers, data hosting, and processing providers) that assist us in our operations. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions and we require them to agree to maintain the confidentiality of such information.
- You have the right to opt out of behavioral and interest-based marketing. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. In addition to opting out of cookies directly through your browser, you can view and opt out of all cookies that are currently on your browser by visiting the following websites: http://www.aboutads.info/choices or http://www.networkadvertising.org/choices. However, please note that disabling cookies may prevent you from taking advantage of certain features on the Services.
- For the mobile app, you can learn more about which third parties have currently enabled cookies for your mobile device and how to opt-out of some of those cookies by accessing the NAI’s website at http://www.networkadvertising.org/mobile-choices from your mobile device. On your mobile device you may also select “Limit Ad Tracking” (on iOS devices) or “Opt out of Interest-Based Ads” (on Android).
- Even if you disable tracking, keep in mind that you may still receive interest-based advertising, including from third parties with whom your information had been previously disclosed or advertising from third parties that is not based on your interests and preferences.
- Health Care Service Providers. To the extent legally permissible, we may also disclose Your Information to your health care service providers for purposes of medical treatment, consultation, appointment reminders, to disclose your use of the Services, and to deliver content specific to your health condition.
- Higher Education Institutions. To the extent legally permissible, we may disclose aggregated or de-identified information to your higher education institution for purposes of analyzing the use of the Services.
- Business Decisions. To the extent legally permissible, we may disclose Your Information to third parties if we are involved in a merger, acquisition, or sale of any or all of our business and/or our assets to a third party.
- Legal Compliance. To the extent legally permissible, we may disclose Your Information if we have a good faith belief that disclosure is necessary to:
- comply with applicable laws, regulations, legal process (such as a subpoena), or enforceable government request;
- enforce applicable Terms, including investigation of potential violations of such Terms, or to detect, prevent, or otherwise address fraud, security or technical issues; and
- protect against harms to the rights, property, or safety of Uwill, our users, or the public as required or permitted by law.
If you authorize integration of your PHI into the Services, you may revoke this authorization at any time by contacting Michael London at firstname.lastname@example.org.
If you receive e-mail from us, you may unsubscribe at any time by following the instructions contained within the e-mail. Additionally, if we offer user account functionality on the Services, we may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us.
LINKS TO THIRD PARTY WEBSITES
The Services may contain links to independent third-party websites (“Linked Services”). We provide these Linked Services solely for your convenience and do not control or endorse any of them. We are not and cannot be responsible for the content, security, or privacy policies of such Linked Services.
Your Information as provided to us through the Services will be stored in a secure manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect Your Information stored in our computer systems from unauthorized access. Please be aware, however, that no data security measures can be guaranteed to be completely effective. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
CALIFORNIA PRIVACY RIGHTS
California law allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes. We do not share any California consumer personal information with third parties for marketing purposes without consent.
California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us using the contact information set forth below.
Under the California Consumer Privacy Act, California residents have the right to:
- Request that a business delete any personal information about the consumer which the business has collected from the consumer.
- Request that a business that collects personal information about the consumer disclose to the consumer, free of charge, the following:
- The categories of personal information that it has collected about that consumer.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting or selling personal information.
- The categories of third parties with whom the business shares personal information.
- The specific pieces of personal information it has collected about that consumer.
- Request that a business that sells the consumer’s personal information, or that discloses it for a business purpose disclose, free of charge, to the consumer:
- The categories of personal information that the business collected about the consumer.
- The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal was sold, by category or categories of personal information for each third party to whom the personal information was sold.
- The categories of personal information that the business disclosed about the consumer for a business purpose.
- Direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.
You may submit a request under the California Consumer Privacy Act through the following methods:
- You may call us toll-free at 833-998-9455
- You may e-mail us at email@example.com
To submit a request, we are required to verify your identity. Please be prepared to provide us with your name, address, and date of birth. We will match the personal information that you provide to us with personal information that we already maintain about you in order to verify your identity. We may also need to contact you to confirm your request.
You may also designate an authorized agent to make such requests on your behalf by providing your authorized agent with power of attorney or providing us with written permission that you have authorized the agent to act on your behalf.
We may not be able to honor each request that we receive, but if we are unable to do so, we will respond to let you know our reasons. We will not discriminate against you if you choose to exercise any of your rights as described in this section.
INTERNATIONAL VISITORS AND THE PRIVACY SHIELD
Our Services are hosted and operated in the United States (“US”). By using the Services, you are consenting to the transfer of your personal information to the US. If you are accessing our Services from outside the US, please be advised that US law may not offer the same privacy protections as the law of your jurisdiction.
