1. Thank You for Using Day Two
2.1 Please note that some or all of the information you provide through the Health Program or App may be Protected Health Information (“PHI”), which is governed by the Health Insurance Portability and Accountability Act and applicable regulations (“HIPAA”). Specifically, we may act as a Business Associate under HIPAA if we are engaged by a Covered Entity, which may include your healthcare provider, healthcare administrator, or healthcare insurance company (“External Health Team”). To provide the Services, we also work with coaches and dieticians, with whom you may interact on the App (“Health Consultants”). For more information about how Health Consultants use, collect, and disclose PHI, please refer to the HIPAA Notice of Privacy Practices.
2. Information We Collect
2.1. Your use of the Services is totally voluntary. If you are uncomfortable with sharing information about yourself, do not use the Services.
2.2 Collecting Information. By using the Services, you will be providing information about yourself so that we can provide the Services to you. Some of this information may be used to directly or indirectly identify you (“PII”), including:
|Category of Information
|Examples and Sources of Collection
|Contact Information and Demographic Information
|We collect this data when you provide it directly to us, or from the External Health Team, when you create an account with the App, sign up for the Health Program, or request to learn more about the Services. This may include your name, address, email address, phone number, date of birth, and gender. This also includes your username and password that you use to access the App.
|Employment or professional information
|We collect this data when you provide it directly to us, or from the External Health Team, when you create an account with the App, sign up for the Health Program, or request to learn more about the Services. This may include your employer name, industry, job title, and business contact information.
|We may collect and process health information submitted by you, or by the External Health Team, when you use the App or participate in our Health Program. Additionally, we may collect this data if you choose to integrate or link the App or Health Program with third-party health or fitness trackers, applications, or other services.
Some or all of this information may be considered PHI. Please refer to the HIPAA Notice of Privacy Practices for more information.
Health information includes:The identifiers and contact information associated with your accountMedical insurance detailsInformation about physical and mental health conditions, diagnoses, or symptomsTreatments for medical conditions, including medications Genetic information (all the information that can be derived from bacterial DNA contained in the stool samples that you provide to us for analysis in connection with the Health Program), blood typeFamily and individual medical and health historyPhysical attributes, physical activity levels, sleep habits, dietary information, and information related to reproduction Lab samples and lab or diagnostic results, including results from glucose monitorsPhotographs you may provide to help us track your progress with the Health ProgramInformation about your interactions with Health Consultants on or through the App or Health Program, which may be in audio or visual formInformation we derive about you based on health information, such as your personal nutrition recommendations, microbiome analyses, or related insights
|Feedback and Correspondence
|We may collect the Personal Information you provide when you contact us with questions, feedback, or otherwise correspond with us online through the App or the Website.
|We may collect general location information if you use features on the Website or App that provide location-based services.
|This includes data that is collected directly from you through automated means, including through the use of our third-party vendors, when you are using the Website or App. This may include: Information about your interactions with and on the Website or App, including the pages you view and your search history. Content you post to the App or Website including messages you send and/or receive and your interactions with our customer service team. Technical data which may include URL information, IP address, device-level data, other technological identifiers, network connectivity data, browser details, and operating system information.
For more information about these technologies, including steps you can take to manage these technologies, please read below.
2.3 Tracking Technologies. As noted above, we automatically collect PII from you when you access the Website or App on your browser or mobile device. We may use several technologies, including third-party vendors, to receive and/or collect this data as follows:
3. Information Sharing, Use, and Disclosure.
3.1 How We Use and Disclose PII. We use and disclose your PII for reasons described below to affiliates, service providers, business partners, the External Care Team, Health Consultants, and other third parties. This includes your employer in order to facilitate your access to the Services, as well as the External Care Team, healthcare entities, and related parties that directly or indirectly provide or facilitate the Health Program. We use and disclose PII in the following contexts:
3.2 Compliance with Laws, Law Enforcement, and our Legal Interests. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose PII to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate, or legally actionable. We may also disclose PII to our attorneys, consultants, accountants, or similar advisors to assess or assert our legal or business interests.
3.4 Aggregate, De-Identified, and Non-Identifying Information. We may share aggregate, de-identified, and non-identifying information with third parties for any purpose, including for research purposes, industry analysis, demographic profiling, statistical purposes, and/or any other commercial purposes.
4. Communication Preferences
4.1 Opt-out. We may send you promotional, marketing, or similar content (“Promotional Material”) via email, automated voice-messages, and text messages. Please note, that if you are no longer interested in receiving these Promotional Materials, you can opt-out at any time by following the unsubscribe instructions provided in Promotional Material itself. Following the receipt of an opt-out request, we will remove you from the Promotional Materials distribution list. This opt-out request does not apply to certain transactional or service-related messages that we must send to you, such as your registration materials for the Services, information about your account, or other items or communications that you specifically request from us.
5. Data Protection and Security.
5.1 We are concerned with safeguarding Your PII. We employ a combination of administrative, technical, personnel, and physical measures designed to protect Your PII from unauthorized access, use, disclosure, and modification. However, we do not promise that any information or private communications will be fully protected from unauthorized disclosure or use.
5.2 Use Caution. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. If you receive an email asking you to update your information with respect to the Services, do not reply and please contact Us at firstname.lastname@example.org. You are solely responsible for maintaining the confidentiality of your login information and for restricting access to your mobile device while logged into the account. You will be responsible for all activities coming from your account or from your mobile device, including upload of Information, whether authorized by you. You are solely responsible for adequate protection and backup of your PII. If you cease to use the Services and/or if you transfer your mobile device to someone else, it is your obligation to uninstall the app from your mobile device.
6. International Processing and Transfer.
6.1 You are aware that we may process, maintain, store, and/or or transfer some PII (whether in whole or in part, including some or all Health Information defined in the above table) to countries outside of your state or country (including Israel), where the privacy laws may not be as protective as those in your jurisdiction, and you hereby provide your informed consent to the use and/or process and/or storage and/or transfer of the content (including, without limitations to your PHI to countries outside your state or country).
7.1 We retain user’s PII for as long as such individuals are using our Services. If a user ceases to use our Services, we may continue to retain certain PII of that user for the period required by our legal and regulatory obligations and/or for accounting purposes (i.e., as required by applicable laws regulating our Services, for bookkeeping purposes, and to have proof and evidence concerning our relationship with that user, should any legal issues arise following the user’s discontinuance of use of our Services). Please note that except as required by applicable law, we will not be obligated to retain your information for any period, and we are free to securely delete it for any reason and at any time, with or without notice to you. Unless otherwise restricted by applicable law, non-PII may be retained indefinitely.
8. Our Policy toward Children.
8.1 The Service is intended for a general, adult audience. We do not knowingly collect PII from minors aged 18 or younger. If a parent and/or legal guardian becomes aware that his or her child has provided us with PII without their consent, he or she should contact us at email@example.com.
9. Applicable Law.
10. Contacting Us.
10.1 If You have any concerns or questions about this Policy, please contact us at firstname.lastname@example.org.
Effective Date: April 28, 2023
Updated: April 26, 2023
Copyright © 2023 Day Two, Inc.