Last Revised: May 16th, 2022
2. Information We Collect and How We Collect It
We may collect the following information from and about users of our Services:
3. How We Use Your Information
We may use the information we collect in the following ways:
We may aggregate, de-identify and/or anonymize any information collected through the Services so that such information is no longer reasonably capable of being associated with you. We may use aggregated or anonymized information for any purpose, including for research and marketing purposes, and we may also share such information for any purpose with any third parties, at our discretion.
4. How We Disclose Your Information
We may disclose your personal information under the following circumstances:
5. Your Data Choices
Cookies and similar technologies. When you interact with the Services, we (and third parties acting on our behalf) may automatically collect certain information about your browser, device, and use of the Services through cookies, pixel tags, web beacons, local storage, and other similar technologies. Cookies are small text files stored on your browser or device, which allow us to provide certain features of the Services, personalize your user experience, and advertise our Services to you. You can find more information about cookies at www.allaboutcookies.org.
Mobile devices often include settings to help you manage how your device collects and shares information for advertising purposes. For more information on how to manage those devices settings, please visit the Network Advertising Initiative’s mobile choice page at www.networkadvertising.org/mobile-choice.
Tailored advertising. We may engage third parties to serve tailored advertisements for our Services on our behalf on third-party websites and applications. You have certain choices about how your information is used for this purpose. To learn more about tailored advertisements or to opt out of participating companies, see the Digital Advertising Alliance’s opt-out program at www.aboutads.info/choices or the Network Advertising Initiative’s opt-out page at optout.networkadvertising.org. We make no representation about the accuracy or effectiveness of these opt out mechanisms. You can opt out of Google Analytics through its currently available opt-outs for the web. Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your interests. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way.
“Do Not Track” signals. “Do-not-track” (“DNT”) is a setting offered by some web browsers. DNT signals are not yet uniform, so we, like many other website operators, do not currently recognize or respond to DNT signals.
Location information. You can choose whether or not to allow our Services to collect real-time information about your device’s location through the device’s privacy settings. If you do not authorize us to collect location information, some parts of our Services may be inaccessible or not function properly.
Social media and other Third-Party Accounts. To control the information you share with us when you follow us, like our posts, or otherwise interact with us on social media, you can adjust your social media account settings related to how your information is shared. If you access the Services or create a User Account through a Third-Party Account, please consult the settings in the applicable Third-Party Account to control how the provider of the Third-Party Account shares information with us.
Push notifications: If your device is configured to receive push notifications, we may send you push notifications. If you no longer wish to receive these types of communications, you may turn them off through your device settings.
Other choices. You can review and change certain of your information by logging onto our Services and visiting your User Account. Depending on your jurisdiction of residence, you may have certain rights to access, delete, or correct your information. Your rights will be subject to applicable exceptions, and we will need to verify your identity before processing your request. If you would like to submit a request relating to your data, please email us at firstname.lastname@example.org.
Please note that if you delete your User Account, medical providers, including Providers, and other affiliates may still have the right to retain information under applicable law, regulations, or their own retention policy. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
6. Protected Health Information
When you set up a User Account with Cerebral, you are creating a direct customer relationship with Cerebral that enables you to access and/or utilize the Services. As part of that relationship, you provide information to Cerebral, including but not limited to, your name, email address, shipping address, phone number and certain transactional information that are not “protected health information” or “medical information.”
The Medical Groups and its affiliated Providers have adopted a Medical Group Notice of Privacy Practices that describes how they use and disclose PHI. By accessing or using the Services to interact with a Medical Group and/or Provider, you acknowledge that you have received and agreed to the Medical Group Notice of Privacy Practices from your Medical Group and/or Provider(s).
Where Cerebral collects, uses, and discloses Protected Information on behalf of your Medical Group or Provider, such processing on behalf of your Medical Group or Provider shall be consistent with the Medical Group Notice of Privacy Practices and as permitted in Cerebral’s agreements with the Medical Groups or Provider, except to the extent you have expressly authorized additional uses and disclosures. We may use PHI for purposes of treatment, payment, and health care operations, including to communicate with you, to provide requested services, to provide information to your Medical Groups or Providers, pharmacies, and insurers, to obtain payments for our services, and to communicate with your Medical Groups or Providers, pharmacies, and benefits program. We may combine your PHI with other information about you, including information from other sources, such as from your Medical Groups or Providers, pharmacies, insurers or benefits program, in order to maintain an accurate record of our users. We may use your PHI to contact you for any services or products offered by Cerebral or the Medical Groups.
7. Data Retention
We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, as necessary for our legitimate business interests, to resolve disputes, and to enforce our agreements.
8. Data Security
We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us. However, transmitting information via the Internet is not completely secure, so although we take steps to protect your information, we cannot guarantee complete security. You share information with us at your own risk.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
9. Third Parties
10. Minors’ Information
Our Services are not directed to children under the age of eighteen (18) without parental consent. We do not knowingly collect information for individuals under the age of 18 (including, for children under the age of 13, “personal information” as defined in the U.S. Children’s Online Privacy Protection Act) without the verifiable consent of that child’s parent or guardian. If we learn that we have received any information for an individual under the age of 18, we process and delete that information as required by applicable law. If you are aware of a child providing personal information to us without parental consent, please contact us using the information below.
11. Additional Information for California Residents
11.1. Categories of Personal Information Cerebral Collects
11.2. Using and Sharing Personal Information
We may use any of the categories of personal information for the purposes stated in Section 3 above with the third parties listed below, to provide you with the Services, and to other parties with your consent. We share your personal information with the following affiliated and non-affiliated parties, for any of the purposes in Section 3 above:
The CCPA sets forth certain obligations for businesses that “sell” (as defined in the CCPA) personal information to third parties. Based on our understanding of the definition of “sell,” we do not “sell” your personal information and have not done so in the prior 12 months from the effective date of this Policy.
11.3. Your CCPA Rights
If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:
The CCPA further provides you with the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you.
For security and legal reasons, we reserve the right to refuse requests that require us to access third-party websites or services. We also reserve the right to verify your identity to our satisfaction before responding to your request. When verifying requests, our verification standards vary depending on the sensitivity of the request. If we cannot verify your identity, we may deny your request. In some cases, we may require additional information, in which case we will contact you.
For more information regarding your legal rights under California law or if you want to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please call us at 415-403-2156 or email us at email@example.com. Please include a detailed description of the right you want to exercise and whether you want to exercise this right with regard to some or all of your personal information.
11.4. “Shine the Light” Disclosure
California Civil Code Section 1798.83 (California’s “Shine the Light” law) gives California residents the right under certain circumstances to request information regarding our disclosure of certain categories of personal information (as defined in the Shine the Light law) to third parties for their own direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
13. Contacting Us