Effective Date: September 3, 2019
This Policy is incorporated by reference into the Vim, Inc. Terms of Service (the “Terms”) on which the Services are provided. All other terms not defined herein will have the meanings set forth in the Terms.
Applicants for employment with Vim: Please view our Candidate Privacy Notice which describes how Vim collects, uses, stores and protects your personal information when you apply for a position with us and the rights you have in connection with that personal information.
This Policy applies to Personal Information that is Processed by Vim in the course of our business, including on the Site or Services. This Policy does not apply to any sites maintained or operated by other companies or linked to our Site or Services. All individuals whose responsibilities include the Processing of Personal Information on behalf of Vim are expected to protect that data by adherence to this Policy.
This Policy applies to all of Vim’s operating divisions, subsidiaries, affiliates, and branches through which we operate the Vim business.
3. Transparency/Notice—Types of Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with us and the requirements of applicable law. Some of the ways that we may collect Personal Information about you include:
- You may provide Personal Information directly to Vim through interacting with the Services or from Vim’s Third-Party sources, such as a healthcare plan or medical provider, and when requesting Services or other information from us.
- As you navigate the Site or Services, certain passive information may also be collected about your visit to our Site or use of the Services, including through cookies and similar technologies as described below.
We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it.
3.1 Types of Personal Information We Collect
Vim collects Personal Information regarding its current, prospective, and former clients, customers, including medical providers, users, such as healthcare plan participants, visitors and guests (collectively “Individuals”).
- Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as register for an account with us, sign up for newsletters, respond to surveys, submit comments, reviews or other user-generated content, connect or interact with us on social networks, such as Facebook or Google+, request Services, technical support or information or contact us directly, we may ask you to provide some or all of the following types of information:
- Communications with Us. We may collect Personal Information from you such as your name, email address, phone number, mailing address, payment card information and medical information including your medical provider’s name and contact information, or if you are a medical provider, the name of the clinic you are associated with, when you choose to request information about our Services, register for our newsletter or request to receive customer or technical support or otherwise communicate with us.
- Surveys. From time to time, we may contact you to participate in online surveys. If you do decide to participate, you may be asked to provide certain information which may include Personal Information. All information collected from your participation in our surveys is provided by you voluntarily. We may use such information to improve our products, Sites and/or services and in any manner consistent with the policies provided herein.
- Posting on the Site. We may offer publicly accessible blogs, private messages or community forums. You should be aware that, when you disclose information about yourself in or on our blogs, private messages and community forums, the Site will collect the information you provide in such submissions, including any Personal Information. If you choose to submit content to any public area of the Site, such content will be considered “public” and will not be subject to the privacy protections set forth herein.
- Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services and other actions taken through use of the Services such as preferences.
- Information Submitted Via Services. You agree that Vim is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or Services. Vim will not release your name or otherwise publicize the fact that you submitted materials or other information to us unless: (a) you grant us permission to do so; (b) we first send notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with your name on it; or (c) we are required to do so by law.
- Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations that we interact with to supplement information provided by you.
- Protected Health Information under HIPAA. Some of the Third Parties that we may interact with, such as healthcare providers and healthcare plans, are subject to laws and regulations governing the use and disclosure Protected Health Information (as defined under the United States’ Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with its associated regulations, collectively “HIPAA”) that they create, receive, maintain or disclose when providing medical services such as treatment or payment for medical services. When we create, receive, maintain or disclose Protected Health Information about you on behalf of our Third-Party healthcare providers or healthcare plans we may do so under the terms of an agreement, called a Business Associate Agreement, which lays forth the uses in which we are able to use or disclose your Protect Health Information as part of our Services. For this Policy, the term “healthcare provider” means any user who is a “health care provider” (as defined by HIPAA) or any user who is a member of that health care provider’s “workforce” (as also defined by HIPAA). Without the use of your Protected Health Information which we reasonably require, we may not be able to provide you with the information or Services you have requested as you will be unable to register as a user.
- Registration to the Platform or Site. Prior to your registration to our Site or Services, and in order to enable such registration, we may receive Personal Information about you from a clinic you are associated with or your healthcare plan. We require this information about you in order to verify your identity and eligibility to gain access to the Site or Services. If you are not found eligible to gain access to the Site or Services, we will discard your Personal Information.
