Privacy Policy
This Privacy Policy (this “Privacy Policy”) explains how The StayWell Company, LLC, and its affiliate, Krames LLC (collectively referred to herein as “StayWell”, “us”, “our” or “we”) collect, use, share, and protect your Personal Information (as defined below) or any other information concerning you, when your physicians or health care providers use our Krames on FHIR product (“KOF”) or when you visit our websites www.krames.com and www.kramesstore.com (such websites, collectively, our “Site”). Protecting your privacy is important, and we’re committed to clearly explaining how we treat your Personal Information. Please read this Privacy -Policy carefully and be aware that by accessing and using the Site or accessing content prescribed to you via KOF, you agree that you have read this Privacy Policy and that you accept and consent to the privacy practices described. If you have questions or concerns about this Privacy Policy, please e-mail us at privacy@staywell.com.
Certain information that we collect through our Site identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information”). Please note that for the purposes of this Privacy Policy, “Personal Information” does not include: (1) publicly available information from government records; (2) de-identified or aggregated consumer information; (3) information excluded from the scope of applicable law, such as protected health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and), the California Confidentiality of Medical Information Act (CMIA), and the Health Information Technology for Economic and Clinical Health Act (HITECH); (4) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), the Farm Credit Act of 1971 and the Driver's Privacy Protection Act of 1994, or (5) information and documents created for purposes of the Health Care Quality Improvement Act of 1986.
The Information We Collect and How We Collect It
We do not collect any of your Personal Information except as set forth in this Privacy Policy.
Information you choose to provide
We collect Personal Information of visitors to our Site when they choose to specifically provide their Personal Information to us (for example, if you request to receive more information about StayWell through our “Contact Us” form, you may choose to provide your name, mailing address, telephone number, e-mail address, or information about your business). While we use recognized industry safeguards to protect Personal Information from unauthorized access or use, the sharing and storing of data online has inherent risks, so please take care to share only information that you believe is appropriate.
Account Holders are users of the Site who choose to create an account by registering with the Site. Account Holders may create a username and password, and may provide information such as credit card information, name, mailing address, telephone number, e-mail address, or information about their business. We protect credit card holder information by complying with the Payment Card Industry (PCI) Data Security Standard (DSS). For more information about PCI and DSS, see https://www.pcisecuritystandards.org/.
Information from Children
The Site is not designed or intended to attract children, and we do not collect or maintain information from individuals who we actually know are under the age of 13 years. If you are under 13, please do not attempt to register or send any information about yourself to us, including but not limited to your name, address, telephone number, or email address. No one under age 13 may provide any Personal Information to us. In the event that we learn that, through the Site, we have collected Personal Information from a child under age 13 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at the address below.
Information We Collect through Cookies on our Site
We collect your information (such as your Internet Protocol address, and the software version and domain reported by your browser) when you use the Site, by utilizing cookies, web beacons, pixels, and similar technologies (collectively, “cookies”) to automatically collect information that may contain Personal Information . We use cookies to enhance your online experience, and to learn how you use our services so we can improve the quality of information and resources available on our site. Most Web browsers are set up to accept all cookies, but you can change this setting to disable cookies or to tell you when a Web site is sending you a cookie (although some of our features may not work if you disable them).
Information We Collect through Your Physician’s use of the KOF Product
When you are provided educational content through our KOF product, we collect information that is provided by your healthcare provider, including (1) information that is required from a technical perspective for the system to function, such as user identifiers and account identifiers, as well as unique identifiers that are generated to track the encounter, (2) certain medical information, such as your medical record number, date of birth, name, email address, gender, condition and diagnosis list, medications list, procedures list, and your preferred language, and (3) certain information about your healthcare provider, which may include their name, user ID, and account ID. To the extent that the information we collect through your use of the KOF product is considered “protected health information” under HIPAA, or is otherwise excluded from the definition of Personal Information hereunder, we still treat it confidentially and provide it with the appropriate protections as required by law.
