Privacy Policy - v.7.23

Privacy Policy

Last Updated: July 2023

Healthy Campus (the “Clinic,” “we,” “us” or words of similar import) respects your privacy and is committed to protecting it. This Privacy Policy describes how we may collect, use and share your personal information in connection with your use of www.healthycampus.com and any other Clinic related websites (collectively, the “Website”) and any of the Clinic’s applications, online services, mobile applications, application programming interfaces (APIs) and any other related services (together with the Website, the “Services”). This Policy also explains certain choices you have about how your personal information is used. By using the Services, you consent to the practices described in this Policy, unless further consent is required by applicable law.

You may see other privacy notices when we collect your personal information for certain purposes. Those notices supplement this Policy.

This Privacy Policy does not apply to protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), its rules, or other privacy laws applicable to your relationship with your healthcare provider. Any collected information that constitutes PHI is governed by, and will be used and disclosed solely as permitted under applicable law. To the extent that we receive PHI about you, that information is subject to electronic disclosure to the extent permitted by applicable law.

We encourage you to read this Policy carefully before using the Services or submitting any personal information. By accessing or using the Services, you agree to this Policy. This Policy may change from time to time, and your continued use of the Website and Services after we make changes is deemed to be acceptance of those changes, so please check this Policy periodically for updates.

Information We Collect

When you use our Website and Services, we may collect your personal information when you provide it to us, when it comes linked from other sources or through automated methods. “Personal Information” under this policy means “personal information,” or “personal data” as defined under applicable law, and generally speaking, may include the following:

  • Information that identifies you as an individual, such as: your name, postal address, email address, phone number, credit and debit card number, license plate information and others;
  • Unique identifiers, such as your username, password, marketing preferences, browser type, IP address, the equipment you use to access our Website and your usage and navigation details;
  • Information about health status, provision of health care or payment for health care that can be linked to a specific individual; and
  • Information about your characteristics, conditions or behavior that is associated with one of your identifiers or could otherwise reasonably be linked to you.

“Non-personal information” on the other hand, is information that has been anonymized, aggregated or de-identified such that it cannot reasonably be linked to an individual.

Personal Information

Information You Provide to Us. We may collect from you directly some or all of the categories listed below when you fill out a form on our Website; use any of our Services; or directly contact us with questions or feedback:

  • Identifiers” such as name, address, email address, phone number, user name and similar information;
  • Demographic Information such as preferred language, age, birth date and similar information;
  • Financial Information” such as payment card information;
  • Health Information,” excluding PHI, such as symptoms, health coverage, health history and healthcare provider information;
  • User Content” such as content in your communications or responses to us; and
  • Any other information you voluntarily provide to us.

If you decline to provide requested information, we may not be able to provide one or more Services to you, or you may not receive access to certain features of a Service.

Information Automatically Collected From Your Device. When you access and use our Services, computer servers may automatically collect information from your device or browser. In some cases, we limit this collection to non-personal information, but we may collect the following personal information:

  • Online Identifiers” such as IP address, device ID, cookies and similar information;
  • Device/Browser Information” such as internet service provider (ISP), operating system, device type, browser type and settings;
  • Usage Information and Browsing History such as:
    • usage metrics (including usage rates, occurrences of technical errors, diagnostic reports, settings preferences, backup information, and other logs);
    • user keystrokes in a webform (whether or not the user completes or submits the webform);
    • content interactions (including searches, views, downloads, prints, shares, streams, and displays);
    • user journey history (including clickstreams and page navigation, URLs, timestamps, page response times, page interaction information (such as scrolling, clicks and mouse-overs) and download errors), advertising interactions and preferences (including when and how you interact with marketing materials, purchases or steps you make after seeing an ad) and similar data; and
  • Geolocation Data” such as your approximate physical location when you access our Service.

Some of this information is collected through the use of “Cookies,” which include a piece of data stored on a site visitor’s hard drive to help us improve your access to the Services and identify repeat visitors. Cookies can enable us to track and target the interests of our users to enhance the experience on the Website and compile aggregate data about site traffic and site interaction. We may contract with third-party service providers to assist us in better understanding Website visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business. Usage of a Cookie is not linked to any personal information on the Website. Most Cookies expire after a defined period of time.

Information From Other Sources. We may work with third parties from time to time who assist us in managing or providing Services (e.g., payment processors, web hosting services, online content providers, laboratory testing facilities, health departments) and who collect some of the information described above. We may combine such information with information we collect from you. To the extent the information, alone or in combination, constitutes personal information, we will treat it as personal information as described in this Policy. We are not responsible for the accuracy of any information provided by third parties. Unless you have been notified otherwise, all information collected through our authorized third parties remains governed by security and confidentiality obligations consistent with this Policy and applicable law, including, with respect to PHI, HIPAA.

