Healthy Campus is a health platform that offers various programs to support the mental wellness of students by regularly monitoring their engagement and progress. Each student receives a personalized care plan and has multiple interactions with their providers, allowing for modifications based on their needs. The program focuses on district administration, resource management, and enhancing patient experience. It integrates with Student Information Systems for bi-directional student updates, consent management, and increased parent/student engagement.

 

Scope of this Policy

This privacy policy applies to:

• Healthy Campus and our affiliate companies under MVML Inc, (“Healthy Campus,” “we,” “us,” “our”).
• Healthy Campus’s online properties (including our websites and websites or mobile applications that link to it), our social media pages or handles, our products and services (the “Services”).

This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to third-party websites, mobile applications, or services that may link to the Services or be linked to from the Services. Please review the privacy policies on those websites and applications directly to understand their privacy practices.

We may change this Policy from time to time. If we do, we will notify you by posting the updated version.

 

Information We Collect

We collect information from you directly, from the devices you use to interact with us, and from third parties. We may combine information from the Services together and with other information we obtain from our business records. We may use and share information that we aggregate (compile to create statistics that cannot identify a particular individual) or de-identify (strip information of all unique identifiers such that it cannot be linked to a particular individual) at our discretion.

 

Information you give us

You may provide the following information to us directly:

• Contact and professional information, including name, email address, telephone number, and job title, as well as company name and size.
• Demographic information.
• Audiovisual information, including recordings of online events, meetings or sessions.
• Payment information, including credit card information.
• As part of our services, we may collect information related to your health to provide personalized healthcare services and support.
• Content you may include in survey responses.
• Information contained in your communications to us in any and all electronic format.
• Information you make available to us via a social media platform.
• Any information or data you provide by interacting in our online forums and chatrooms, or by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services.
• Your use of our Services.
• Any other information you submit to us.

 

Information we collect automatically

We and partners working on our behalf may use log files, cookies, or other digital tracking technologies to collect the following information from the device you use to interact with our Services. We also create records when you make purchases or otherwise interact with the Services.

• Device information, including IP address, device identifiers, and details about your web browser.
• Analytical information, including details about your interaction with our Services, website, app, and electronic newsletters.
• Diagnostic information, including web traffic logs.
• Advertising information, including special advertising and other unique identifiers that enable us or third parties working on our behalf to target advertisements to you. Please be aware that our advertising partners may collect information about you when you visit third-party websites or use third-party apps. They may use that information to better target advertisements to you on our behalf.
• Business record information, including records of your purchases of products and services and use of our Services.

The following is a list of our partners who collect the information described above. Please follow the links to find out more information about the partner’s privacy practices.

Partner	Information Type Collected
Google Analytics	Device information, Analytical information, Diagnostic information, Advertising information,

 

How We Use Your Information

We may use any of the information we collect for the following purposes.

• Service functionality: To provide you with our products and services, including to take steps to enter a contract for sale or for services, bill or invoice for services, process payments, fulfill orders, send service communications (including renewal reminders), and conduct general business operations. Services may also include the following:
  • Photo Management: Users can upload or take new photos for their profile, which are stored locally on the device and not in the app storage after deletion. Photos linked through healthcare providers are not interacted with by the app.
  • Document Viewing: Documents like visit notes viewed on the app are temporarily stored for the session and then deleted.
  • Communication with Providers: Users can send photos or videos to healthcare providers through the app; these media files are stored only in the device’s camera app.
  • Telehealth: For telehealth visits, the app requests access to the device’s audio and video but does not record or store these data.
  • Appointment Management: The app can temporarily store identifiers for appointment arrival features, which are deleted if the feature is disabled.
• Service improvement: To improve and grow our Services, including to develop new products and services and understand how our Services are being used, our customer base and purchasing trends, and the effectiveness of our marketing.
• Personalization: To offer you recommendations and tailor the Services to your preferences.
• Advertising and marketing: To send you marketing communications, personalize the advertisements you see on our Services and third-party online properties, and measure the effectiveness of our advertising. We may share your information with business partners, online advertising partners, and social media platforms for this purpose.
• Security: To protect and secure our Services, assets, network, and business operations, and to detect, investigate, and prevent theft, unauthorized use, or abuse of the Services and other activities that may violate our policies or be fraudulent or illegal.
• Legal compliance: To comply with legal process, such as warrants, subpoenas, court orders, and lawful regulatory or law enforcement requests and to comply with applicable legal and regulatory requirements.

 

How We Share Your Information

We may share any of the information we collect with the following recipients.

