Hoot Health Inc. (“we,” “us,” “ours” or “Hoot”) provides content and online management services to help health care providers manage myopia in kids (collectively, the “Services”). We collect personal information from parents and guardians about their kids on behalf of their health care providers (“Providers”). We also collect personal information about Providers. This privacy policy (“Privacy Policy”) explains how we collect, process, store and share personal information. It also provides you with important information about your personal information rights and how to exercise them.
By using, interacting with or accessing our Services, or by providing your personal information to us, you acknowledge that you accept our privacy practices and policies outlined below and you consent to us collecting, processing, storing and sharing your information as described in this Privacy Policy.
1. Notice at Collection of Personal Information
Definition of Personal Information
We collect, process, store and share information that identifies, relates to, or could reasonably be linked, directly or indirectly, with a particular individual or household (“personal information”). Personal information does not include information publicly available from government records, or which is not personal, like anonymous, deidentified or aggregated data (even if it originally comes from personal information).
Categories of Personal information We Collect
We collect, process and store, and may share with third parties, the following categories of personal information.
Contact information, such as full name, postal address, email address and phone number
Account information, including username and password
Health and genetic information, including medical conditions, medical history, family medical history, treatments and prescriptions
We collect Protected Health Information (“PHI”) on behalf of Providers
Mail, email or text message contents not directed to us on behalf of Providers
We collect mail, email and text message contents not directed at us on behalf of Providers
For example, you may exchange communications with a Provider through our Services
Professional or employment-related information, including information about a Provider’s practice, employees and contractors
Commercial information, including information about a Provider’s history of prescribing treatments and prescriptions
Government identifying numbers, for example, national provider identifiers
Payment information, including credit card information
Internet and device identifiers, activity and analytics, such as information we automatically collect through cookies and similar tracking technologies, including type of device, browser and operating system, device and browser settings, application IDs, unique device identifiers, device crash data, domain name, Internet Protocol (IP) address, referring webpage/source through which you accessed the Services, non-identifiable request IDs and statistics associated with the interaction between your device or browser and the Services
Services usage data, such as your log-on activity, date and time of visits, search terms, views, clicks and downloads, including which Providers, people, features, content and links you interact with when using the Services
Approximate geolocation when you are using our Services
Sensory data, such as voice recordings
Preference information, including your preferences related to marketing, privacy and communications, including consents for text message communications
Other information you choose to provide when interacting with our Services
For example, you may provide us with information when you submit a customer service query, provide feedback, or otherwise communicate with us, including by online form, email, text message, phone and webchat
Other information you choose to provide when interacting with our Services
For example, your Provider may provide us with information related to appointment scheduling or requests for educational materials
Inferences drawn from any of the personal information listed in this section; for example, to create a profile of an individual’s preferences and characteristics
Categories of Parties with Whom We Share Your Personal Information
We may share your personal information with the categories of parties listed in this section.
Providers
We collect and process certain personal information on behalf of Providers, including collecting personal information directly from users of the Services (e.g., parents and guardians) on behalf of Providers
Providers are considered “controllers” of such personal information we collect on their behalf under applicable privacy law; and are not considered third parties under applicable privacy law or this Privacy Policy
This Privacy Policy does not control how Providers use your personal information, which may be different from the uses described in this Privacy Policy; please consult the applicable Provider’s privacy policy for more information on how the Provider uses your personal information
Categories of Third Parties Whom We Share Your Personal Information
Our Vendors who help us provide the Services or perform business functions on our behalf, including hosting, technology and communication providers; analytics providers; support and customer service vendors; our attorneys, advisors, auditors and accountants; and payment processors
Parties You Access, Authorize or Authenticate, including third parties you access through the Services; information provided to such third parties are subject to such third parties’ privacy policies; please consult the applicable third party’s privacy policy before providing information to a third party
Parties for Legal Purposes, including governmental authorities, law enforcement or other third parties in connection with any of the activities set forth in the bullet beginning with “Meet legal and compliance requirements” in the below section called, Our Business Purposes for Collecting and Sharing Personal information
Parties for Business Changes, for example, your personal information that we collect may be shared with or transferred to a third party if we undergo a merger, acquisition, sale, equity or debt financing, bankruptcy or other transaction in which a third party invests in, finances, or acquires control of our business or assets (in whole or in part)
Our Business Purposes for Collecting and Sharing Personal Information
This section details the business purposes for which we collect, process, store and/or share your personal information.
