Modern Health Privacy Notice

1. When this Privacy Notice Applies

This Privacy Notice applies to your “Personal Information,” which includes information that may identify you, and that we collect or which is derived from your interactions with our Services. Examples of Personal Information may include your name, your address, or an online identifier that could identify you (such as an IP address).  Depending on where you live, Personal Information may have a different definition according to the local privacy laws in your area. This Privacy Policy applies to all types of Personal Information as defined by the local privacy laws that apply to you. 

This Privacy Notice does not apply to:

• Medical and treatment information collected by our network of certified coaches and licensed therapists (“Providers”) during coaching or therapy sessions. Because this information is considered Protected Health Information (“PHI”) and is regulated by the Health Insurance Portability and Accountability Act (“HIPAA”), the Notice of Privacy Practices (“NPP”) will instead apply and explain how PHI is used and disclosed, and what rights exist related to PHI.  
• Third-party websites or services that may be linked within our Service.  Any information you provide to those third-party websites are controlled by those third parties and are subject to their privacy policies. We encourage you to read their privacy policies carefully before giving them your information.
• There may be certain components or offerings that have their own privacy notice, and in such an instance, these privacy notices will apply. 

2. Types of Personal Information We Collect

We collect and generate different types of Personal Information depending on how you use or interact with our Services. The categories and sources of Personal Information we collect and generate about you may include: 

1. Demographic and Contact Information: Demographic and contact information that you provide to us. For example, we may collect information such as your name, mailing address, e-mail address, and telephone and fax number.
2. Online or Other Account Information: Username or email address and corresponding passwords, security questions, and other information needed to permit access to certain components of our Services which require registration and/or credentials. 
3. Creating an Account and Onboarding: When you create a user account, we collect information that enables you to register and onboard to use our products and Services, such as your name, company, date of birth, contact information (phone number, email address), location, preferred password, and primary language.  
4. Webforms and Requests: Information you submit to us through online or interactive forms available within our Services. For example, you may “contact us,” submit feedback, request additional information about a product or Service, sign up for a mailing or other type of newsletter, or reach out to us regarding a question or concern. 
5. Websites: Information such as your username and password to enter certain sections of our websites or Services, unique identifiers, preference information (such as marketing preferences), browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site, operating system, date/time stamp, and clickstream data and other pieces of information. This is further described in Tracking Technologies subsection below.
6. Mobile Applications: Some of our Services are available either as mobile applications or mobile sites that you can use on your mobile device. If you use a mobile device to access and use our Services, we may additionally collect mobile-specific information including your device ID, device type, hardware type, media access control (“MAC”) address, the version of your mobile operating system, the platform used to access or download the Services, location information and usage information about your device and your use of the Services. Please note that not all of our mobile Services link to this Privacy Notice, so be sure to read the applicable privacy notice before using mobile Services.
7. Device Information: We may collect device information such as Internet Protocol (“IP”) addresses, log information, error messages, device type, hardware model, operating system, unique device identifiers, and mobile network information. For example, we collect IP addresses from you when you log into the Service as part of our log-in and security features. If you use a mobile device to access and use our Services, we may additionally collect mobile-specific information. We may also associate the information we collect from your different devices, which helps us provide consistent Services across your devices.
8. Log Information: Usage details of our Services, including the address (or URL) where you came from before visiting us, which pages or features you visit or utilize, which browser you use, search terms you enter, and items you click on. We may also create usage statistics and monitor the traffic from your use or interaction with our Services. 
9. Internet Protocol (IP) Addresses: Internet protocol (IP) addresses are unique identifiers automatically assigned to each computer when logging onto the Internet. We generally collect IP address information from visitors using or interacting with the Services and we log them for system administration purposes. In some cases, as described below, we may also use IP addresses to serve you ads on third party websites regarding our Services that may be of interest to you based upon your use or interaction with the Services if you have opted-in to certain types of cookies. You can always adjust your Cookie Settings or your individual browser’s settings. 
10. Location Information: Your location information may be collected in a variety of ways depending on how you use or interact with our Services. For example, location information can be derived from your IP address, location information associated with your use of a device, your country or location selection, or other location-based components and content of our Services. 
11. Health Information: If you use certain types of our Services, we may collect information about your health or medical condition, and your treatment, which may be considered sensitive personal information depending on where you reside (and additional privacy laws and privacy policies may apply).  
12. Progress Information:  We also may collect information about your progress in using the Service, but only if you choose to provide this information to us.  Progress information may be used to customize your Services. This information may include responses to wellness quizzes, surveys or other tasks. 
13. Business Interactions: Information derived from your business-related requests, communications, and dealings we have with you, or the company/organization you work(ed) for or are associated with. This may include your job title, business contact information (phone, email, fax, and address), information about products or Services you expressed an interest in or purchased from us, or that we have purchased from you or your company/organization, and other information needed to verify your ability to conduct business with us.  
14. Financial and Payment Information: In certain circumstances, we may collect payment information. If a credit card is used to purchase, we may collect information necessary to process the credit card transaction, such as the credit card type, number, and expiration date. Modern Health will submit standard transactions to health plans for Services as well as collect copays from inpatient members. Modern Health will also invoice employer customers to offer Modern Health’s Services to their employees.   
15. Social Media: Our Services may link to our pages or accounts on third party social media networks (“social media”) but our Services do not use social media plug-ins. If you choose to interact with us on social media, we may collect the information you publish or submit. Note that this information is also governed by the privacy policies of the respective companies offering the social media service.    
16. Forums and Blog: Some Services may link to blogs or forums (“forums”) that may or may not be owned or operated by Modern Health. If you choose to participate in forums, we may collect the information you submit to the forums. Note that such information may also be governed by the privacy policies of the respective companies offering the forums.  
17. Video Recording and Photographs: If you choose to use certain portions of our Services which involve video and/or photography, we will collect this Personal Information from you in order to provide you with the Services you have requested. 
18. Using the  Services: When you use the Services, we collect additional information that you provide to us such as your preferences related to our Providers, your level of commitment to different types of Services, your availability for matches to our Providers, your communication preferences (e.g. language, phone number, email), information related to your match with Providers, information related to your participation in our group sessions/webinars (Circles), and information related to scheduling and completing your visits with Providers, such as session date, time, status and attendance.  
19. Information About Dependents: We also may collect information about any dependents you invite to use the Service, such as your dependents’ names, dates of birth, primary language, email, location, your relationship to the dependents, the types of support requested for your dependents and how you want us to communicate with you about such dependents. 
20. Customer Support, Product Research, and Feedback: When you reach out to us such as to obtain support, give us feedback about the Service and our Providers, or participate in optional satisfaction surveys, product research (including user testing), we may also collect information that you choose to share.

