Fit 2 Be and its subsidiaries and corporate affiliates (collectively, "MyFitHelp," "our," "us," or "we") operate websites, provide products and services through mobile and other applications, and develop software. We refer to these as "site(s)," "service(s)," or "our sites and services."
Personal Information We Collect
Personal information is information that can be used to identify, locate, or contact an individual, and includes other information that may be associated with personal information. When you interact with our sites and services, depending on the site or service, we may ask for the following personal information directly from you:
- Contact Information allows us to communicate with you and generally includes your name, addresses, email addresses, social media website user account names, and/or telephone numbers.
- Payment Information needed to process payments such as your credit or debit card number, expiration date, and card verification number.
- Personal Profile or Service Information helps us with the administration and personalization of your personal profiles or services, such as areas of interest, information from social media interactions (such as Facebook, Twitter, or Google+), preferences, physical characteristics (such as height, weight), photographs and, biographical, health information and/or demographic information (such as gender).
- Transaction Information about how you interact with and use our sites and services, email, other communications, and applications; and how you interact with merchants, business partners, and service providers.
- Geographic Location Information but only if your mobile or other device transmits location data and/or your IP address, and you have activated a location-enabled site or service.
- Job-Search-Related Information for recruitment purposes and may include educational and employment background, driver's license number and social security number.
- Survey Data for functionality of certain services, which generally includes survey data (questions and responses) and may allow you to import email addresses and names for ease of allowing you to send surveys or to allow us to send surveys on your behalf.
- Medical Information for functionality of certain services to connect you with your healthcare provider, and may include your medical history, present symptoms, future conditions or treatments, insurance carrier and plan, and any other medical and health information you or your healthcare provider choose to share with us.
- Appointment Information to schedule an appointment or consultation using one of our online appointment or consultation services and includes the requested appointment information, which may be linked with health or legal related information that you choose to share with us.
- Access to Your Data if you are our customer and use certain services. interactive tools or authorize us to retrieve information from another database, user, or other third party on your behalf, such as integrating a practice management system with your services, then you may elect to download certain installed tools, which may collect and transmit information from your computer system solely relating to the use of the installed tools and for the purpose of providing you with relevant services.
- Your Submissions help us with administration of our sites and services and includes any information you voluntarily provide, generally through free form text boxes, forums, uploading a document or authorizing us to retrieve and import information from another user or third party on your behalf.
In each of the above instances, you will know what personal information we collect through our sites and services because you voluntarily and directly provide it.
How We Use Personal Information
We may use information collected from you in one or more of the following ways:
- to enable site features such as geographically specific pricing or logging, and retrieving and providing analysis of data you choose to enter into the site,
- to send you important notices, such as communications about changes to your account, and our sites. and services' terms, conditions, or policies,
- to solicit input and feedback to improve our sites and services and customize your user experience,
- to enable you to communicate with other site or service users via private messaging or other service specific communication channels,
- to contact you via email, telephone, text or chat in a manner required by law,
- to meet contractual obligations,
- to send you reminders, technical notices, updates, security alerts, support and administrative messages, and service bulletins,
- to inform you about new products or promotional offers, or other opportunities which we feel will be of interest to you, and to provide advertisements to you through our sites, email messages, text messages, applications, or other methods of communication,
- to manage our sites. and services' administration, forum management, or fulfillment,
- to provide customer service and technical support,
- to administer surveys, sweepstakes, giveaways, contests, or similar promotions or events sponsored by us or our partners,
- for internal purposes such as auditing, data analysis, and research to improve our products, services, and communications,
- to allow you to apply for a job or sign up for special offers from third parties through our sites,
- to help you contact or schedule an appointment with a healthcare provider or legal professional listed in one of our directories and remind you of upcoming or follow-up appointments,
- to perform services in conjunction with interactive tools, such as integrating practice management systems, making a referral, sending a prescription to a pharmacy, or sending a test to a clinical laboratory, and
- to use anonymized personal information to run (or authorize third parties to run) statistical research on individual or aggregate trends.
In addition to the uses described above, we may use personal information that we collect for other purposes that are disclosed to you at the time we collect the information, or with your consent.
Sharing Personal Information
We may share personal information about you with third parties in the following circumstances:
- We may engage third parties to perform services on our behalf, including maintenance services, hosting, data storage, security, analytics and data analysis, payment processing, assisting in marketing efforts, email and text message distribution, customer service, providing certain interactive tools, and conducting surveys and sweepstakes.