Provide, improve and protect our Services, including to provide the Services; improve or customize the Services; develop new services or products; prevent or address service errors, security or technical issues; analyze and monitor usage, trends or other activities; respond to requests and inquiries from, or otherwise communicate with, Providers, users and third parties
Improve your user experience, for example, we use cookies and other device and internet information to track your usage data to provide content of interest to you or to store your information so that you do not need to re-enter it each time that you login
Market to you, including through profiling, for example, to market relevant healthcare products and services to you; and to create a profile of you (including “profiling,” meaning the automatic processing of your personal information to identify your preferences and interests)
De-identify personal information, including de-identifying PHI so that it is no longer PHI and aggregating and anonymizing personal information so that it is no longer personal information
Support our everyday operations, including using third-party vendors and service providers for business purposes (such as hosting, technology and communications)
Meet legal and compliance requirements, including to perform audits, monitoring and reporting; support information security and anti-fraud operations; investigate and respond to disputes; exercise and defend legal claims; protect the rights, property or safety of you, us or a third party; respond to legal process (including subpoenas) and governmental, court or law enforcement requests, investigations or orders; and comply with and enforce applicable laws, regulations, policies, procedures and agreements
Evaluate or conduct business changes, including a merger, acquisition, sale, equity or debt financing, bankruptcy or other transaction in which a third party invests in or acquires control of our business or assets (in whole or in part)
Selling Your Personal Information or Sharing It for Marketing or Advertising
For purposes of this Privacy Policy, “sell” means the disclosure of personal information to a third party in exchange for money or other valuable consideration.
Patients – Personal Information and Protected Health Information
Unless a patient (or a patient’s parent or guardian) has provided us with written consent to sell a patient’s personal information or share it for marketing or advertising purposes:
We do not sell the personal information of patients
We do not share the personal information of patients with third parties for third parties’ direct marketing purposes
We do not share personal information of patients with third parties for cross-contextual behavioral advertising or targeted advertising
We may collect protected health information (also called “PHI”) that is covered by HIPAA. The HIPAA Privacy Rule applies to PHI covered by HIPAA.
We de-identify PHI in accordance with the HIPAA Privacy Rule by removing specified personal information that could identify an individual (e.g., name, telephone number, email address and account numbers). Once PHI is de-identified, it is no longer PHI covered by HIPAA nor is it personal information covered by this Privacy Policy.
We may sell or otherwise use or disclose de-identified patient and health information, including for the purposes of marketing and advertising.
Providers
Unless a Provider opts out (as provided in the below section called, Your Privacy Rights and Choices):
We sell the personal information of Providers
We share the personal information of Providers with third parties for third parties’ direct marketing purposes
We share the personal information of Providers with third parties for cross-contextual behavioral advertising or targeted advertising
Our Retention of Personal Information
We retain personal information about you for as long as we deem to be necessary or advisable for the purposes described in the above section called, Our Business Purposes for Collecting and Sharing Personal information (such as providing the Services) or as directed by Providers with respect to personal information collected on their behalf. We may maintain your personal information after you have stopped using or interacting with our Services; for example, we may retain your personal information to improve our Services, continue to provide Services to Providers, comply with legal obligations, resolve disputes or collect fees owed.
2. Applicability of this Privacy Policy
This Privacy Policy covers how we treat personal information that we acquire from you or other sources related to our Services or other interactions with us. This Privacy Policy does not cover the policies or practices of Providers or third parties that you may access or be connected with through the Services.
