By visiting the Site, using or downloading the Application, or using any of our Services, you agree that your personal information will be handled as described in this Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy and our Terms of Service including its applicable limitations on damages and the resolution of disputes. The Terms of Service are incorporated by reference into this Policy. Please note: if you disagree with any term provided herein, please refrain from using our Services.
The Information We Collect About You
We collect information about you directly from you and from third parties, and automatically through your use of our Site or Services.
Protected health information. In certain circumstances, we may collect or use your information through our Sites and Services while acting as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which may constitute “Protected Health Information.” A “Business Associate” includes an entity that provides services to a HIPAA Covered Entity that involves the use or disclosure of Protected health information. If your health care provider or health insurance company qualifies as a Covered Entity, and we provide services to them or on their behalf, we may qualify as their Business Associate. “Protected Health Information” or “PHI” as defined under HIPAA, generally means information about you that identifies you and that relates to your physical or mental health or condition, the provision of health care to you, or payment for health care provided to you. To the extent your PHI is collected while operating as Business Associate under HIPAA, we will only use and disclose your information as permitted by HIPAA, which may include, but not be limited to, fulfilling our service obligations, our internal management and administration, to carry out our legal responsibilities, to de-identify or aggregate data and use such de-identified data for any lawful purpose, or as otherwise required by law. If you continue to receive Services from us and sign a separate HIPAA authorization form to release your health information to us, then such health information shall no longer be subject to HIPAA and shall be subject to the terms of such authorization form.
Information We Collect Directly From You. The information we collect from you depends on how you use our Services. To the extent we collect PHI from you in any of the categories set forth below, then such PHI is subject to HIPAA, as set forth above. However, when you sign up with Laguna directly as part of our direct-to-consumer offering, (i.e. not through a Medical Provider or your insurance Company) then that information is not PHI.
- Communications and interactions. When you communicate with Laguna, either directly by yourself or through caregivers, by any means, including by interacting with our recovery coaches through our Services; with your caregivers; using our mobile application; approaching our customer services; or approaching us in order to receive technical support, including through chat, email, video, or by phone (including call recordings), we collect the personal information you provide us including but not limited to your name, email address, phone number, and date of birth, or other unique personal identifier to confirm your identify.
- Registration information. When you create an account with us, we may collect your first name, last name, email address, phone number, and date of birth or other unique personal identifier to confirm your identity.
- Medical-related forms. When you, your caregiver, your Medical Provider, or your insurance company, provide us medical and insurance-related forms via our Services or Application, per your request and with your consent, we may obtain your medical records, and the personal information contained therein including but not limited to your name, date of birth, and relevant health information.
- Recovery information. When you, either directly by yourself or by your caregivers, choose to provide information about your recovery progress through our Application features or via mobile device, we may collect any information you provide us, including but not limited to your name and information pertaining to your wellbeing and recovery.
Information We Collect Directly From Covered Entities or Business Associates. If you were referred to our Services via a Medical Provider, your employer, or insurer or if you authorized us to obtain your personal information from such third parties, subject to your consent, we may collect your contact details, information about your hospitalization, and PHI.
Information We Collect Automatically. We automatically collect information about your use of our Site and Apps through cookies, web beacons, and other technologies, including technologies designed for mobile apps. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information.
- Activities and usage. We also collect activity information related to your use of the Services, such as information about the links clicked, searches, features used, items viewed, time spent within the Services.
- Location information. We may collect or derive location information about you, such as through your IP address. Further, with your permission, we may collect geolocation information from your device. You may turn off location data sharing through your device settings.
How We Use Your Information
We use your information, including your personal information, for the following purposes:
- Services. To provide our Services; to communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes; and to tailor the content and information that we may send or display to you, to verify your identity when you sign into your account, to offer location customization, to provide you with relevant information and/or reminders related to a medical condition and/or particular treatment, and to otherwise personalize your experiences while using our Services.
- Security and Protection of Rights. To protect our Services and business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Service.
- General Business and Operational Support. To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
- Compliance and Legal Process. To comply with the law and our legal obligations, to respond to legal processes and related to legal proceedings.
- Other Purposes. For any other purposes for which we obtain your consent.