- We may share your contact data, insurance data, and medical data with healthcare providers you choose to schedule through the services.
- Your personal information, and the contents of all of your online communications on or through
our sites and services may be accessed and monitored as necessary to operate our sites and
perform our services, and may be disclosed:
- to satisfy any applicable laws or regulations,
- to defend ourselves in litigation or a regulatory action,
- when we have a good faith belief that we are required to disclose the information in response to legal process (for example, a subpoena, court order, or search warrant),
- where we believe our sites and services are being used in the commission of a crime, including to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and risk management, and
- when we have a good faith belief that there is an emergency that poses a threat to the health and/or safety of you, another person, or the public generally.
- In the event of a merger, acquisition, debt financing, restructure, sale of Fit 2 Be's assets by or with another company, or a similar corporate transaction takes place, we may need to disclose and transfer all information about you, including personal information, to the successor company.
- We may share information about you with Fit 2 Be's subsidiaries and affiliates.
- We may share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
Other Information We Automatically Collect and Cookies
We may also collect certain technical information when you use our sites and services. For example, our servers receive and automatically collect information about your computer and browser, including, for instance, your IP address, browser type, domain name from which you accessed the site or service, and other software or hardware information. If you access our sites and services from a mobile or other device, we may collect a unique device identifier assigned to that device (UDID), type of device, general GPS location, or other transactional information for that device in order to serve content to it.
In addition, we may collect information about how you use our sites such as the date and time you visit the sites, the areas or pages of the sites that you visit, the amount of time you spend viewing the sites, the number of times you return to the sites, visits to sites outside our network, and other click-stream data. Some of this data may be shared with partners who referred you to our site(s) and who will use the data to optimize who else they refer to our site(s). Sometimes this data can be shared with partners who help us deliver ads to you on websites not controlled by us, for instance, when we put a pixel on a conversion page on our site and a marketing partner uses that to optimize what traffic they send to us, or using another example, when we create a re-targeting list through DFP Small Business by Google or placing a partners. pixel on our sites, and then delivering targeted ads across the Internet.
Do Not Track
We do not currently actively respond to "Do Not Track" browser signals or mechanisms that indicate a request to disable online tracking of individual users who use our sites and services.
User Generated Content, Online Communities and Forums, Profiles and Reviews
Accessing and Updating Personal Information
We encourage you to keep your personal information updated and accurate. We provide you reasonable access to your personal information and the ability to review, correct, or delete it. For instance, some of our sites and services give you the ability to view and/or edit your personal information online. The methods for accessing your personal information will depend on which sites or services you use and their features. You have several choices; for instance:
- To view and change the personal information that you directly provided to us, you can return to the web page on our site where you originally submitted the data and follow the instructions on that web page.
- You may correct or update your account information at any time by logging on the site onto which you are registered and navigating to your account.
- You may deactivate your profile at any time by visiting the preferences page for your profile.
- You may close your account at any time by logging onto the site on which you are registered and navigating to your account.
- You can manage certain aspects of information collection and use by going to the settings of your mobile device and reviewing the permissions of each application. You may stop further use of your geo-location by visiting your device's settings for the relevant application.
- You may change your email preferences at any time by visiting your email preferences page for the relevant site.
- To access, change, or remove your protected health information, please see the HIPAA section below.
Protecting your privacy and security is important and we also take reasonable steps to verify your identity before granting access to your data.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).
Email and Other Communications
Our sites and services may allow us or other users to communicate with you or other users through our in-product instant messaging services, service-branded emails, SMS and other electronic communication channels.
Opting Out of Requested Communications
Requested communications include, for instance, email newsletters or software updates that may be expressly requested by you or which you consented to receive. After you request such communications, you may "opt out" of receiving them by using one of the following methods:
- Select the email "opt out" or "unsubscribe" link, or follow the opt-out instructions included in each email communication.
- To unsubscribe from text messages delivered to mobile devices, reply to the message with the words "STOP" or "END."
- Return to the web page(s) where you originally registered your preferences and follow the opt-out instructions.