Types of Users

Based on the type of user you are, and which components of our Services you utilize, we may also collect additional types of Personal Information such as:   

1. Users of Online Services: How you use and interact with our online Services, such as the date of your last login, the type of content that you viewed or accessed, pages you viewed, features you use, your browser and device type, error reports, and any links you click on to leave or interact with the Service. 
2. Members: To enable us to personalize your experience, provide care options, and design new products and Services, we also collect your answers to our well-being assessment as well as information about your preferred areas of focus.
3. Providers: Licensing and specialty information, payment information, and the types of interactions you have with members. 
4. Customers: Health plan information, payment information, and eligible employees.   
5. Prospective Applicants or Employees: Information related to your prospective employment with us including but not limited to work history, education, the contents of your resume, references.  If you later become an employee of Modern Health, you will receive a separate privacy notice which describes how your employment information will be handled.

Personal Information Obtained From Third Parties

We may also get Personal Information about you from other third parties where permitted by applicable law.  For example, we may receive Personal Information about you from our customers (who may be your employer) to enable us to validate your eligibility to use the Service. This information may include your name, work email address, postal code, date of birth, gender, race/ethnicity, employee ID number or code (if applicable), employment start and end dates, department, title, job code (if applicable), office location, performance information, health claims data, or survey information about your work satisfaction and related topics.  We also may receive Personal Information from Providers to enable us to match you with a different Provider or to facilitate your continuity of care.  We may combine information that is obtained from your use of the Services with information obtained from such third parties in order to provide you with more personalized Services. 

3. How We Use Personal Information

Depending on what Services you use and how you interact with us, we may use your Personal Information in the following ways. If you live in certain jurisdictions (including but not limited to the European Union), we may not process your Personal Information unless you first provide us with your consent to do so. 