Sources of Personal information
We collect personal information about you from the following categories of sources:
Directly from you, such as when you access or use our Services or when you communicate or interact with us in any way, including by mail, email, phone, text message, webchat, QR code or social media
Indirectly from you, for example, we collect cookie data and other information from your device, browser or activity on the internet or in our Services
From our third-party vendors, for example, from our analytics providers
From Providers or other users of our Services
Providers and Third Parties
This Privacy Policy does not cover, and we are not responsible for, the privacy practices of Providers or any third parties, which have their own rules for how they collect and use personal information. Please make any privacy requests directly to Providers or third parties with respect to personal information in their control.
Our Services may include links to third-party websites, services, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not endorse or control these third-party websites or services and are not responsible for their privacy practices or any information on their websites. When you leave our Services, we encourage you to read the privacy policy of every website you visit.
Our Services include links to the following third-party services, among others:
Payment information is collected by our third-party payment processors, Stripe, Inc. (“Stripe”) or PayPal, Inc. (“PayPal”); please see Stripe’s privacy policy at https://stripe.com/privacy and PayPal’s privacy policy at https://www.paypal.com/us/legalhub/privacy-full for information on their collection and processing of personal information
Personal information of Children
You must be 18 years of age to use the Services. By accessing or using the Services, you represent and warrant to us that you are at least 18 years of age.
We do not collect any personal information directly from children under 18 years of age. As a parent or guardian, you may provide or make available personal information of your children to us, and, by doing so, you agree and consent to our collection and use of your children’s personal information.
If you are a child under the age of 18, please do not attempt to log in to the Services or send us any personal information. If we learn we have collected personal information directly from a child under 16 years of age, we will delete that data as quickly as possible. If you believe that a child under 16 years of age may have provided personal information to us, please contact us at info@gethoot.com
To our knowledge, we do not sell or share for cross-contextual behavioral advertising or targeted advertising purposes the personal information of children under the age of 16.
Personal Information of Others You Share with Us
You may not disclose the personal information of another individual to us, or make it available through the Services, unless (1) you are the parent or guardian providing the personal information of your own children; or (2) you are providing the personal information of an individual who is 18 years of age or older and you have that individual’s prior written consent. To the extent that you provide another individual’s personal information to us or use it in the Services, you acknowledge and agree that you are responsible for compliance with all applicable laws concerning such personal information.
3. Your Privacy Rights and Choices
Notice of Your Personal information Rights
Subject to exemptions and limitations provided by applicable law, if you are an individual you have the right to:
- Update your personal information. You may update or correct your personal information.
- Revoke your PHI authorizations. If you authorize us to sell your PHI or use or disclose your PHI for marketing or advertising purposes, you may revoke such authorization. You understand that uses and disclosures of your PHI already made by your original authorization cannot be taken back.
- Request to know about third-party marketing. You may request that we disclose the types of personal information we shared with third parties for third parties’ direct marketing purposes and the identities of such third parties. You may make this request once per calendar year and may only request information regarding the immediately preceding calendar year.
- Opt out of sharing for third-party marketing. You may direct us to not share your personal information with third parties for third parties’ direct marketing purposes. We may continue to share your personal information to provide the Services to you.
- Opt out of sharing for targeted advertising. You may direct us to not share your personal information for cross-contextual behavioral advertising or targeted advertising purposes.
- Opt out of sale. You may direct us to not sell your personal information.
How to Exercise Your Personal Information Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a written request (using one of the methods below) that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may ask for information to verify your identity, such as name, phone number, email and address. We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
Please be aware that certain Services or features or functionality of the Services may be unavailable to you if we honor your requests with respect to certain privacy rights.
We will work to respond to your Valid Request promptly within the timeframes required by applicable privacy law (usually between 15 to 45 days depending on the type of Valid Request, with the right for us to extend the response time as necessary). We will not charge you a fee for making a Valid Request unless your Valid Request is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
Send an email to: info@gethoot.com
Additionally, you may update or correct your account information at any time by logging in to your account
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
In some instances, we may not be able to honor your request. For example, we may not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we may not honor your request where not required to do so under applicable privacy laws. We will advise you in our response if we are not able to honor your request.
