This Privacy Policy describes the policies and procedures of Bagel Health Inc. and any subsidiaries and affiliated entities (together, “Company”, “we” or “us”) with respect to the collection, use, disclosure and protection of personal and other information received or generated by Company when you use or interact with the applications, services, products and websites (collectively, the “Services”) offered or made available by Company, including but not limited to its online service for direct-pay, medical care providers and their members or patients. By using or accessing the Services, or by submitting information to Company, you consent to this Privacy Policy.
This Privacy Policy is to be read in conjunction with the Business Associate Agreement between You and Company. To the extent the Privacy Policy conflicts with the Business Associate Agreement, the terms of the Business Associate Agreement control.
Company may modify or amend this Privacy Policy in its sole discretion from time to time by posting the modifications or the amended Privacy Policy on the Site and providing you with written notice thereof. All modified terms and conditions and amended Privacy Policy will be effective thirty (30) days after such notice (unless a longer notice period is required by applicable law), unless You first give Company written notice of rejection of the modifications or amended Privacy Policy within such thirty day period. Your continued use of the Services after thirty (30) days without written notice of rejection to Company constitutes your acceptance of such changes to this Privacy Policy. As used in this policy, the terms "using" and "processing" information include subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally and using cookies on a computer. Where applicable, for health care providers and similar businesses using the Services, references to “you” and “your information” also include your members, customers and patients, and their information, if the relevant Services are designed to receive or utilize such information of such members, customers and patients.
Bagel Health is very concerned with safeguarding your information and protecting the security of your Personal Information. We use appropriate, HIPAA-compliant, industry-standard security measures and technology to protect against unauthorized access to, or unauthorized alteration, disclosure or destruction of user information covered by this Privacy Policy (excluding any such data that may be disclosed or publicly shared in accordance with this Privacy Policy). In this regard, we employ administrative, physical and electronic measures (including certain encryption technologies) designed to protect your personal information from unauthorized access and disclosure and to safeguard your information against loss, theft, alteration and destruction. No method of security is 100% secure. In addition, some of your information may be protected by passwords selected and maintained by you. Accordingly, the security of such information will depend upon the strength of your selected password and your ability to keep such password secured and confidential.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your electronically stored "personal data" (as defined in applicable statutes on security breach notification) to your email or in writing in an expedient manner and without unreasonable delay, insofar as these are consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
We collect, receive, generate and store the following types of information:
Company may use the information submitted, collected, received or generated from and/or about you for any of the following purposes:
Company does not rent, sell or publicize your Personal Information/PHI without your prior consent. Use of personally identifiable health information is further subject to the restrictions described in more detail below.
Information provided by our users is an important part of our business. Company will share and disclose information submitted, collected, received or generated from and/or about you only as compatible with the purposes described above (except for certain personal health information which shall be kept confidential as described below), when we have your consent (as may be provided by you from time to time through the Services or otherwise), and as described in this section as follows:
The Services may include or interoperate with applications, services, features or functionalities provided by third parties. In connection with such third party applications, services, features or functionalities, you may send (or such third parties may get access to) certain information about or related to you or your activities therewith. The use, storage and disclosure of such information by these third parties is subject to their own privacy policies and Company has no responsibility or liability for such third parties’ acts or omissions or the information provided to them.The Services may include or interoperate with applications, services, features or functionalities provided by third parties. In connection with such third party applications, services, features or functionalities, you may send (or such third parties may get access to) certain information about or related to you or your activities therewith. The use, storage and disclosure of such information by these third parties is subject to their own privacy policies and Company has no responsibility or liability for such third parties’ acts or omissions or the information provided to them.
The Services may include or interoperate with applications, services, features or functionalities provided by third parties. In connection with such third party applications, services, features or functionalities, you may send (or such third parties may get access to) certain information about or related to you or your activities therewith. The use, storage and disclosure of such information by these third parties is subject to their own privacy policies and Company has no responsibility or liability for such third parties’ acts or omissions or the information provided to them.
Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit certain individually identifiable health information or “Protected Health Information” (as such term is defined by HIPAA) on behalf of a health care provider, we do so as its “business associate” (as also defined by HIPAA) under a Business Associate Agreement (bagel.md/baa). Under this agreement, we are prohibited from, among other things, using Protected Health Information in a manner that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of Protected Health Information we store and process on behalf of such providers. We are also subject to laws and regulations governing the use and disclosure of certain personal and health information, including HIPAA, when we operate as a business associate of a healthcare provider.
Except as may be inherent in the features and functionality of the Services, Company does not have a mechanism for you to review, edit or delete all of your information on or stored in the Services or otherwise by Company. If in the future, the Company may implement a system to allow for a complete review and deletion of all you information, but Company has no obligation to provide or create such a mechanism.