How We Share Your Information
We may share the personal data that we collect for the purposes described above, in order to provide our Services to you, to respond to and fulfill your requests, as otherwise directed or consented to by you, and as follows:
- Caregivers. If, at your request, you are assisted by caregivers while using our Services, you may allow them to view your medical information by using the Application. By granting an access to your medical information to such designated caregivers, you provide your consent to share your Personal Information and PHI with them. The caregivers' access to your Personal Information and PHI is subject to this Policy and our Terms of Service.
- Service Providers. We disclose the information we collect from you to service providers, contractors or agents who perform functions on our behalf. These may include, for example, IT service providers, cloud storage providers, customer support, security monitoring, marketing providers, analytics providers, and others. Where our service providers will have access to PHI, we have entered into Business Associate Agreements that govern their handling of PHI.
- Medical Provider Partners. Our Site and Services serve, among other things, as a platform to ease your communication with applicable Medical Providers or your insurance company. We may disclose your Personal Information and PHI to Medical Providers or your insurance company if you are referred to us by a Medical Provider or your insurance company. If you are referred to us by a Medical Provider or your insurance company, you hereby acknowledge and agree that your Personal Information and PHI might be shared with such Medical Provider.
We also disclose information in the following circumstances:
- Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and third-party advisors, including attorneys and consultants.
- In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
- To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Policy, or as evidence in litigation in which we are involved.
- Aggregate and De-Identified Information. We may share aggregate, anonymized, or de-identified information about users with third parties for marketing, advertising, our business purposes, research or similar purposes.
Transfers of Personal Information
We take steps to ensure that any international transfer of personal information is carefully managed to protect your rights and interests and that such transfers comply with applicable data protection laws. In this regard, we only transfer your personal information outside of the country in which it was originally collected to countries which provide an adequate level of data protection similar to that of the country in which the personal information was collected or where we are satisfied that there is an appropriate justification under applicable data protection laws for the transfer. Regulatory approval for transfers will also be obtained in circumstances where required.
Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies.
- Session Cookies. Session cookies exist only during an online session. They disappear from your device when you close your browser or turn off your device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site and Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site and Services.
- Persistent Cookies. Persistent cookies remain on your device after you have closed your browser or turned off your device. We use persistent cookies to track aggregate and statistical information about user activity.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can change your browser options to block them in the future on each device and each browser. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs, or pixel tags), in connection with our Site and Services to, among other things, track the activities of Site visitors and app users, help us manage content, and compile statistics about Site usage. We and our third-party service providers also use clear GIFs in HTML e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies).
Third-Party Links Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
Laguna acknowledges that data protection laws in certain jurisdictions provide Users with certain statutory rights to their Personal Information. Depending on the applicable jurisdiction, you may have the statutory right to take certain actions in regards to your Personal Information.
If you wish to exercise these rights, please email us at firstname.lastname@example.org and we will respond within a reasonable timeframe, and no later than permitted by applicable law.
Please note that terminating your Account will not necessarily delete Personal Information that is stored on our servers. If you wish to delete all Personal Information that we have collected about you, including PHI, please send a deletion request to email@example.com and we will delete your information within a reasonable timeframe. However, please note that we may be required by applicable laws and regulations to retain certain Personal Information for a longer period of time. Please note that aggregate and/or anonymous information derived from your Account and/or use of the Services may remain on Laguna servers.
What Choices Do I Have Regarding Use of My Personal Information?
We may send periodic promotional emails to you. You have the right to opt-out of marketing messages at any time by following the instructions in such marketing messages or by contacting us at: firstname.lastname@example.org. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.
We may also call or text you to communicate with you about Services you have requested or received from us. We will obtain your consent for this type of communication upon our initial outreach. You have the option to opt out of text messages by clicking the opt-out link in our initial outreach or by replying to the text message with your communication preferences. To opt out of phone calls, you may explicitly ask us to opt-out and we will record and honor your request.
Security of My Personal Information
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Our Services are not designed for minors and we do not knowingly collect personal data from children under 13. If we discover that a child under 13 has provided us with personal data in violation of applicable law, we will delete such information from our systems. If you’re a parent and you believe we have collected your child’s information in violation of applicable law, please contact us at email@example.com.
We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Services.
If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at firstname.lastname@example.org.
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site and Application. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site and Application.