Opting Out of Transactional or Relationship Communications
Communications that are sent by or on behalf of a user are indicated as being "From" that user. Communications that are sent by us are indicated as being from us or one of our account or support specialists assigned to assist you. Either type of communication may be "real time" communications or communications triggered automatically upon the occurrence of certain events or dates, such as appointment reminders. Email communications received from users and our administrative announcements are often transactional or relationship messages, such as appointment requests, reminders and cancellations. You may not be able to opt out of receiving certain messages although our services may provide a means to modify the frequency of receiving them.
Opting Out of General or Promotional Communications
General communications provide information about products, services, and/or support and may include special offers, new product information, or invitations to participate in market research. You may opt out of receiving these general communications by using one of the following methods:
- Select the email "opt out" or "unsubscribe" link, or follow the opt-out instructions included in each email communication.
- To unsubscribe from text messages delivered to mobile devices, reply to the message with the words "STOP" or "END."
Protecting Personal and Protected Health Information
The security of our sites and services and the information they store, process and transmit is a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical and administrative safeguards, including: Secure Socket Layer (SSL) encryption, firewalls, system alerts and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage and processing practices. Under applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information (as such term is defined by HIPAA) residing on and processed by our sites and services.
We use third-party service providers to manage credit card and payment processing. These service providers are notpermitted to store, retain, or use billing Information except for the sole purpose of credit card and payment processingon our behalf. When you enter payment information we encrypt the transmission of that information using SSLtechnology and do not store it on our systems.
It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, wecannot guarantee the security of information stored on or transmitted to or from our services. We cannot assumeresponsibility or liability for unauthorized access to our servers and systems. When disclosing any personal orprotected health information, you should remain mindful of the fact that it is potentially accessible to the public and,consequently, can be collected and used by others without your consent. Accordingly, you should consider carefullyif you want to submit sensitive information that you would not want disclosed to the public and should recognize thatyour use of the Internet and our sites and services is solely at your risk. You are ultimately responsible for maintainingthe secrecy for all your personal information, including your protected health information. Except as provided in aBusiness Associate Agreement between us and a healthcare provider, we have no responsibility or liability to anyonefor the security of your personal or protected health information transmitted via the Internet.
Steps You Can Take
- Install malware detection programs that regularly scan your system and incoming traffic for malicious code such as computer viruses, worms, Trojan Horses and spyware. Because viruses and malware are continuously created and modified, regular malware protection software typically requires frequent updates.
- Use a firewall to prevent unauthorized access to your device.
- Because malware often targets vulnerabilities in existing operating systems, browsers, plug-ins and other programs, software vendors frequently update their products with security patches to guard against known or commonly exploited vulnerabilities. Vendors often try to alert their users and recommend immediate installation of these security patches.
- Use a strong password using a combination of letters and numbers that are not easily guessed. Do not share your password with others.
- If you use a shared device, always close all active programs and log out before leaving it unattended.
- Avoid using a public wireless network, if possible. If you do use a public network, use the most restrictive wireless network settings on your device.
- If you use file-sharing programs, be sure to restrict all other folders or directories to "no share".
- Be very cautious with any email requesting you to share personal information. On websites, look for the lock symbol on or near your browser's address bar which signifies a secure website before supplying personal information.
- When participating in one of our communities, blogs, forums, surveys or other open communication platforms, exercise care in selecting what information you share, particularly personal or health information.
Linked Websites and Services
We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact.
Our sites and services may include collection, transmission and storage of protected health information you submit for healthcare providers or that healthcare providers submit to us and is subject to special rules under the Health Insurance Portability and Accountability Act of 1996 or "HIPAA". Our use and disclosure of your protected health information or a healthcare providers data that you or the healthcare provider submits with certain sites and services, is governed by HIPAA.
Use and Disclosure of Your Protected Health Information
When you use certain services (for example, appointment request) all protected health information that you submit is used and disclosed by us as a Business Associate (as defined by HIPAA) according to the terms of a Business Associate Agreement between us and that healthcare provider. This means that we may only use and disclose your protected health information on behalf of, or to provide services to, the healthcare provider according to the Business Associate Agreement. There are three exceptions to this use and disclosure rule. We may use and disclose your protected health information (i) for our internal management and administration; (ii) to carry out our legal responsibilities; and (iii) to perform certain data aggregation services for the healthcare provider and other healthcare providers; provided that, any disclosures for our internal management and administration or to carry out our legal responsibilities are either required by law or made after we obtain reasonable assurances from the person to whom the protected health information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to that person.