How We Use Personal Information

We may use the personal information collected for the following purposes, subject to restriction under applicable law:

  • To present our Website and its contents to you;
  • To improve the content on and the Services offered through our Website;
  • To provide you with information, products or services that you request from us;
  • To respond to your inquiries;
  • To contact you with legal notice or other information that may be relevant to the Services;
  • To detect, investigate, mitigate or prevent activities that may violate our policies, threaten the security of our Services or may be fraudulent or illegal;
  • To comply with our legal obligations;
  • To market our Services;
  • To allow you to participate in interactive features on our Website;
  • To fulfill any other purpose for which you provide it; and
  • In any other way we may describe when you provide the information or pursuant to your consent.

We may use non-personal information for any purpose. This may include providing a publicly accessible tally of positive COVID-19 test results, including positive COVID-19 antibody test results, on our Website. For clarity, all test results provided publicly will not include or otherwise be linked to any of your personal information, including your PHI.

Sharing Personal Information

We Do Not Disclose Your Personal Information Except As Follows:

Contractors and Service Providers. We may share your information, and in some cases your personal information, with certain contractors and service providers performing functions or services inherent in our Services provided to you, such as testing laboratories that analyze and provide results for your COVID-19 test, your local Health Department, hosts of our Services, database managers, payment processors, and the like. Where necessary and appropriate, and as required under applicable law, our agreements with those parties prohibit them from using personal information we share for any purpose other than providing services to us and as contemplated by the Services we are providing to you. FOR CLARITY, ALL PERSONAL INFORMATION WE SHARE, INCLUDING YOUR PHI, IS SHARED AND PROTECTED BY US IN COMPLIANCE WITH APPLICABLE LAWS;

Mandatory Disclosures and Legal Proceedings. We may have a legal obligation to disclose personal information about you to government authorities or other third parties when required by law or pursuant to a valid subpoena, litigation demand or court order, or when we, in good faith, believe that such disclosure is necessary to protect the safety of persons or property. We may also need to disclose and otherwise process your personal information in accordance with applicable law to defend our legitimate interests, for example, in civil or criminal legal proceedings;

Mergers and Acquisitions. If we decide to sell, buy, merge or otherwise reorganize our business, this can involve us disclosing personal information to prospective or actual purchasers and their advisers, or receiving personal information from sellers and their advisers; and

Your Consent. We may share your personal information with others if we have your consent to do so.

Quality and Retention of Personal Information. We take reasonable steps to keep your personal information accurate and to delete incorrect or unnecessary personal information. We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy or otherwise communicated to you, unless a longer period is required by applicable law.

Data Security. In order to safeguard personal information against unauthorized access, removal, theft or disclosure, we implement and maintain security procedures and practices appropriate to the nature of the information and reasonable in light of industry standards and our particular operations, risks and resources. Unfortunately, in our increasingly connected digital world, no one can guarantee perfect data security, and we cannot promise that our procedures and practices will always prevent a breach of personal information.

We encourage you to help maximize security by applying your own personal security measures. For more information about what you can do to protect your data, please see the tips and resources offered by the U.S. Federal Trade Commission at https://www.consumer.ftc.gov/topics/privacy-identity-online-security.

Do Not Track” Signals. The web browsers and applications that you use to visit our Website and Services may provide certain “Do Not Track” capabilities. Generally, browsers that have these features enabled send a signal to websites that inform the site operator that you do not wish for the site to track you. We do not respond to these signals because there is not yet a common understanding of how to process these signals or a consensus on what “tracking” means.

Links to Third Party Services. Our Services may contain links to third-party websites, products or services. For example, our Website may contain links provided by social media platforms that you can use to post directly from our Website. Information collected by those third parties is governed by their privacy policies, not ours, and we are not responsible for the content or privacy practices of such other websites. We encourage you to learn about the privacy practices of those third parties.

Protecting Children’s Privacy. You must be eighteen (18) or older to use our Services. Minors under the age of eighteen (18) and at least thirteen (13) years of age are only permitted to use our Services through the consent of and direct supervision by a parent or legal guardian. Our Website is not intended for children under 13 years of age. No one under age 13 may provide any personal information on or through the Website. We do not knowingly collect personal information from children under 13 without the express written consent of a parent or legal guardian. If you are under 13, do not use or provide any information on our Website. If we learn we have collected or received personal information from a child under 13 without verification of parental or legal guardian consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us.

Your Rights and Choices. You may opt-out of our email communications by using the unsubscribe link provided in emails from us or by otherwise contacting us. At any time, you may adjust settings on your browser to refuse cookies and other tracking pixels according to the instructions related to your browser. However, if you choose to disable these technologies, some features of our Services may not operate properly.

California Residents.