1. To administer the Services;
2. To manage business transactions;
3. To respond to your inquires and provide information about the Services;
4. To send you marketing information;
5. To send you advertisements you may be interested in;
6. To improve the Services and user experience;
7. If we are involved in a merger, acquisition, or sale of our assets (or a portion thereof), it may impact how we process your Personal Information. In such an instance, we will comply with all applicable laws and treat your Personal Information accordingly;  
8. To register and onboard you for the use of the Service and to further tailor our products and Services for your use;
9. To provide the Service, including to communicate with you regarding any scheduled or available Services or to connect you to a Provider;
10. To maintain, manage and secure your access to the Services through our web and mobile apps;
11. To maintain records relating to your account;
12. To manage our relationship and communicate with you and our customers about new features and Services that we may offer;
13. To respond to inquiries and resolve disputes;
14. To conduct research such as case studies and academic research;
15. To carry out analytics, quality control, security processes and similar activities, in order to identify and develop potential improvements to the Services;
16. To aggregate claim information and analyze outcomes for the Services;
17. To measure your satisfaction with Modern Health Service through surveys, feedback and ratings;
18. To process payments from you in certain circumstances;
19. To prevent, detect, and prosecute illegal or fraudulent activity on the Service; and
20. Other uses required to do so by law, for example in order to maintain accounting records, compliance with applicable retention obligations, for purposes of reporting obligations, to respond to lawful requests by public authorities, to investigate potential breaches and to protect our rights, property, safety and those of our users.
21. When permitted by law, we may also enhance or combine information about you, including your Personal Information, with information about you that we obtain from third parties for the same purposes described in this Privacy Notice.

4. How We Share Personal Information ‍

We may share your Personal Information to the following third parties, and for the following reasons, in accordance with applicable law:‍

1. Modern Health Affiliates and Employees:  To our related entity affiliates, and our employees, in order to provide you with the Services. 
2. Service Providers:  To third party service providers that we hire to help us administer and provide the Services to you. These third parties are required to treat your Personal Information in accordance with appropriate contractual and legal privacy and security requirements.  
3. Providers:  To Providers with whom you are matched for therapy or coaching support. 
4. Links to/From Third-Party Website:  As a resource to our users, we may provide links to/from other unaffiliated websites or services within our Services. If you choose to visit such third-party websites or services, please note that any information you submit to them is not subject to this Privacy Policy. 
5. Employers:  If you are accessing the service through an employer (such as single sign-on), they may collect information about your login activity, including whether and when you access Modern Health Services. Modern Health does not control the information collection practices of employers or other benefit providers, and you should consult their internal policies and procedures for more information about their information collection practices.  We only share information with your employer that is permitted by law.
   

5. International Data Transfers

Modern Health is a U.S. based company, and therefore we may transfer your Personal Information outside of the country in which you reside in order to provide you with the Service.  We may also engage global service providers to assist us in providing you with the Service.   Those countries may not have the same data protection laws as the your resident country. If we transfer your Personal Information, we will comply with applicable legal requirements regarding providing appropriate safeguards for the transfer of Personal Information, ( e.g., standard contractual clauses, data transfer agreements) to protect your Personal Information in accordance with this Privacy Notice.  

6. How We Protect Personal Information 

Modern Health maintains technical, physical and organizational safeguards to ensure an appropriate level of security and confidentiality for your Personal Information, in accordance with our policies and applicable laws. However, no service or online platform is 100% secure. In addition, any unencrypted communications you send to us cannot be protected completely against unauthorized access, nor is Modern Health responsible for unauthorized access to your Personal Information when sent to your personal email address, upon your request.  You are responsible for maintaining the security of your devices and online accounts, including by not sharing your password or credentials for the Service with others.

Within our organization, only those personnel for whom access is necessary due to their role, task or function will be granted access to your Personal Information. 

Do Not Track:  Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online Services you visit. We do not alter our practices when we receive a Do Not Track signal from a visitor’s browser.  To find out more about Do Not Track, please visit https://www.allaboutdnt.com.

7. Retention of Personal Information

Information that we collect will be retained in a personally identifiable form for as long as necessary for the purposes described above, after which it will be deleted or maintained in a non-personally identifiable form. We may retain information in order to comply with our legal obligations (such as tax, accounting or health privacy purposes). If you have any questions about applicable retention periods, please contact us. 

8. Minors

Online components of our Services are not directed to children under the age of thirteen (13), and we do not knowingly collect Personal Information via online Services from children under the age of 13. Some Services can be provided to those under thirteen but this is handled outside of our online Services (e.g., by phone) and therefore electronic information for children under the age of 13 is not available. If you think that we have collected Personal Information via an online Service from a child under the age of 13, please contact us. 