- Payment Information. If you pay for a healthcare provider’s services through us, we may collect payment card information from you through a Third-Party service provider, including your name, expiration date, authentication code and billing address. We will securely transmit this information consistent with payment card industry rules to the appropriate payment facilitators. We may offer you the option to save information about the method and choice of payment on our Site. If you save this payment card information on our Site, you will be able to add, remove or modify that information at any time using your account settings.
3.2 How Vim Uses Your Information
We acquire, hold, use, and Process Personal Information about Individuals for a variety of business purposes, including:
- To Provide Products, Services, or Information Requested. We may use information about you to fulfill requests for products, Services, or information, including information about potential or future Services, including to:
- Generally manage Individual information and accounts;
- Respond to questions, comments and other requests;
- Provide access to certain areas, functionalities and features of our Services;
- Contact you to answer requests for customer support or technical support; and
- Allow you to register for Services or events.
- Administrative Purposes. We may use Personal Information about you for our administrative purposes, including to:
- Measure interest in our Services;
- Develop new products and Services;
- Ensure internal quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on our Services and systems, and, in our discretion, changes to any Vim policy;
- Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service or system maintenance;
- Process payment for products or services purchased;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities; and
- Enforce our Terms.
- Allow you to register for Services or events.
- Information Regarding Our Products and Services. We may use Personal Information to provide you (e.g., by email) with materials and information about our Services that may be of interest.
You may contact us at any time to opt out of the use of your Personal Information for marketing purposes, as further described below.
- Research and Development. We may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services. From time to time, we may perform research (online and offline) via surveys. We may engage Third-Party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and Services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous Individual and aggregate data for research and analysis purposes.
- Services via Mobile Devices. From time to time, we may provide Services that are specifically designed to be compatible and used on mobile devices. We will collect certain information that your mobile device sends when you use such Services, like a device identifier, user settings, location information, mobile carrier, and the operating system of your device. Mobile versions of Vim’s Services may require that users log in with an account. In such cases, information about use of mobile versions of the Services may be associated with accounts. In addition, we may enable Individuals to download an application, widget, or other tool that can be used on mobile or other computing devices. Some of these tools may store information on mobile or other devices. These tools may transmit Personal Information to Vim to enable Individuals to access accounts and to enable Vim to track use of these tools. Some of these tools may enable users to email reports and other information from the tool. Vim may use personal or non-identifiable information transmitted to Vim to enhance these tools, to develop new tools, for quality improvement and as otherwise described in this Policy or in other notices Vim provides.
- Anonymous and Aggregated Information Use. We may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Vim’s Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and we may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Vim and with Third-Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
- Sharing Content with Family and Friends. Our Services may offer various tools and functionalities. For example, we may allow you to share provider profiles with others and to invite family members to create an account with Vim. Email addresses that you may provide to invite family members to create an account will not be used by Vim for other purposes.
Other Uses. We may use Personal Information for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection or any other purpose disclosed to you at the time you provide Personal Information or with your consent.
3.3 Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising
- Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Site may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
- Analytics. We may also use analytics tools such as:
- Mixpanel to provide us with analytics data regarding your interactions with our Services. You may opt-out of Mixpanel’s automatic retention of data collected while using the Services by visiting https://mixplanel.com/optout/. To track opt-outs, Mixpanel uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may clear the Mixpanel opt-out cookie.
- Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visit www.google.com/policies/privacy/partners/. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
Our uses of such Technologies fall into the following general categories:
- Advertising or Targeting Related. We may use first-party or Third-Party cookies and web beacons to deliver content, including ads relevant to your interests, on our Site, Services or on Third-Party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.
If you would like to opt out of the Technologies we employ on our Sites, Services, applications, or tools, you may do so by blocking, deleting or disabling them as your browser or device permits.
3.4 Third-Party Websites, Social Media Platforms and Software Development Kits
Our Site and Services may contain links to other websites, and other websites may reference or link to our Site or other Services. These other domains and websites are not controlled by us, and Vim does not endorse or make any representations about Third-Party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
Vim’s Site and Services may include publicly accessible blogs, community forums or private messaging features. The Site and Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Site or other Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by Third-Parties for any number of purposes.
4. Onward Transfer —Vim May Disclose Your Information
4.1 Information We Share
We may share your information as described in this Policy (e.g., with our Third-Party service providers; to comply with legal obligations; to protect and defend our rights and property) or with your permission. We do not rent, sell or share your information with Third-Parties except as described herein.
