Privacy is our most important value. This policy will help you understand how we use and protect your data.
2. Information We Collect
Some of the Services require us to learn more about you so that we can best meet your needs.
2.1 Personal Information We Collect Directly From You
We receive Personal Information directly from you when you voluntarily provide us with such Personal Information, including, without limitation, the following:
- contact data (such as your e-mail address and phone number);
- demographic data (such as your gender, your date of birth and your zip code);
- insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID);
- medical data (such as the doctors, optometrists, eyecare providers, organizations, or agents or affiliates thereof (collectively, “Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us); and
- other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords, and Personal Information in emails or letters that you send to us.
We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent. You may still access and use some of the Services if you choose not to provide us with any Personal Information, but features of the Services that require your Personal Information will not be accessible to you.
2.2 Billing, Collection and Payment Information
2.3 Information From Third Party Sources
Some third parties, such as our business partners and service providers, provide us with Personal Information about you, such as the following:
2.4 Information we automatically collect when you use our Services
Some information, which may include Personal Information, is automatically collected when you use our Services, such as the following:
- Traffic Data: We also may automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.
2.5 HIPAA and PHI
3. How We Collect Information
We collect information (including Personal Information and Traffic Data) when you use and interact with the Services, and in some cases from third party sources. Such means of collection include:
- When you use the Services’ interactive tools and services, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms (“Medical History Forms”) prior to Healthcare Provider appointments;
- When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys, questionnaires and the like;
- If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices;
- If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable;
- Through cookies, web beacons, analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
- When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.
4. Tracking Tools and Opt Out Options
4.1. Tracking Tools
We may use tools outlined below in order to provide our Services to, advertise to, and to better understand users.
Some cookies are placed by a third party on your device and provide information to us and third parties about your browsing habits (such as your visits to our Services, the pages you have visited, and the links and advertisements you have clicked). These cookies can be used to determine whether certain third party services are being used, to identify your interests, and to serve advertisements relevant to you. We do not control third party cookies.
- Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect information about the use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send. The information collected by Web Beacons allows us to analyze how many people are using the Services, using selected publishers’ websites or opening emails, and for what purpose, and also allows us to enhance our interest-based advertising (discussed further below).
- Web Service Analytics: We may use third-party analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text typed into the Site. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 5 (How We Use Your Information). These analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across web services that do not use their services.
- Mobile Device Identifiers: As with other Tracking Tools, mobile device identifiers help XP Health learn more about our users’ demographics and internet behaviors in order to personalize and improve the Services. Mobile device identifiers are data stored on mobile devices that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and Traffic Data.
4.2. Options for Opting out of Cookies and Mobile Device Identifiers
Some web browsers allow you to reject cookies or to alert you when a Cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept XP Health’s cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.
4.3. How XP Health Responds to Browser “Do Not Track” (DNT) Signals
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to web services that a visitor does not want to have his/her online activity and behavior tracked. If a web service operator elects to respond to a particular DNT signal, the web service operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many web service operators, including XP Health, do not proactively respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.
5. How We Use Your Information
We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses XP Health and how we can deliver a better healthcare experience, or otherwise at our discretion. We use information, including Personal Information, to provide the Services and to help improve the Services, to develop new services, and to advertise (for example, to display XP Health ads on other web services). Specifically, such use may include:
- Providing you with the products, services and information you request;
- Responding to correspondence that we receive from you;
- Contacting you when necessary or requested, including to remind you of an upcoming appointment;
- Providing, maintaining, administering or expanding the Services, performing business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
- Customizing or tailoring your experience of the Services, which may include sending customized messages or showing you Sponsored Results;
- Notifying you about certain resources, Healthcare Providers or services we think you may be interested in learning more about;
- Sending you information about XP Health or our products or Services;
- Sending emails and other communications that display content that we think will interest you and according to your preferences;
- Using statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts;
- Fulfilling our legally required obligations, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities;
- Resolving disputes;
- Protecting against or deterring fraudulent, illegal, or harmful actions; and
6. How We Share Your Information
In certain circumstances, and in order to perform the Services, we may share certain information that we collect from you, as described in this section:
- Healthcare Providers: We may share your Personal Information with Healthcare Providers with whom you choose to schedule through the Services. For example, if you complete a Medical History Form using the Services in advance of an appointment and elect to share it with your selected Healthcare Provider, we may share your Medical History Form with such selected Healthcare Providers. Provided that you choose to use the applicable Services, we may share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments. We may share your Personal Information with Healthcare Providers in the event of an emergency.