The Service is not intended to be accessed by minors under the age of eighteen (18) except as authorized by their parents or legal guardian, and we do not knowingly collect any Personal Information directly from such minors and children without such authorization. If we discover that an individual under 18 has provided us with Personal Information, we will delete the Personal Information to the extent required by the Children’s Online Privacy Protection Act.

9. Legal Basis for Processing 

Modern Health will only use or process your Personal Information if the use or processing is permitted by applicable privacy laws in your jurisdiction. This is sometimes referred to as having a “legal basis” to use your Personal Information. The legal basis we may rely on to process your Personal Information may include:

1. Performance of a Contract:  For example, to carry out our contractual obligations with you pursuant to a contract to supply goods or services. 
2. Legal Obligations:  For example, some countries have transparency requirements regarding interactions with healthcare professionals, or requirements to provide information to authorities in case of adverse events or medical incidents related to the use of our Services.
3. Vital Interests:  For example, when processing your Personal Information is in your vital interest or required to protect your life. 
4. Consent:  For example, if you opt-in to receive marketing communications from us or expressly provide your consent for us to process your Personal Information. In the event you provide your consent, you may also withdraw your consent when permitted by applicable law, if you contact us. 
5. Legitimate Interests: This may include, for example, managing, operating, maintaining, and securing our websites, network systems, and other assets; and providing you with features and functionalities in the Services.
   

10. Data Subject Rights

 In certain circumstances, local privacy laws may give you rights with respect to your Personal Information, as described in more detail below. You may exercise your rights by contacting us.

We will handle any request to exercise your rights in accordance with applicable law, but please note that these rights may not be absolute. We may refuse or deny a request in accordance with applicable privacy laws. Additionally, depending on the circumstances and where you are located, not all of the below rights may be available to you.

Your rights with respect to your Personal Information may include the following:

1. Withdraw consent: If we use or share your Personal Information based on your consent, you may withdraw your consent at any time. 
2. Access: You may request access to or copies of your Personal Information. You may also request what types of Personal Information we have, the purposes for which we process it, and who has received access to your Personal Information.
3. Correction and Deletion: You may request that we correct your Personal Information if you think it is inaccurate or incomplete. You can also request that we erase or delete your Personal Information in certain circumstances.
4. Restrict Processing: You may request that we restrict the processing of certain Personal Information.
5. Data Portability: You may request that we provide you with your Personal Information that we obtained from you, and you can ask us to provide it to another entity.
6. Object: You may have the right to object to our processing of your Personal Information for certain purposes.
7. Lodge a Complaint: If you believe we are using, disclosing, or otherwise processing your Personal Information in a way that is not in accordance with applicable law, you can lodge a complaint with the relevant data protection authority in your country.
   

How to control your communications preferences

 In You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. You can also control some of the mobile notifications you receive from us through the settings on your mobile device and in our mobile application. We make every effort to promptly process all unsubscribe requests. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).

11. Updates To Our Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in our information practices.  If we make any significant changes to our Privacy Notice, we will provide you notice via the Services, or by other communication channels such as posting a notice on our website or sending you an email.  In the event that we use your Personal Information for other purposes not specified in this Privacy Notice, we will notify you. You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. Please review any changes carefully.  We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices.

12. How to Contact Us

If you have questions about this Privacy Notice, our information practices, or how Modern Health handles your information, or if you would like to exercise your rights, please reach out by emailing or writing to us at:
Modern Life Inc.
650 California Street, Floor 7, Office 07-128, San Francisco, CA 94108
Email:  privacy@modernhealth.com

13. Notice for California Consumers 

To the extent you are a California resident and your “Personal Information” is subject to the CCPA, this Section applies to our collection and use of Personal Information, as required by the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”). When we use the term “Personal Information” in the context of the CCPA, we mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household.  

Throughout this Privacy Notice, we discuss in detail the specific Types of Personal Information We Collect from and about users.  Under the CCPA, we are also required to provide you with the “categories” of Personal Information we collected and disclosed within the past twelve (12) months for a business purpose: 

1. Identifiers
   A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.
2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
   A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
3. Protected classification characteristics under California or federal law.
   Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
4. Commercial information.
   Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
5. Biometric information.
   Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
6. Internet or other similar network activity.
   Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
7. Geolocation data.
   Physical location or movements.
8. Sensory data.
   Audio, electronic, visual, thermal, olfactory, or similar information.
9. Professional or employment-related information.
   Current or past job history or performance evaluations.
10. Inferences drawn from other personal information.
    Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.‍
11. De-identified patient information 
    Patient information that has been de-identified pursuant to either 45 C.F.R. § 164.514(b)(1) or (2).

