Privacy Policy

Scroll down to read Viasana's Privacy Policy in it's entirety.

    Privacy Policy

    PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT.

    WE RESERVE THE RIGHT TO AND MAY MODIFY THIS PRIVACY POLICY AT OUR DISCRETION FROM TIME-TO-TIME. YOUR CONTINUED USE OF OUR SITE AFTER WE MAKE CHANGES IS DEEMED TO BE ACCEPTANCE OF THOSE CHANGES, SO PLEASE CHECK THIS PRIVACY POLICY FREQUENTLY FOR UPDATES.

    IF YOU DO NOT AGREE WITH OUR POLICIES AND PRACTICES, YOU SHOULD NOT USE OR ACCESS THE SITE.

    ViaSana LLC (“ViaSana”, “us”, “our”, or “we”) operates the website located at ViaSana.co or any of its subdomains or derivative URLs (collectively, the “Websites” and together with the Platform Services, the “Sites”). This Privacy Policy describes how we collect and use Personal Data about you through the use of the Sites and through email, text, and other electronic communications between you and us.

    We understand your concerns about privacy and are committed to protecting it through our compliance with this policy (this “Privacy Policy”).

    Introduction.

    This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the Sites and our practices for collecting, using, maintaining, protecting, and disclosing that information.

    About Us.

    Our services allows Registrants to get matched with Providers, manage communication between them, and connect for live physical therapy sessions across the platform.

    Key Terms.

    Throughout this Privacy Policy, these terms have the following meanings:

    • “Account” means the ViaSana account which a User creates by registering with the Sites and accepting the TOS, Acceptable Use Policy (available at https://viasana.co/aup), and this Privacy Policy and, for Providers, a subscription agreement or other agreement for use of the Platform Services with ViaSana.
    • "Authorized User” means either (1) any named individual to whom a Provider has granted access to use the Platform Services on its behalf by providing login credentials, regardless of whether or not the Authorized User accesses the Platform Services, and which may include a Provider’s employees, independent contractors, customers, visitors, and affiliates; or (2) if you have a subscription agreement or other agreement with ViaSana in which the term “Authorized User” is defined, the definition in that agreement.
    • “Provider” means any licensed physical therapist (whether working as a sole practitioner or employed or affiliated with an entity as a licensed physical therapist) that has both: (1) a subscription agreement or other agreement to use the Platform Services with ViaSana and (2) that has registered and has been approved to use the Platform Services (including any of that person’s or entity’s Authorized Users as defined in the applicable agreement with ViaSana).
    • “Electronic PHI” means PHI that is transmitted or maintained in electronic form or medium.
    • “Personal Data” means PHI, or personally identifiable information (or PII) by which you may be individually identified, including, but not limited to: your name; mailing addresses; email addresses; telephone numbers; date of birth; payment account numbers (for payment purposes only); government or license identification numbers (including physical therapy license numbers for Providers); driver’s license numbers; photos, audio, and video of you; your gender; your medical history and health information (for Registrants); criminal background checks / information (through our third-party providers, for Providers); or any other identifier by which you may be contacted online or offline.
    • “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and the privacy, security, and breach notifications regulations promulgated thereunder from time-to-time by the United States Department of Health and Human Services (collectively, and together with the Health Information Technology for Economic and Clinical Health Act (HITECH)) all as amended from time-to-time.
    • “PHI” or “Protected Health Information” has the meaning defined by HIPAA.
    • “Platform Services” means the applications that are made available by ViaSana for use by our registered users and clients (which includes Providers and Registrants), including, but not limited to, their updates, documentation, and derivative works.
    • “Registrant” means any individual who is a registered user of our Platform Services who wishes to find and engage with a Provider.
    • “TOS” means our Terms of Service agreement (available at https://viasana.co/terms).
    • “Visitor” means, depending on the context, any person who visits any of the Sites, offices, or otherwise engages with us.
    • “you” or “your” means, depending on the context, either a Provider, Registrant, or Visitor.

    ViaSana is Not a Provider.

    ViaSana is not a medical provider, medical group, physical therapy provider, physical therapy group, or Provider and does not offer any medical advice, consults, or similar services. Any telemedicine consults obtained through the Sites are provided by the applicable Provider and not by ViaSana. Therefore, your Provider, and not ViaSana, is solely responsible for providing you with the Provider’s “Notice of Privacy Practices” describing its collection and use of your health information. If you do not agree to be bound by those terms, you are not authorized to access or use the Sites, and you must promptly cease all use of the Sites.

    Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use the Sites. By accessing or using the Sites, you agree to this Privacy Policy.

    Changes to This Privacy Policy.

    We reserve the right to and may modify this Privacy Policy at our discretion from time-to-time. We will provide notice by, at a minimum, updating this posting and the Effective Date at the top. You are expected to carefully review the Privacy Policy from time-to-time in order to be aware of any changes.

    Any changes to this Privacy Policy will be in effect as of the Effective Date referenced at the top of this Privacy Policy. By using this Sites, you agree to be bound by any such changes and to our collection and sharing of your Personal Data according to the terms of the then-current Privacy Policy.