How We Use Your Information
Information collected from our Site: We may use or aggregate your non-Personal Information with the non-Personal Information of our other users or other non-Personal Information collected offline. We may use some or all of this information to support our commercial activities such as for general statistical purposes, site tracking, or for any other purpose. Personal Information that we collect is used to provide services or products to you that you have requested or authorized, to respond to your questions, to provide better functionality to you, to help us manage our Site, and to comply with applicable law or valid legal process. We may share your Personal Information with our subsidiaries, affiliates and companies acquired by or merged with us and our affiliates. We may also share your Personal Information with third-party advertising networks, social media networks, and websites and mobile apps, so that we can market and advertise on third party platforms, websites, and apps.
Information collected from our KOF Product: The information collected from your usage of the KOF product generally falls under the definition of “protected health information” under HIPAA and is therefore excluded from the definition of “Personal Information” hereunder. However, we believe it is important for you to understand how we use such information. The information that we collect from your usage of our KOF product is used to (1) provide services or products to you that have been contracted for by your healthcare provider as our client and (2) provide aggregate reporting to your healthcare provider when such reporting is a requirement under our contracted with such healthcare provider. Additionally, we may de-identify your personal information so that it no longer identifies you, and use such de-identified information for any lawful purpose, including for our own internal analysis, as well as product improvement or product development.
We Use Your Personal Information as an Account Holders on our Site to:
- Send you information about your orders;
- Fulfill your orders;
- Process and collect your payments;
- Customize, analyze, adjust and improve our services and products to better meet your needs;
- Enforce our agreements with you;
- Provide you with important administrative information regarding our products and services, such as changes to this Privacy Policy and our Terms of Use, and other policies;
- Prevent fraud and other prohibited or illegal activities; and
- Comply with requests of law enforcement or data protection agencies.
Third Party Service Providers
We may employ other companies and individuals to perform functions on our behalf, such as but not limited to, as applicable, fulfilling orders, delivering packages, sending postal mail and e-mail, serving ads on our behalf, providing search results and links, processing credit card payments and other services to support our business. These third-party service providers may have access to your Personal Information needed to perform their functions, but they may not use it for any other purpose.
Linked Sites
For your reference, our Site contains links to Web sites that are not operated by or affiliated with us. Because these third-party Web sites are not under our control, we cannot be responsible for them, and this Privacy Policy does not apply to the privacy or security practices of those sites. Information you disclose once you access these other Web sites is not subject to this Privacy Policy.
Additional State-granted Privacy Rights
This section is provided to comply with the requirements of certain applicable U.S. data privacy laws and regulations, including the California Consumer Privacy Act , the California Privacy Rights Act, and other California privacy laws, as well as the Virginia Consumer Data Protection Act (collectively, “Applicable Data Privacy Laws”). This section applies solely to Site visitors and Account Holders who are residents of the states that have enacted the laws identified above, and only to the extent that they are a resident of the applicable state.
We may collect certain Personal Information from Site visitors and Account Holders that qualifies as a subset of Personal Information known as “Sensitive Personal Information.” Although not all of the information included in the definition of “Sensitive Personal Information” is collected by us, we believe that you should be aware of what is considered Sensitive Personal Information. To that end, Sensitive Personal Information may include: (1) personal information that reveals (a) a social security, driver’s license, state identification card, or passport number, (b) account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, (c) precise geolocation, (d) racial or ethnic origin, immigration status, religious or philosophical beliefs, or union membership, (e) the contents of mail, email, and text messages except where we are the intended recipient of the communication, (f) genetic data; (2) the processing of biometric or genetic information for the purpose of uniquely identifying a consumer; (3) personal information collected and analyzed concerning a consumer’s health or diagnosis; (4) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation; and (5) personal information collected from a known child.
We may collect and store certain categories of Sensitive Personal Information (e.g., account log-in, precise geolocation) in order to provide the Site’s services to you and for short-term, transient use based on your interactions with the Site.
Information We Collect
Within the last twelve (12) months, we have or may have collected the following categories of Personal Information from our Site visitors and Account Holders: identifiers; Personal Information listed under Cal. Civ. Code § 1798.80(e); commercial information; internet or other similar network activity; geolocation data; professional or employment-related information; and inferences drawn from any of the information identified in this section.
Categories of Sources from Which Information is Collected
As described in the “The Information We Collect and How We Collect It” section above, we obtain the categories of Personal Information listed above from the following categories of sources: directly from you; and directly and indirectly through cookies and other technologies.