Some of the services for a particular healthcare provider may be provided by our subcontractors. The subcontractor must comply with the same terms and conditions for the protected health information that apply to us as a Business Associate of the healthcare provider.
How to Access, Change, or Remove Your Protected Health Information
To comply with HIPAA, your healthcare provider must provide you with rights in certain circumstances with respect to your protected health information. Very generally described, these rights are a right to restrict the uses and disclosures of, a right of access to, a right to amend, and a right to receive an accounting of, the disclosures of your protected health information. These limited rights will be described in detail in the healthcare provider's notice of privacy practices. If you wish to restrict the uses and disclosures of your protected health information, amend, or receive an accounting of the disclosures of your protected health information, then you must do so through your healthcare provider.
Upon termination of our Business Associate Agreement with a particular healthcare provider, we generally must return or destroy all protected health information received on behalf of or created for that particular healthcare provider and then maintained in any form by us or a subcontractor. If you engaged in our sites and services with that healthcare provider, any protected health information that you submitted with our sites and services or otherwise maintained by us or a subcontractor in connection with our sites and services will be returned to the healthcare provider or destroyed by us or such subcontractor. This means that until the Business Associate Agreement is terminated with that healthcare provider, we or a subcontractor can use and disclose your protected health information as described in the "Use and Disclosure of Your Protected Health Information" section above.
Children's and Minor's Privacy
Our sites and services are intended for general audiences and are not targeted to children under 13. We do notknowingly collect personal information from children under the age of 13 or utilize plug-ins or ad networks that collectpersonal information through child-directed third party websites or online services. If you are under 13, please do notdisclose or provide any information. If we learn that we have collected personal information from a child under 13,we will take steps to promptly delete the information. Should this policy change, we would comply with the Children's Online Privacy Protection Act, which requires us to notify and obtain consent from a parent or guardian before wecollect, use and disclose the personal information of children who are under 13 years of age.
Unless our sites and services contain the "Privacy Rights for California Minors in the Digital World" supplemental terms, our sites and services do not collect age from users under 18. If you reside in California and are a minor (youare under 18 years of age) and you are using a site or service that collects your age as a registration requirement andyou submit content, please follow the instructions on the supplemental terms to request removal of public content.Please note that this removal does not ensure complete or comprehensive removal of the content or informationposted on our sites and services if the content you posted has been shared or reposted. We are only obligated toremove content that you post, where you posted it. There are certain circumstances in which we do not have toremove your content, including if any other state or federal law requires us to maintain the information, we anonymizethe content by removing identifying characteristics, or we paid you for the content you posted. Without limiting thegenerality of the foregoing, our services may allow users above the age of 18 (such as healthcare providers, parentsand guardians) to submit personal information about others, including minors. Such users assume full responsibilityover their submission, use and transmission of such information.
We are headquartered in the United States. Our sites and services are hosted and administrated in the United Statesor hosted with cloud service providers who are headquartered in the United States and are intended for users in theUnited States. If you are located outside the United States, be aware that information you provide to us or that weobtain as a result of your use of our sites and services may be processed in, transferred to and stored in the UnitedStates and will be subject to U.S. law. U.S. privacy and data protection laws may not be equivalent to the laws ofyour country of residence. By using our sites and services or providing us with your information, you consent to thecollection, transfer, storage, and processing of information to and in the United States.
California Privacy Rights
We do not share personal information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure, typically by "opting in" to receive information from a third party that is participating in a sweepstakes or other promotion on one of our sites, for example. If you ask us to share your personal information with a third party for its marketing purposes, we will only share information in connection with that specific promotion since we do not share information with any third party (other than our service providers) on an ongoing basis. To prevent disclosure of your personal information for use in direct marketing by a third party, do not "opt in" to such use when you provide personal information on one of our sites.
Users residing in certain jurisdictions, like California, have a right to access personal information held by us about them and their right of access can be exercised in accordance with applicable law. California law requires certain businesses to respond to requests from California residents asking about the business's practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties' direct marketing purposes if the resident has exercised an option to opt-out of such information-sharing. We have such a policy in place.
California residents may request further information about our approach to this law by writing to us. When writing to us, you must put the statement "Your California Privacy Rights" in the body or subject line of your request, and include (i) the name of the site about which you are contacting us, (ii) any unique site identifier associated with you (like member number or forum handle), (iii) your name, and (iv) your contact information. We will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.