- Health Information Exchanges: To make your information more securely and easily accessible to your Healthcare Providers, we may share your Personal Information with Health Information Exchanges and related organizations that collect and organize your information (such as Regional Health Information Organizations). The goal of such organizations is to facilitate access to health information to improve the safety, quality, and efficiency of patient-centered care. More information on Health Information Exchanges can be found here.
- We do not sell email addresses to third parties. We may share your Personal Information with our partners to customize or display our advertising.
- We may share your Personal Information and/or Traffic Data with our partners who perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics, or ad serving) and/or who make certain services, features or functionality available to our users.
- Cross Device Matching: To determine if users have interacted with content across multiple devices and to match such devices, we work with partners who analyze device activity data and/or rely on your information (including demographic, geographic and interest-based data). To supplement this analysis, we also provide de-identified data to these partners.
- We may share your Personal Information with the insurance provider you identify to us (and do so via our partners) to determine eligibility and cost-sharing obligations, or otherwise obtain benefit plan and other insurance-related information on your behalf.
- Business Transfers: We may transfer your Personal Information to another company in connection with a proposed merger, sale, acquisition or other change of ownership or control by or of XP Health (whether in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.
- Public Information and Submissions: You agree that any information that you may reveal in a review posting, online discussion or forum is intended for the public and is not in any way private. Carefully consider whether to disclose any Personal Information in any public posting or forum. Your submissions may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.
- Protection of XP Health and Others: We also may need to disclose your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of you, XP Health or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.
- Other Information: We may disclose information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) at our discretion.
7. Storage and Security of Information
The security of your Personal Information is important to us. We endeavor to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, when you enter sensitive information on our Site, we encrypt that information using Secure Socket Layer (SSL) technology.
We store and process your information on our servers in the United States and abroad. We maintain industry standard backup and archival systems.
Your account is protected by a password for your privacy and security. If you access your account via a third party site or service, you may have additional or different sign-on protections via that third party site or service. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately, and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We use proprietary face scanning technology and third-party services, such as the Apple TrueDepth API, to collect facial width and pupillary distance (Facial Data). We store only the width and distance measurements, not any images or representations of your likeness on our servers, and we use the Facial Data to inform eyeglass frame recommendations. Facial Data is not shared with any third-parties. You can also erase your Facial Data at anytime through our web platform.
Although we make good faith efforts to store Personal Information in a secure operating environment that is not open to the public, we do not and cannot guarantee the security of your Personal Information. If at any time during or after our relationship we believe that the security of your Personal Information may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. If we have your e-mail address, we may notify you by e-mail to the most recent e-mail address you have provided us in your account profile. Please keep your e-mail address in your account up to date. You can update that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. __You consent to our use of e-mail as a means of such notification. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this e-mail address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your Personal Information.
8. Your Choices
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
If you are a registered user of the Services, you can modify certain Personal Information or account information by logging in and accessing your account. The information you can view, update, and delete may change as the Services change.
If you wish to close your account, please email us. XP Health will use reasonable efforts to promptly delete your account and the related information. Please note, however, that XP Health reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law.
You must promptly notify us if any of your account data is lost, stolen or used without permission.
9. How Long We Retain Your Information
We retain Personal Information about you for as long as you have an open account with us or as otherwise necessary to provide you Services. In some cases we retain Personal Information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, prevent fraud, enforce the Agreement, or as otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
10. Information Provided on Behalf of Children and Others
By accessing, using and/or submitting information to or through the Services, you represent that you are not younger than age 13. If we learn that we have received any information directly from a child under age 13 without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services, and we will subsequently delete that information. If you believe that a child under 13 may have provided us Personal Information, please contact us.
If you are between age 13 and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Information as otherwise provided herein.
If you use the Services on behalf of another person, regardless of age, you agree that XP Health may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.
11. Other Web Services
13. Contact Us