• Health providers and systems: for the provision of the health services you have requested.
• Affiliates: We share information with other members of our group of companies.
• Service providers: We engage vendors to perform specific business functions on our behalf, and they may receive information about you from us or collect it directly. These vendors are obligated by contract to use information that we share only for the purpose of providing these business functions, which include:
  • Supporting Service functionality, such as vendors that support event registration, customer service and customer relationship management, subscription fulfillment, freight services, application development, list cleansing, postal mailings, and communications (email, fax).
  • Auditing and accounting firms, such as firms that help us create our financial records.
  • Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
  • Analytics and marketing services, including entities that analyze traffic on our online properties and assist with identifying and communicating with potential customers.
  • Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
  • Information technology vendors, such as entities that assist with website design, hosting and maintenance, data and software storage, and network operation.
  • Marketing vendors, such as entities that support distribution of marketing emails.
• Business partners: From time to time, we may share your contact information with other organizations for marketing purposes.
• Online advertising partners: We partner with companies that assist us in advertising our Services, including partners that use cookies and online tracking technologies to collect information to personalize, retarget, and measure the effectiveness of advertising.
• Social media platforms: If you interact with us on social media platforms, the platform may be able to collect information about you and your interaction with us. If you interact with social media objects on our Services (for example, by clicking on a Facebook “like” button), both the platform and your connections on the platform may be able to view that activity. To control this sharing of information, please review the privacy policy of the relevant social media platform.
• Government entities/Law enforcement: We may share information when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, or where necessary to protect our property or rights or the health and safety of our employees, contractors, customers, or other individuals.
• Other businesses in the context of a commercial transaction: We may change our ownership or corporate organization while providing the Services. We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information as described in this policy.

 

Security

We are deeply committed to the privacy and security of data, investing over two years and thousands of hours into establishing the highest industry security standards. We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. We have implemented  security controls from the National Institute of Standards and Technology (NIST) required to meet NIST 800-173 standards, a testament to our dedication to maintaining robust security measures. These protocols, validated by third-party assessors, undergo continuous monitoring to adapt to the evolving security landscape. Our commitment strives to ensure the confidentiality, integrity, and availability of information as we navigate the advancements in technology with a steadfast dedication to security and trust. This dedication extends to our comprehensive security strategy for employees who handle sensitive patient information. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

 

Your Options and Rights Regarding Your Information

Your Account: Please visit your account settings to update your account information.

Email Unsubscribe: If you do not wish to receive marketing information from us or wish to opt out of future email promotions from us, please contact us. Please note that all promotional email messages you receive from us will include an option to opt out of future email communications.

Do Not Track: Your browser or device may include “Do Not Track” functionality. Our information collection and disclosure practices and the choices that we provide to you will continue to operate as described in this privacy policy regardless of whether a Do Not Track signal is received.

Jurisdiction-specific rights: You may have certain rights with respect to your personal information depending on your location or residency. Please see “privacy disclosures for specific jurisdictions” below. Please contact us to exercise your rights.

 

Other Important Information

 

Data retention

We may store information about you for as long as we have a legitimate business need for it, to meet HIPAA requirements or meet FERPA requirements.

Information about children

Healthy Campus designs its Services to comply with all applicable laws, including the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).

For purposes of FERPA, in furnishing the Services, Healthy Campus functions as a “school official” performing a service or function for which our Education Customer would otherwise use school employees. “Education Customers” include educational institutions including education departments, boards of education, school districts, schools, community organizations, libraries, and other entities and their personnel who use our Services pursuant to a written agreement. Healthy Campus relies on its Education Customers to obtain any parent, guardian or other consents required under applicable law or district policy for us to collect, process or maintain personal information or personally identifiable information.

Sharing of Medical or Health Information

If we receive protected health information about you, that information is subject to electronic disclosure as permitted by applicable law.

 

Privacy Disclosures for Specific Jurisdictions

 

California

Your California Privacy Rights; “Shine the Light” Law

California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. We do not share your personal information with third parties for those third parties’ direct marketing purposes.

California Consumer Privacy Act

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, correct, delete, and limit disclosure of personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. If we collect personal information subject to the CCPA, that information, our practices, and your rights are described below.

Notice at Collection Regarding the Categories of Personal Information Collected

You have the right to receive notice of certain information about our data collection, use, and disclosure. The following table summarizes the categories of personal information we collect; the categories of sources of that information; whether we disclose, sell, or share that information to service providers or third parties, respectively; and the criteria we use to determine the retention period for such information. The table also summarizes the categories of “sensitive” personal information that we collect, the purposes for which such information is used, and whether we sell or share such information.  The categories we use to describe personal information are those enumerated in the CCPA. We collect this personal information for the purposes described above in “How We Use Your Information.”