4. Our Use of Cookies
Our Use of Cookies and Other Tracking Technology
Our Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “cookies”) to gather data about visitors to our Services, analyze trends and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own cookies on your devices through the Services or otherwise.
Do Not Track
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. Our Services are not currently configured to respond to Do Not Track signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal information about a user’s online activities over time and across third-party websites or online services.
Disable or Delete Cookies and Tracking Technology; Third-Party Cookies
Disable or Delete Cookies from Your Browser or Device
You can decide whether or not to accept certain cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu.
You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our Services and some of the Services and functionalities may not work.
Third-Party Cookies and Resources to Opt-Out of Cookies and Targeted Advertising
We allow third parties to set and collect cookies through our Services. Please review such third parties’ privacy policies and other terms for information on their privacy practices and uses of personal information, including whether they use cookies to provide targeted and cross-contextual behavioral advertising and your options to opt-out.
We use the following third-party cookies (and may use others):
Google Analytics
Google collects the following data: https://support.google.com/analytics/answer/11593727?hl=en
If you do not wish for Google Analytics to gather information about how you interact with our Services, please install the Google Analytics Opt-out Browser Add-on available here: https://tools.google.com/dlpage/gaoptout and employ it at the start of each session on our website. A cookie will be set on your browser that instructs this technology not to start for that session. Please note that the next time you access our website the analytics will be reactivated, so you will have to disable the technology each time.
You have the option to manage Google’s personalized ads by visiting the Google advertising center at https://myadcenter.google.com/?ref=privacy-policy.
To make choices about targeted advertisements from participating third parties, including to opt-out of receiving targeted advertisements from participating third parties, please visit the Network Advertising Initiative at http://www.networkadvertising.org/choices/ or the Digital Advertising Alliance at www.aboutads.info/choices.
To find out more information about cookies, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/.
5. Data Security and Processing
Security of Your Personal information
We will maintain reasonable technical and organizational safeguards for the protection of the security and confidentiality of personal information from unauthorized access, use, disclosure or transfer. Despite our efforts to ensure security, we cannot guarantee or warrant that your personal information will not be accessed, acquired, disclosed for an improper purpose, altered or destroyed by an unauthorized person or as a result of a breach of our security safeguards or those of our hosting provider or other vendors or service providers. We cannot ensure the security of any data transmitted to us over the internet. To the fullest extent permitted by applicable law, we accept no liability for any unintentional disclosure by us of your personal information. Therefore, we urge you to take adequate precautions to protect your personal information as well, including, without limitation, choosing a strong password, never sharing your account username or password, and logging out of your account and closing your browser when no longer using or interacting with the Services on a shared or unsecured device.
International Transfer, Storage and Processing
We operate from the United States and the personal information we collect or receive is stored and processed in the United States. You consent to the transfer, processing and storage of your personal information in the United States. You also consent to the transfer, processing and storage of your personal information by us, our affiliated entities, our vendors or other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world subject to the provisions of this Privacy Policy. The United States and other jurisdictions to which we transfer or in which we process or store your personal information may not have the same data protection laws as your jurisdiction.
6. Changes and Amendments to Privacy Policy
We reserve the right to amend this Privacy Policy at our discretion and at any time. When we do, we will post the revised policy in the Services with a new “Last Updated” date. Your continued use of our Services or your provision of personal information to us following the posting of changes constitutes your acceptance of such changes. We encourage you to visit this page regularly for any changes.
7. Contact Disability Access
You may contact us with questions or concerns related to this Privacy Policy and our privacy policies and practices as follows:
Email: info@gethoot.com
Disability Access
If you have a disability, you may access this Privacy Policy in an alternative format by contacting us at:
Email: info@gethoot.com