Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.
BY SUBMITTING PERSONAL DATA THROUGH THIS PLATFORM, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE PLATFORM AND PLEASE DO NOT SUBMIT ANY PERSONAL DATA TO US.
We collect “Personal Data”, which includes any information that can be used on its own or with other information in combination to identify or contact one of our users. In some cases, this Personal Data may be or may include healthcare information or “Protected Health Information.” The types of Personal Data we collect are described below.
Demographic Data. We collect demographic information such as your name, email address, age, gender, phone number, postal address, and personal health information such as your diagnosed condition(s). Primarily, the collection of your Personal Data assists us in creating your User Account, which you can use to securely track, manage, and transmit your Personal Data to your healthcare provider.
Device, Telephone, and ISP Data. We use common information-gathering tools, such as log files, web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from Your computer or mobile device as you navigate our Platform. The information we collect may include your Internet Protocol (IP) address (or proxy server), device and Platform identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our Platform and to guarantee their security and continued proper functioning.
Health Data (Patient Users Only). In addition to demographic information, we may collect information regarding your health conditions, medications, and communications between the patients and their healthcare providers. We collect this information to help healthcare provider(s) track and manage their patients’ health.
We process Your Personal Data for purposes based on legitimate business interests, meeting our contractual obligations to you, complying with our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described herein. Where required by law, we will ask for your prior consent before doing so.
Specifically, we process Your Personal Data for the following legitimate business purposes:
Personal Data Orma Health collects through the Platform will be stored on secure cloud based servers through Amazon Web Services, even if you are accessing the Platform from outside the United States. Your country’s data protection laws may not apply and may be more stringent than those to which Orma Health is legally subject. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States.
Yes, with third parties that help us power our Platform. Orma Health has a limited number of service providers and other third parties (“Business Partners”) that help us run various aspects of our business. These Business Partners are contractually bound to protect Your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, information security, IT services, customer service, and billing management.
Yes, with third parties that provide advisory services. We may share Your Personal Data with Our lawyers, auditors, accountants, or banks, when We have a legitimate business interest in doing so.
Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Orma Health’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings). If We share Your Personal Data with a third-party other than as provided above, You will be notified at the time of data collection or transfer, and You will have the option of not permitting the transfer.
We may, from time to time, rent or sell aggregated data and/or other information that does not contain any personal identifiers (i.e., the information has been anonymized by stripping out identifiers such as name, address, phone number, etc.). The purpose of this type of disclosure is to describe the Platform to current and prospective business partners and other third parties. The anonymized data may also be shared or published through academic journals or media platforms for lawful purposes. Once your data is anonymized, it is no longer Personal Data, and we are not restricted in our use of that data for any purpose.
We will retain your Personal Data for as long as you maintain a User Account and up to 7 years after the account is closed. The exact period of retention will depend on the type of Personal Data, our contractual obligation to you, and applicable law. We keep your Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined herein. At the end of the applicable retention period, we will remove your Personal Data from our databases and will request that our Business Partners remove your Personal Data from their databases. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing of such data. We retain anonymized data indefinitely. Contact Us at email@example.com regarding the applicable data retention period for your Personal Data.
NOTE: Once we disclose your Personal Data to third parties, we may not be able to access that Personal Data any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Data other than as described should be directed to firstname.lastname@example.org.
Orma Health is committed to protecting the security and confidentiality of your Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot absolutely ensure the security of information you transmit to us. By using the Platform, you are assuming this risk.
Safeguards. The information collected by Orma Health and stored on secure servers is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If Orma Health learns of a security concern, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by an inPlatform notification. Depending on where you live, you may have a legal right to receive such notices in writing.
You are solely responsible for protecting information entered or generated via the Platform that is stored on your personal device (such as your cell phone or tablet) and/or removable device storage. Orma Health has no access to or control over your personal device’s security settings, and it is up to you to implement any devicelevel security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access our Platform.
NOTWITHSTANDING ANY STEPS THAT WE TAKE, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US, AND YOU TRANSMIT SUCH PERSONAL DATA AT YOUR OWN RISK.
Please be advised that we will NEVER send you an email requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any email requesting such information. If you receive such an email purportedly from Orma Health, DO NOT RESPOND to the email, DO NOT CLICK ON ANY LINKS AND/OR OPEN ANY ATTACHMENTS in the email, and notify Orma Health support at email@example.com immediately.
You are responsible for taking reasonable precautions to protect your user ID, password, and other User Account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Orma Health at firstname.lastname@example.org if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.
You have certain rights relating to Your Personal Data, subject to local data protection laws. These rights may include the right to:
You can exercise the rights listed above at any time by contacting us at email@example.com.
California Residents. California residents may request and obtain from us, once a year, free of charge, a list of third parties, if any, to which we disclosed their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If you are a California resident and wish to obtain that information, please submit your request by sending us an email at Privacy@ormahealth.com with “California Privacy Rights” in the subject line.
You may change your email address and other contact information by contacting your healthcare provider or sending an email to firstname.lastname@example.org. If you need to make changes or corrections to other information, you may send an email to Privacy@ormahealth.com. Please note that in order to comply with certain requests to limit use of your Personal Data, we may need to terminate your account and your ability to access and use the Platforms, and you agree that we will not be liable to you for such termination or for any refunds of prepaid fees paid by you. You may deactivate your account by sending an email to email@example.com.
Although we will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems every record of your Personal Data. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a nonerasable form that will be difficult or impossible for us to locate or remove.
We will not market third-party services to you without your consent. We will only send emails to you regarding your Orma Health account and services unless we have your express consent to do otherwise. You can choose to filter these emails using your email client settings, but we do not provide an option for you to opt out of these emails. You can opt out of non-essential emails by sending an email to firstname.lastname@example.org.
We do not knowingly collect Personal Data from individuals under the age of 18 and the Platform is not directed to individuals under the age of 13. We request that these individuals not provide Personal Data to Us. If we learn that Personal Data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you are aware of a user under the age of 13 using the Platform, please contact us at email@example.com.
If you are a resident of California under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our websites.
Orma Health, Inc.
301 Mission Street #35F
San Francisco, CA 94105
Please note that email communications are not always secure; so please do not include sensitive information in your emails to us.