Using and Sharing of Personal Information
The Personal Information described in the categories above may be used for the business purposes listed in the “How We Use Your Information” section above.
We disclose your Personal Information for a business purpose to the following categories of third parties: (a) service providers and (b) third parties to whom you authorize or direct us to disclose your personal information in connection with our products and services. In the preceding twelve (12) months, we have disclosed the Personal Information described in the categories listed above for the business purposes listed in the “Third party Service Providers” section above. We may also share your Personal Information for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
Personal Information “Sold” to Third Parties
In the preceding twelve (12) months, we have not sold your Personal Information to third parties.
We do not sell the Personal Information of Site visitors or Account Holders that we know are minors under 16 years of age without affirmative authorization as required under applicable law.
Retention of Personal Information
If you have an account on the Sites, we may retain your personal information as long as your account is active in order to provide the relevant services to you and for a period of (2) years thereafter. If you do not have an account, we may retain certain Personal Information based on your interactions with the Site, such as IP address, as long as relevant to your use of the services or Site.
Your Rights under the Applicable Data Privacy Laws
Applicable Data Privacy Laws provide consumers with specific rights regarding their Personal Information. This section describes your consumer rights and explains how to exercise those rights:
- You may request, up to two (2) times each year, that we disclose to you, once we receive and confirm your verifiable consumer request: (1) categories and specific pieces of Personal Information that we have collected about you; (2) categories of sources from which your Personal Information is collected; (3) business or commercial purpose for collecting your Personal Information; (4) categories of Personal Information that we disclosed for a business purpose; (5) categories of Personal Information that we sold about you; (6) categories of third-parties with whom we have shared your Personal Information; and (7) business or commercial purpose for selling your Personal Information.
- Subject to certain exceptions and up to two (2) times each year, you may request that we delete any of your personal information that we collected from you. Once we receive and confirmed your verifiable consumer request for deletion, we will delete (and direct our service providers to delete) such personal information from our records, unless an exception applies.
- You have the right to request that we correct any inaccurate personal information about you, taking into account the nature of the personal information and the purposes of processing your personal information. Once we receive and verify your consumer request, we will use commercially reasonable efforts to correct (and direct our service providers to correct) your inaccurate personal information from our records, unless it is impossible or involves a disproportionate effort.
- Right to opt -out of the sale or sharing of your personal information. The CCPA defines “sale” and “share” broadly, and it may include our sharing information that we have about you, such as a cookie ID or IP address, with third party advertising partners who may use this information, on our behalf, to help us deliver advertising, including advertising on third party websites. You have the right to opt -out of the sale or share of your personal information subject to certain exclusions. Once we receive your request, we will not sell or share your personal information, unless an exclusion applies. We may request that you authorize the sale or sharing of your personal information after 12 months following your opt-out.
To exercise the rights described above, please contact us through the address or email listed under the “How to Contact Us” section below.
You will be asked to provide certain identifying information, such as your name, email, and residency. While processing your request, we may ask you to provide further verifying documentation. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request. Only you, or a person registered with the applicable state that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.
Non-Discrimination
We will not discriminate against you for exercising any of your rights under the Applicable Data Privacy Laws. Accordingly, and unless permitted by the Applicable Data Privacy Laws, we will not: deny you services; charge you different prices or rates for services; provide you a different level of service; or suggest that you may receive a different price or rate for services or a different level for services. We may charge a different price or rate or provide a different level of service if the difference is reasonably related to the value provided by your personal information.
Advertising and Marketing
StayWell does not accept any advertising of third parties on our Site nor do we receive income from marketing sponsors or advertisers. Any mention of a particular service is not an endorsement and is provided for solely for your convenience.
Note to Site Visitors and Account Holders Outside of the United States
We and our technical infrastructure are located in the United States. The Personal Information that you provide to us is stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that in order to provide the Services to you, we must transfer your personal information to the United States where it will be stored and processed in accordance with this Privacy Policy. We may transfer your information outside the United States to service providers with operations in other countries. We will take reasonable steps to protect your personal information. Note that the United States and other jurisdictions may not afford the same level of data protection as considered adequate in your own country and your personal information may be available to the United States government or its agencies under legal process made in the United States.
