Effective August 21, 2018
- Information we collect and how we collect it
- How we use the information that we collect
- How we may share information with third parties
- The security of your information
User Consent and Incorporation.
Information We Collect and How we Collect It.
What We Collect Online
Personally Identifiable Information
We collect certain personal information about you when you provide it to us while using the Services. For example, you may provide us with this information in order to verify your identity, post a new research study, set up a participant profile, apply to be a participant in a research study, or respond to a survey. “Personal information” includes:
- contact information (such as your name, address, email address and telephone number)
- demographic information (such as age, date of birth, gender, marital status, ethnicity and sexual orientation)
- health information (such as diagnosis, health status, prior treatment regimens, smoking and drug use)
- specific information collected on behalf of a research study in which you are participating
- financial information necessary to enable direct deposits of funds you may receive for participating in a research study or referring a friend, and
- other information necessary for or related to your activities with us (such as research studies you are conducting or in which you are participating, the location and/or IP address of the computer you use to access the Services, education and employment history and identification numbers).
Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some demographic, health and/or health-related information that we collect as part of providing the Services may be considered “protected health information” or “PHI.” HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. To the extent HIPAA is applicable, we may only use and disclose your PHI in the ways permitted by HIPAA.
You have the right to revoke this consent at any time by sending an email to [email protected], however, please note that the revocation will not apply to the extent that we have already released your information to researchers based on this consent. We will move expeditiously to process the revocation request, but please note that revocation may take effect up to within 3 business days of being received."
Non-Personally Identifiable Information
We also collect non-personally identifiable information about visitors’ web activity and equipment. This information includes the operating system a visitor is using, the date and time the user visited a website or mobile app, referring URLs (what website the visitor came from), Internet service provider, browser type, device identifier, and information on the pages that visitors access or visit. Most non-personally identifiable information is collected via cookies or other analysis technologies, and is discussed in greater detail below.
What We Collect Offline
We may also obtain information about you when you interact with us outside of our website, such as in person, over the phone or by email. Further, we may collect information about you from third parties. For example, we use a third-party verification service provider to verify a user’s identity. Moreover, if you apply to become a research study participant, we may obtain personal information about you from the researcher conducting the study, such as whether your application was accepted, whether the study was conducted, and whether you actually participated in the study.
We may combine information that we collect online with information we receive about you from offline sources.
Cookies, Web Beacons and Embedded Scripts
When you use or access our Services, we may send one or more “cookies” to your computer or other device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that website to recognize your browser. We also may use “web beacons,” which are small graphic files that allow us to monitor the use of our Services. A web beacon is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies. We also may use “embedded scripts,” programming code that is designed to collect information about your interactions with the Services, such as the links on which you click. The code is temporarily downloaded onto your computer or mobile device from our web server or a third-party service provider, is active only while you are connected to the Services, and is deactivated or deleted thereafter.
You can set your browser to refuse all cookies or to indicate when a cookie is being sent. To learn more about cookies and interest-based advertising, or to opt out of cookies, visit the opt-out services of the National Advertising Initiative or visit the Digital Advertising Alliance's Self Regulatory Program and follow the simple opt-out process. However, if you decline cookies, some features of the Services may not function properly.
Other Third Party Technologies
How Information Is Used
We may use the information we collect, in an aggregated or individualized manner, for any of the following purposes:
- To customize and provide the Services to you;
- To check and verify personal information with third parties as necessary;
- To process payments to and from users;
- To operate, improve and personalize the products and services we offer, and to give each user a more consistent and personalized experience when interacting with us online and offline;
- For customer service, security, to detect fraud or illegal activities, and/or for archival and backup purposes in connection with the provision of the Services;
- To send marketing materials and communications to you about products and services we think may be of interest to you;
- To communicate with you, including through email;
- To administer and improve the Services;
- For research and analysis;
- To enforce our Terms of Service or other applicable policies;
- To permit potential research participants to search for and identify research studies in which they might want to participate; and
- To otherwise conduct business, as described when the information is collected.
Sharing of Information
We may share and disclose information as described at the time information is collected or as follows:
To Perform the Services
Researcher and Research Study Information
We may disclose personal information to third parties in order to perform the Services attendant to publicizing a research study and determining whether a potential participant meets a study’s eligibility requirements. Certain personal information will be used to verify the identity of each Researcher who creates an account for our Services. At the direction of a researcher, we will publicly post the information provided regarding a research study that is scheduled to be conducted and is in need of additional participants.
Research Participant Information
We may disclose personal information to third parties in order to perform the Services available for potential and actual research study participants. Certain personal information may be used to verify the identity of a potential research participant who creates an account for our Services. At the direction of a potential or actual research study participant, we will disclose information to the researcher conducting a research study.
With Third Party Service Providers Performing Services on Our Behalf
We share information, including personal information, with our service providers to perform the functions for which we engage them (such as hosting and data analyses). We may share information as needed to operate other related services.
For Legal Purposes
We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose information, including personal information, as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share information as required to pursue available remedies or limit damages we may sustain.
We may transfer information, including personal information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part).
To Users of the Services
We will make available to you, and anyone who you explicitly give us permission to share your information with, all of the personal information that you share with us directly when you use the Services. You can delete, revise, or otherwise manage that information by logging into your account.
The Security of Your Information.
The security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our Services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
We do not knowingly collect or maintain personal information from any person under the age of thirteen. No parts of our Services are directed to or designed to attract anyone under the age of thirteen.
Your California Privacy Rights
Under California’s “Shine the Light” law, California residents who provide personal information to us in obtaining products or services for personal, family or household use are entitled to request and obtain from us once a calendar year information about certain types of information we may share with other businesses for their own direct marketing uses. To make such a request, please send an email to [email protected] and include the phrase “California Privacy Request” in the participant line, and provide us with your name, address and email address. We will respond to you within 30 days of receiving such a request. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
Do Not Track
We do not support Do Not Track with respect to the Services at this time. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For all the details, including how to turn on Do Not Track, visit Do Not Track.
Accountability for Onward Transfers
Except as permitted or required by applicable law and in accordance with Clara Health’s role as a controller or processor, Clara Health provides EEA users with an opportunity to opt out of sharing their Personal Data with third-party controllers. Clara Health requires third-party controllers to whom it discloses the Personal Data of EEA users to contractually agree to (a) only process the Personal Data for limited and specified purposes consistent with the consent provided by the relevant EEA user, (b) provide the same level of protection for Personal Data as is required by the Privacy Shield Principles, and (c) notify Clara Health and cease processing Personal Data (or take other reasonable and appropriate remedial steps) if the third-party controller determines that it cannot meet its obligation to provide the same level of protection for Personal Data as is required by the Privacy Shield Principles.
We may also need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law. We do not offer an opportunity to opt out from this category of disclosure.
Recourse, Enforcement and Dispute Resolution
If you have any questions or concerns, please write to us at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the Privacy Shield Principles. In the event we are unable to resolve your concern, you may contact The EU data protection authorities, which provides an independent third-party dispute resolution body, and they will investigate and assist you free of charge. A binding arbitration option may also be available to you in order to address residual complaints not resolved by any other means. Clara Health is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
Clara Health 188 King Street #601 San Francisco, CA 94107