‍

We obtain the above listed categories of Personal Information from the following sources (in addition to directly from users), as identified in this Privacy Notice:

• Types of Users
• Personal Information Obtained From Third Parties

We disclose the above listed categories of Personal Information to the following categories of third parties, as described in How We Share Personal Information.  

We collect and disclose the above listed categories of Personal Information for the business purposes, as described in How We Use Personal Information.  
‍

Sale of Personal Information 

In the last twelve (12) months, we do not have knowledge that we sold any Personal Information of California Consumers, nor actual knowledge that we sold the Personal Information of California Consumers under the age of sixteen (16) years old. The CCPA defines “sale” as:  selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information to another business or third party for monetary or valuable consideration.  

If we do sell your Personal Information, we will notify you, and if you submit to us a verifiable consumer request using the contact information in Section 12 above, we will disclose to you a list containing the categories of Personal Information that we sold in accordance with the CCPA’s requirements.  
‍

California Privacy Rights

California residents may exercise certain CCPA privacy rights with respect to their Personal Information:

‍

• Notice: The right to be notified of what categories of Personal Information will be collected at or before the point of collection and the purpose for which they will be used and shared. 
• Right to Know/Access: You have the right to request that we disclose to you what Personal Information we collect, use, disclose, and sell about you, including: The categories of Personal Information we have collected about you in the preceding 12 months; The categories of sources from which the Personal Information is collected; The business or commercial purpose for collecting or selling the Personal Information; The categories of Personal information, if any, that we disclosed for a business purpose or sold to third parties in the preceding 12 months; and The categories of third parties to whom the information was disclosed or sold.
• Data Portability: The right to receive the Personal Information you have previously provided to us.
• Right to Delete: You have the right to request that we delete the Personal Information we collect about you.   
• To Opt-Out: You have the right to opt-out of the sale of your Personal Information to third parties.  Currently, we do not sell your Personal Information.  If you have any questions, please reach out to us by using the contact information below.
• Right to Non-Discrimination: You have the right to not receive discriminatory treatment by us if you exercise any of the rights conferred to you by the CCPA.
  ‍

How to Exercise Your California Rights
If you are a California resident and would like to exercise any of your rights listed above, please contact us. You may also designate an authorized agent to make a request to exercise your rights on your behalf.  In order to do so, you must contact us.  

While we take measures to ensure that those responsible for receiving and responding to your request are informed of your rights and how to help you exercise those rights, when contacting us to exercise your rights, we ask you to please adhere to the following guidelines:

• Tell Us Which Right You Are Exercising: Specify which right you want to exercise and the Personal Information to which your request relates (if it does not relate to you). If you are acting as an authorized agent on behalf of a California resident, please clearly indicate this fact and indicate your authority to act on their behalf.
• Help Us Verify Your Identity: Contact us and provide us with enough information to verify your identity.  Please note that if we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification. 
• Direct Our Response Delivery: Inform us of the delivery mechanism with which you prefer to receive our response. You may specify, for example, email, mail, or through your account (if you have one with us).

Please note that you do not need to create an account with us in order to make a request to exercise your rights hereunder.
‍

How We Respond to Your Requests

In all cases, we will respond to your request within ten (10) days to confirm receipt of your request and provide you with information about how we will process your request.  Then we will respond substantively to your request within forty-five (45) days. However, where reasonably necessary, we may extend our response time by an additional forty-five (45) days, provided we send you notice of such extension first. We will provide the information to you via your preferred delivery mechanism.  If the information is provided to you electronically, we will provide you the information in a portable format and, to the extent technically feasible, in a machine readable, readily useable format that allows you to freely transmit this information without hindrance. 

Please note that we will not charge you for making a request, provided that you make no more than two (2) requests per year. If you make three (3) or more requests in any given twelve (12) month period, we may refuse to respond to such requests, if determined by us to be unfounded or excessive (e.g., repetitive in nature), or we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested. If we refuse to act on the request, we will provide you notice and the reason for our refusal to act.
‍

Contacting the California Attorney General

The CCPA gives California Consumers the right to lodge a complaint with the California Attorney General’s office. The Attorney General’s office may be contacted at https://oag.ca.gov/contact/consumer-complaint-against-business-or-company or by telephone at: (916) 210-6276. 

We encourage you to reach out to us first, however, so that we may help resolve any complaints you may have.

‍