Category	Information Type	Source	We disclose to:	We sell to/share with:
Identifiers	·       Contact information or personal characteristics (name; email address; postal address; telephone number; signature) ·       Social media handles	You; our social media pages; third party subscription service providers	Service Providers	Not sold/shared
Health Information	·       Protected health information ·       Physical or mental status or ailments	You	Service Providers	Not sold/shared
Financial Information	·       Payment card data ·       Bank account information ·       Credit information ·       Transaction data	You	Service Providers	Not sold/shared
Protected Classifications and Other Sensitive Data	·       Date of Birth ·       Gender	You	Service Providers	Not sold/shared
Commercial Information	·       Transaction information ·       Billing and payment records ·       Order history	You	Service Providers	Not sold/shared
Biometric Information	·       Fingerprint ·       Voiceprint ·       Facial recognition ·       Eye recognition	You	Service Providers	Not sold/shared
Geolocation Information	·       Precise (information that describes location with more precision than ZIP code, e.g., GPS data) ·       Coarse (information that describes location at ZIP code-level or less precision)	You; our analytics and advertising partners	Service Providers	Not sold/shared
Internet or Electronic Network Activity Information	·       IP address ·       Device identifier (e.g., MAC, IMEI) ·       Advertising identifier (e.g., IDFA, AAID) ·       Information provided in URL string (e.g., search keywords) ·       Cookie or tracking pixel information ·       Voice Service usage ·       Video Service usage ·       Information about your interaction with our website, app, email correspondence, or products ·       Browsing history ·       Search history ·       Bandwidth usage ·       Diagnostic information (e.g., crash logs, performance data)	You; our analytics and advertising partners	Service Providers	Not sold/shared
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information	·       Call recordings ·       Photographs ·       Video	You	Service Providers	Not sold/shared
Professional or Employment-Related Information	·       Current employer ·       Job title	You	Service Providers	Not sold/shared
Education Information	·       Education history ·       Level of education	You	Service Providers	Not sold/shared
Inferences Drawn About You	·       User profile reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes	You; our analytics and advertising partners	Service Providers	Not sold/shared
Content of Communications	·       Contents of voice calls, voicemails, emails, or text messages ·       Photos	You	Service Providers	Not sold/shared
Communications Metadata	·       Call detail ·       Text Detail	You; Service Providers	Service Providers	Not sold/shared
Contacts	·       List of contacts that you supply to us ·       List of contacts we collect from your device with your permission	You	Service Providers	Not sold/shared

 

We determine the retention period for each of the categories of personal information listed above based on (1) the length of time we need to retain the information to achieve the business or commercial purpose for which it was obtained, (2) any legal or regulatory requirements applicable to such information, (3) internal operational needs, and (4) any need for the information based on any actual or anticipated investigation or litigation.

Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf. We restrict service providers from using personal information for any purpose that is not related to our engagement.

Under the CCPA, a business “sells” personal information when it discloses personal information to a company for monetary or other benefit. A company may be considered a third party either because we disclose personal information to the company for something other than an enumerated business purpose under California law, or because its contract does not restrict it from using personal information for purposes unrelated to the service it provides to us.  A business “shares” personal information when it discloses personal information to a company for purposes of cross-context behavioral advertising. We do not sell, trade, or otherwise transfer to outside parties any Personally Identifiable Information.

Your rights under the CCPA

• Opt out of sale or sharing of personal information: You have the right to opt out of our sale or sharing of your personal information to third parties. To exercise this right, please visit your account settings in your profile and choose the “Do Not Sell or Share My Personal Information” webpage or contact us. Your right to opt out does not apply to our disclosure of personal information to service providers.
• Know and request access to and correction or deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers to whom we sell, share, or disclose it. You also have the right to request in certain circumstances that we correct personal information that we have collected about you and to delete personal information that we have collected directly from you. Please contact us to exercise these rights.

 

Contact information, submitting requests, and our response procedures

 

Contact

Please contact us if you have questions or wish to take any action with respect to information to which this privacy policy applies.

Email:   support@healthycampus.com

Mail:     Healthy Campus, 300 Spectrum Center Drive, Suite 200, Irvine, CA 92618

 

Making a request to exercise your rights

Submitting requests: You may request to exercise your rights by submitting an email or making a written request request using the contact information above.

If you are a resident of California, you may, under certain circumstances, authorize another individual or a business, called an authorized agent, to make requests on your behalf.

We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

Verification: We must verify your identity before responding to your request. We verify your identity by asking you to provide personal identifiers that we can match against information we may have collected from you previously. We may need to follow up with you to request more information to verify identity.

We will not use personal information we collect in connection with verifying or responding to your request for any purpose other than responding to your request.