We do not knowingly collect personal information about individuals residing in the European Union. If you believe we have collected or processed information about someone in the European Union, please contact us immediately at firstname.lastname@example.org.
Purposes and Legal Bases for Processing Personal Information
Uwill collects your personal information to provide our products and services to you; otherwise, we may not be able to process the transactions you request. We will only process your personal information when we have a lawful basis for doing so. We will collect and process your personal information as necessary for the performance of a contract to which you are a party or because we have another legitimate interest in doing so relating to our business purposes arising from your relationship with us. We may also seek your prior consent or rely on some other lawful basis to process your personal information.
Our legitimate interests include but are not limited to:
- Provide you with the products and services you request, view, engage with, or purchase;
- Communicate with you regarding your account or transactions with us; and
- Operate, understand, optimize, develop, or improve our sites, applications, products, services, and operation.
Rights of Users Located in the EU
If you use the Services and are located in the EU, EAA, or Switzerland, you are entitled by law to access, correct, amend, or delete personal information about you that we hold. A summary listing these rights appears below. Please note that these rights are not absolute and certain exemptions may apply to specific requests that you may submit to us.
- The right to access. You have the right to ask us for copies of your personal information. When making a request, please provide an accurate description of the personal information to which you want access. Where requests are repetitive or manifestly unfounded or excessive, we may charge a reasonable fee based on administrative cost.
- The right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- The right to erasure. You have the right to ask us to erase your personal information in certain circumstances, including your personal information to be erased to comply with a legal obligation under EU or member state law.
- The right to restrict processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances, including: (i) when the accuracy of the personal information is brought into question, or (ii) when we no longer need the personal information for purposes of the processing, but require such personal information for the establishment, exercise, or defense of a legal claim.
- The right to data portability. You have the right to ask that we transfer the personal information you gave us from one organization to another, or give it to you.
- The right to lodge a complaint with the supervisory authority. If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with your supervisory authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
- The right to withdraw consent. If Uwill obtains your written consent to collect and process your personal information, you can subsequently withdraw such consent as to any further processing of information.
- Automated decision-making. To the extent that Uwill engages in decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you, you have the right not to be subject to such decision-making.
To exercise these rights please contact us at email@example.com. For your protection, we may need to verify your identity before responding to your request. In the event that we refuse a request, we will provide you a reason as to why.
Right to Object to Processing
You have the right to object to the processing of your personal information that is based on legitimate interests. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or we can demonstrate the processing is for the establishment, exercise, or defense of legal claims. You can object to the processing of your personal information by contacting us at firstname.lastname@example.org.
Cross-Border Transfers of Personal Information
Personal information that you provide while in the EU, an EAA member state, or Switzerland will be transferred to the United States. The GDPR permits such transfer when necessary for the performance of a contract between you and Uwill, if Uwill obtains your explicit consent to such transfer, or if it is in our legitimate interest to transfer the personal information. The laws in the United States may not be as protective of your privacy as those in your location. If we transfer personal information from the EU, we will provide an appropriate safeguard such as Privacy Shield.
Retention of Your Personal Information
We will retain your personal information until the personal information is no longer necessary to accomplish the purpose for which it was provided. We may retain your personal information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, an unauthorized access, as necessary to protect our legal rights, or for certain business requirements.
USERS ONLY OF LEGAL AGE OF MAJORITY
Uwill is designed and intended for those who have reached the legal age of majority in their respective jurisdictions of residence. This website and the Services are not intended for use by children or minors under the age of 13. We do not knowingly solicit information from children, and we do not knowingly market to children. We recognize that protecting children’s identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents. Please notify us immediately if you believe that we may have collected personal information from a child, so that we can delete such information
We do not sell the personal information of California consumers that are less than 16 years of age, unless the consumer (in the case of consumers between 13 and 16 years of age) or the consumer’s parent or guardian (in the case of consumers who are less than 13 years of age) has affirmatively authorized the sale of the consumer’s personal information.
UPDATES TO THIS POLICY
We may occasionally update this Policy. Unless otherwise stated, any modifications to this Policy will go into immediate effect after they have been posted, as indicated by the “Last Updated” date located at the beginning of this Policy. Your continued use of our Services after such changes will be subject to the then-current policy. If we change this Policy in a manner that is materially less restrictive of our use or disclosure of Your Information, we will use reasonable efforts to notify you of the change and to obtain your consent prior to applying the change to any of Your Information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Policy to stay informed about how we collect, use, and disclose Your Information.
If you have any questions or comments about this Policy, please email us at email@example.com.