If you would like us to delete your Personal Information in our system, please contact us at [email protected] and we will accommodate your request (but will not do so if we have any legal obligation to retain the record). In such cases, we ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests. If Company is unable to destroy or delete the information due to legal obligations or because it is not feasible or because it is unduly burdensome or impractical or would jeopardize the privacy of others or the integrity of the Services, Company is not obligated to do so, but Company shall provide a written response stating the reason(s) it cannot fulfill the request. Because of the way we maintain certain Services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. We are not responsible for updating, correcting or removing any of your information disclosed to or held by third parties.
Please be aware the Company is under no obligation to maintain and store any of your information (including any Personal Information or User Content) or otherwise to maintain and operate the Services. The Company reserves the right to cease or modify operation of the Services at any time – in such case, your information (including any Personal Information and User Content) may no longer be available. If you desire to maintain access to any such information, you are encouraged to keep a backup of such information in other locations.
Like many services, websites or applications, we may use "cookies", pixel tags, locally shared objects, web beacons or similar technologies to collect information. A cookie is a small data file that we transfer to your computer's or device’s memory for record-keeping purposes. We may use cookies or such other technologies to improve the quality of the Services, including for storing user preferences and tracking user trends and for any of the other purposes permitted in this Privacy Policy. We may utilize persistent cookies to save your registration/member ID and login password for future logins to the Services. We may utilize session ID cookies to enable certain features of the Services, to better understand how you interact with the Services and to monitor aggregate usage by Company users and traffic routing on the Services. Unlike persistent cookies, session cookies are usually deleted from your computer or device when you log off from the Services and then close your browser or application. Third party advertisers on the Services may also place or read cookies on your browser or within the Services or other application.
Log file information may be automatically reported by your browser or smartphone application each time you access a web page, app or other electronic location. When you use the Services, our servers may record certain information that your web browser, the Services or other application sends whenever you utilize the Services, visit any website or utilize any other services or applications.
Our Services are hosted in the United States. If you use the Services from the European Union, Asia or any other country outside the United States with laws or regulations governing personal data collection, use and disclosure that differ from the United States laws and regulations, please be advised that through your continued use of the Services, you are transferring your information to the United States and you consent to that transfer. Your information may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us or use the Services, Company transfers personal information to the United States and processes it there, and your submission of such information represents your consent and agreement to that transfer.
In order to use our Services you must represent and warrant that you are over the age of 13 before using, downloading or accessing the Services. Children under the age of 13 are not eligible to use the Services and must not attempt to download the Services, register with the Company and/or submit any personal information to us. We do not knowingly collect personal information from any person who is under the age of 13 or allow them to register. If it comes to our attention that we have collected personal data from a person under the age of 13, we will delete this information as quickly as possible.
Without limiting the generality of the foregoing, our Services do allow users above the age of 18 years old – such as care providers, parents and guardians – to submit personal information about others, including minors. Such users assume full responsibility over their submission, use and transmission of such information.
Our Services may contain links to, interoperate with, and allow you to share content to and from third party services, websites and applications. The fact that we link to a website, service or application or allow you to share content through these third parties is not an endorsement, authorization or representation that we are affiliated with that third party, nor is it an endorsement of their privacy or information security policies or practices. Other websites, services and applications follow different rules regarding the collection, use, storage or disclosure of the personal and other information. We encourage you to read the privacy policies or statements of the other websites, services and applications you use.
Even though Company has taken reasonable commercial steps and efforts to prevent your Personal Information and other information covered by this Privacy Policy from being accessed, used, intercepted or disclosed by unauthorized individuals in violation of this Privacy Policy, you should know and you acknowledge that Company cannot fully eliminate security risks associated with your information. You expressly acknowledge and agree that uploading, posting, providing, storing, using, analyzing, transmitting, sharing and/or allowing access to your Personal Information and other information on, through, in or to the Services, and the use of all such Services, are all done at your sole risk and responsibility. You expressly acknowledge that Company and its employees, agents, contractors, collaborators, publishers and business partners are not liable for (i) any special, indirect, consequential, incidental or punitive damages, costs, or liabilities whatsoever arising out of or resulting from your use of the Services, including from your uploading, posting, providing, storing, using, analyzing, transmitting, sharing and/or allowing access to your Personal Information and other information; or (ii) any loss, disclosure or use of your Personal Information or other information.
Unless expressly provided otherwise in writing by the Company and the Services are provided “AS IS” without warranty of any kind. The Company makes no, and hereby disclaims any and all, representations and warranties of any kind, express or implied, with respect to the Services, including without limitation, warranties of merchantability, fitness for a particular purpose and non-infringement.
Updated 6 December, 2018