- We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers. The types of service providers to whom we entrust Personal Information include service providers for: (i) provision of IT and related services; (ii) provision of information and services you have requested (including, for example, cloud services providers such as AWS); (iii) payment processing; (iv) customer service activities; and (v) in connection with the provision of the Services. Vim has executed appropriate contracts with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
- Business Partners. Vim may share Personal Information with our business partners, including healthcare providers and healthcare plans, call centers and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. We may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with Vim. We require our affiliates and business partners to agree in writing to maintain the confidentiality and security of Personal Information they maintain on our behalf and not to use it for any purpose other than the purpose for which Vim provided it to them.
- Displaying to Other Users. The content you post to the Site may be displayed on the Site. Other users of the Site may be able to see some information about you, such as your name if you submit a review. We are not responsible for privacy practices of the other users who will view and use the posted information.
- Disclosures to Protect Us or Others (e.g., as Required by Law and Similar Disclosures). We may access, preserve and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Vim’s policies or contracts; (v) to collect amounts owed to Vim; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
4.2 International Data Transfers
You agree that all Personal Information collected by Vim may be transferred, Processed, and stored anywhere in the world, including but not limited to, the United States, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to Vim, you explicitly consent to the storage of your Personal Information in these locations.
5. Opt-out (Right To Object To Processing)
You have the right to object to and opt-out of certain uses and disclosures of your Personal Information. Where you have consented to Vim’s Processing of your Personal Information, Sensitive Personal Information or Protected Health Information, you may withdraw that consent at any time and opt-out of further Processing by contacting [email protected]. Even if you opt-out, we may still collect and use non-Personal Information regarding your activities on our Sites and/or information from the advertisements on Third-Party websites for non-interest based
5.2 Email and Telephone Communications
If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt-out of receiving future emails. We will process your request within a reasonable time after receipt. You can also log-in to your account to opt-out and update your marketing preferences at any time by sending an email to [email protected]. Even after you opt-out or update your marketing preferences, please allow us sufficient time to process your marketing preferences. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding Vim and our Services and you will not be able to opt-out of those communications (e.g., communications regarding updates to our Terms or this Policy).
We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
5.3 Mobile Devices
Vim may occasionally send you push notifications through our mobile applications with notices that may be of interest to you. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. Vim may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
5.4 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt out of certain mobile ads via their device settings.
6. Rights of Access, Rectification, Deletion and Restriction
You may ask us to rectify or delete your Personal Information at any time. However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.
You can update your contact information, as well as other Personal Information, you provided to us by logging-in to your settings page and making the appropriate changes or corrections yourself. You can also update your marketing preferences by logging-in to your settings page or contact us directly at the address below. If you wish to de-activate your account, you may do so by contacting our customer support team at [email protected]. Once you do so, your account will then be de-activated on a going-forward basis.
Although Vim makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which Vim is unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If Vim determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Vim will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
We may rectify, replenish or remove incomplete information at any time and at our own discretion.
7. Data Retention
Vim retains the Personal Information we receive as described in this Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with applicable laws.
8. Security of Your Information
The security and confidentiality of your Personal Information matters to us. That’s why we have appropriate technical, administrative, and physical controls in place to protect your Personal Information from unauthorized access, use and disclosure. For example, we encrypt certain information you submit to us using Secure Sockets Layer (“SSL”) technology that helps protect information during transport to our Site. We also review our security procedures periodically to consider appropriate new technology and updated methods. However, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.
By using the Site or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an e-mail to you. You may have a legal right to receive this notice in writing.
9. International Users
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to Processing of your data globally. By providing your Personal Information, you consent to any transfer and Processing in accordance with this Policy.
10. Children’s Privacy
Our Services are not directed to children under 13. In addition, you are not permitted to use our Services if you do not meet the minimum age requirement applicable to our Services in your jurisdiction. We do not knowingly collect Personal Information from children under 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us at [email protected] If we learn that we have collected Personal Information of a child under 13 (or under 16 in certain jurisdictions, such as EU member countries) we will take steps to delete such information from our files as soon as possible and terminate the child’s account unless we receive verifiable parental consent.
11. Redress/Compliance and Accountability
12. Other Rights and Important Information
- New Uses of Personal Information. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt-out. Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, Vim will endeavor to comply with the law or contract.
12.2 California Privacy Rights
The following capitalized terms shall have the meanings herein as set forth below.
- “Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
- “Protected Health Information” has the meaning defined under HIPAA.
- “Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections.
- “Third-Party” is any company, natural or legal person, public authority, agency or body other than the Individual or Vim.