Additional Information for Visitors from the European Economic Area (EEA) and the UK
The EU General Data Protection Regulation and UK General Data Protection Regulation (together the “GDPR”) require certain information to be provided to data subjects located in the EEA and the UK, and grant them certain rights regarding their personal information. This section applies solely to the processing activities that are governed by the GDPR.
Data Controller and EEA Representative
StayWell is the controller of the personal information provided to, collected by or for, or processed in relation with, the Site and Services. StayWell has appointed Dentons Europe Consulting B.V. DPO Team as its representative in the EEA. StayWell’s Data Protection Officer can be contacted at privacy@staywell.com.
Legal Bases for Processing
When you use the Site, we collect, store, use and otherwise process your personal information as described in this Privacy Policy. We rely on a number of legal bases to process your information, including where necessary to perform a contract with you to deliver the Services that you have requested, or to take certain steps prior to entering into such contract. Additionally, we may also process your information based on our legitimate interest: (i) in keeping the Site safe and secure; (ii) in complying with a legal obligation such as a law, regulation, search warrant, subpoena, or court order, (iii) in exercising or defending legal claims; and (iv) where necessary to protect our vital interests or those of others. Lastly, we may also process your information when you have consented to such processing, particularly when you have consented to receiving certain content and advertising.
Where we rely on your consent to process your personal information, you have the right to decline consent or withdraw your consent at any time. Where we rely on our legitimate interests to process your personal information, you have the right to object.
Your Rights Under the GDPR
If you are a Site visitor or Account Holder in the EEA, you can: (i) access personal information we have about you (we will try to provide information within 30 days of your request); (ii) have your personal information corrected or deleted (in most cases you can correct personal information you have submitted to us through your account); (iii) in certain circumstances, you can object to our processing of your personal information and we will discontinue such processing unless we have compelling legitimate grounds to continue; (iv) withdraw consent previously provided (including, in limited circumstances, the right to ask us to stop processing your personal information, with some exceptions, by contacting us); or (v) if you believe that we have not complied with applicable data protection laws, you may lodge a complaint with your local supervisory authority. If you wish to inquire as to whether we maintain any of your personal information and if so, whether you wish to exercise any of those rights that are available to you with respect to such personal information, you may contact us as described in the “How to Contact Us” section below. We will respond to your request within a reasonable timeframe.
We will retain your personal information for as long as necessary to provide the Services to you and fulfill the purposes described in this Privacy Policy. This is also the case for third parties within whom we share your information to perform services on our behalf. When we no longer need to use your personal information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or anonymize it.
Transfers Outside the EEA and the UK
We are located in the United States. Accordingly, as the controller, we process your personal information in the United States. We may also transfer your personal information outside the United States to service providers with operations in other countries. For more information, please refer to the “Note to Site Visitors and Account Holders Outside of the United States” section above.
Automated Decision Making
We do not make automated decisions that create legal effects or otherwise significantly affect you.
Changes to this Privacy Policy
From time to time, we may change this Privacy Policy and our privacy practices because of changes in legal or regulatory requirements, in our business practices, in our attempts to better meet your needs, or for any other reason. We reserve the right to revise this Privacy Policy in our sole discretion. When we do, we will post a revised privacy policy on this Site. Any changes will be effective immediately upon posting. You are responsible for checking the privacy policy for these changes.
How to Contact Us
Should you have questions or concerns about this Privacy Policy or any other matter pertaining to our privacy practices, please contact us at: privacy@staywell.com.
or
The StayWell Company, LLC
800 Township Line Rd, Suite 100
Yardley, PA 19067
Attn: Legal Department
Copyright © 2022. The StayWell Company, LLC. StayWell is a registered trademark of The StayWell Company, LLC or its affiliates.
Changes to this Privacy Policy
We may change parts of this Privacy Policy from time to time. Changes take effect at the time they are posted unless otherwise noted. We will update the date at the end of this Privacy Policy if we make any changes.
The date of any change, along with a brief description of the change, will be posted at the bottom of the Privacy Policy.
Revised November 30, 2022
11/30/2022: Added revision history; minor edits; updated data collection, data retention, and state privacy rights. Updated GDPR DPO designation to Dentons Europe.