Under California Civil Code Section 1798.83, California customers are entitled once a year, free of charge, to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. We do not sell or share your personal information with third-party companies for their direct marketing purposes without your consent. The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, correct, delete, and limit disclosure of personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.

Notice at Collection Regarding the Categories of Personal Information Collected

You have the right to receive notice of certain information about our data collection, use, and disclosure. The following table summarizes the categories of personal information we collect; the categories of sources of that information; whether we disclose, sell, or share that information to service providers or third parties, respectively; and the criteria we use to determine the retention period for such information. The table also summarizes the categories of “sensitive” personal information that we collect, the purposes for which such information is used, and whether we sell or share such information. The categories we use to describe personal information are those enumerated in the CCPA. We collect this personal information for the purposes described above in “How We Use Personal Information.”

Category Information Type Source We disclose to: We sell to/share with:
Identifiers

 

·    Contact information or personal characteristics (name; email address; postal address; telephone number; signature)‌

·    ‌Social media handles

You; our social media pages; third party subscription service providers Service Providers Not sold/shared
Health Information ·    Health information such as symptoms, health coverage, health history and healthcare provider information You Service Providers Not sold/shared
Financial Information ·    ‌‌Payment card data‌

·    ‌Credit information

You Service Providers Not sold/shared
Protected Classifications and Other Sensitive Data ·    ‌‌Date of Birth‌

·    ‌Gender

You Service Providers Not sold/shared
Commercial Information

 

·    ‌Transaction information ‌

·    ‌Billing and payment records‌

·    ‌Order history

You Service Providers Not sold/shared
Geolocation Information ·    ‌Coarse (information that describes location at ZIP code-level or less precision) You; our analytics and advertising partners Service Providers Not sold/shared
Internet or Electronic Network Activity Information ·    ‌‌IP address‌

·    ‌Device identifier (e.g., MAC)‌

·    ‌Advertising identifier (e.g., IDFA, AAID)‌

·    ‌Information provided in URL string (e.g., search keywords)‌

·    ‌Cookie or tracking pixel information‌

·    ‌Information about your interaction with our website, app, email correspondence, or products‌

·    ‌Browsing history‌

·    ‌Search history‌

·    ‌Diagnostic information (e.g., crash logs, performance data)

You; our analytics  and advertising partners Service Providers Not sold/shared
Content of Communications ·    ‌‌Contents of phone calls, emails, or text messages‌ You Service Providers Not sold/shared

 

Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf. We restrict service providers from using personal information for any purpose that is not related to our engagement.

Your rights under the CCPA

  • Opt out of sale or sharing of personal information: We do not sell your personal information to, or share your personal information with, third parties. The right to opt out does not apply to our disclosure of personal information to service providers.
  • Know and request access to, portability of, and correction or deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers to whom we sell, share, or disclose it. You also the right to request transmission of your data to a third party. You also have the right to request in certain circumstances that we correct personal information that we have collected about you and to delete personal information that we have collected directly from you. Please contact us to exercise these rights.

Contact information, submitting requests, and our response procedures

Contact

Please contact us if you have questions or wish to take any action with respect to information to which this privacy policy applies.

Email: support@campusclinic.org

 

300 Spectrum Center Drive Suite 200 Irvine CA 92618

Making a request to exercise your rights

Submitting requests: You may request to exercise your rights by making a request using the contact information above.

We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

You may, under certain circumstances, authorize another individual or a business, called an authorized agent, to make requests on your behalf. We will require the authorized agent and you to each verify your identities.

Verification: We must verify your identity before responding to your request. We verify your identity by asking you to provide personal identifiers that we can match against information we may have collected from you previously. We may need to follow up with you to request more information to verify identity.

We will not use personal information we collect in connection with verifying or responding to your request for any purpose other than responding to your request.

You can learn more about the CCPA here: https://oag.ca.gov/privacy/ccpa.

Changes to this Policy. We will review this Privacy Policy periodically and update it as necessary to reflect material changes in applicable law, our privacy practices or our Services. We will notify you of material changes to how we treat your personal information directly if we have your contact information, and you should periodically review this Privacy Policy to remain aware of our current practices.

Contact Us.

If You Have Any Questions Or Concerns About This Privacy Policy Or Our Practices, Or Wish To Exercise Your Rights Regarding Your Personal Information Under Applicable Law, Please Contact Us Directly At: support@campusclinic.org

Privacy Policies of Providers:

Our various Laboratory Service Providers and/or Health Care Providers have their own unique privacy policies that pertain to their websites and patient information.  You agree to review and hereby consent to their policies as listed below:

Rume Medical Group, Inc.: https://rumehealth.com/privacy/

Covid Clinic: https://www.covidclinic.org/policies/k12/PrivacyPolicy

MedLab2020, Inc: _________________

MVML, Inc.: _______________

Campus Physicians of California, Inc.: _________________