    We encourage you to review this Privacy Policy often to stay informed of changes that may affect you. Our electronically or otherwise properly stored copies of this Privacy Policy are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this Privacy Policy that was in effect on each respective date you visited the Sites. However, if we make material changes to this Privacy Policy, we will notify you either through the email address you have provided us or by means of a prominent notice on the Sites before the change becomes effective. You are responsible for ensuring we have an up-to-date active and deliverable email address for you.

    Your continued use of the Sites after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy frequently for updates.

    Children Under The Age Of 18.

    Our Sites and the Platform Services are not intended for children under the age of 18 and children under the age of 18 are not permitted to use the Sites.

    Parents or guardians of children under 18 are welcome to use the Sites to create an Account in order to find and interact with a Provider on their children’s behalf, submit their child’s Personal Data, and agree to these TOS on their behalf, including consenting to Provider consultation services.

    If we learn we have collected or received personal information directly from a child under 18 without verification of parental or guardian consent, we will delete that information. If you believe we might have any information from or about anyone under 18, please contact us using the contact details provided in Section ‎16 (Contact Us).

    Information You Provide.

    The Personal Data that we collect about you depends on the context of your interactions with ViaSana, your Account settings, the products and features you use, your location, and applicable law. Personal Data we collect broadly falls into the following categories based on your user type:

    Providers.

    Information You Provide to Us. As a Provider, you may provide certain Personal Data to us when you register for an Account and use the Platform Services, consult with our support team, send us an email, or communicate with us in any other way. We will usually let you know prior to collection whether the provision of Personal Data we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information. The information you provide to us may include:

    • Registration Information. You must create an Account with us to use the Platform Services as a Provider. When you register for an Account, we ask you to provide business and professional contact information which may include your job title, organization, location, phone number, email address, licensure information, and/or other pertinent information.
    • Marketing information. Including contact preferences and frequency of emails.
    • Account and Support Information. Account log in credentials; troubleshooting and support data (for example, data you provide or that we collect in connection with a support query that we receive from you) including, but not limited to, contact or authentication data, the content or transcript of your communication with us, and information regarding the product or service you are using related to your help inquiry.
    • Payment/billing Information. This may include credit card numbers, associated identifiers, and your billing address.
    • Historical Information. We will also maintain a record of your purchases, transactional information, ythe Sites history and usage, support logs and history, records and copies of your correspondence (including email addresses), if you contact us; details of transactions and interactions you carry out through the Sites and throughout the fulfillment of your requests; information that you provide when you report a problem with the Sites; and information you provide to our third-party service providers on our behalf (including information you provide for background checks and to process payments).
    • User Contributions. You may provide information to be transmitted to other users of the Sites or third parties (collectively, “User Contributions”). Your User Contributions are transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable and we have no control over the security of third-party social media sites. Additionally, we cannot control the actions of other Users with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

    Registrants.

    • Information You Provide to Us. As a Registrant, you may provide certain Personal Data to us when you register for an Account and use the Platform Services; consult with our support team; send us a message or email; or communicate with us or a Provider in any other way. We will usually let you know prior to collection whether the provision of Personal Data we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information. Other information may include:
    • records and copies of your correspondence (including email addresses), if you contact us;
    • details of transactions and interactions you carry out through the Sites and throughout the fulfillment of your requests; or
    • information that you provide when you report a problem with the Sites.
    • Information You Provide to a Provider. As a Registrant, you may provide certain Personal Data in order to obtain Provider services; consult with a Provider; send a Provider a message or email; or communicate with a Provider in any other way. Such information may include:
    • information that you provide by filling in forms, surveys, or assessments on the Sites or the Platform Services while utilizing consultation or other services or requesting further services; and
    • information you share with your Provider from that Provider (though, in such cases, we will utilize strict confidentiality including, but not limited to, detailed in written agreements with Providers that are legally required to protect your Personal Data).
    • Information We Receive About Registrants From Our Providers. Your Provider may provide us with certain information about you with respect to your care. You may have the opportunity to update some of this information by electing to update or manage your preferences via an email you receive from your Provider.

    Your Provider may record (audio and video) all or part of your interaction with him or her (and may also store text and images from your consultation through the use of an encrypted applications in the Platform Services (collectively “Recordings”).

    We will keep such Recordings confidential, and we will not publicly display Recordings unless legal required to do so. By accessing and using the Sites, you agree and consent to such Recordings for the purposes and uses set forth in the TOS and as otherwise set forth in this Privacy Policy. You may withdraw your consent to record at any time by ending the conversation with the Provider and either logging our or ending your session in the Sites. You may request that ViaSana delete the Recording by Contacting Us as set forth below. However, deleting a Recording from the Sites does not necessarily guarantee that all copies of such Recordings have been deleted (for example, if the Provider has downloaded or otherwise saved a copy of the Recording for their local files). Therefore, we cannot and do not guarantee that Recordings will not be viewed by unauthorized persons.

    • User Contributions. You may provide User Contributions which are transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable and we have no control over the security of third-party social media sites. Additionally, we cannot control the actions of other users of the Sites with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

    Visitors.

    Information You Provide to Us. Our Sites offer various ways to contact us to inquire about us and our services. If you choose to provide additional information when you communicate with us, or otherwise interact with us, we may keep copies of any such communications for our records. The information we collect may include Personal Data; the nature of your communication; marketing information or contact preferences; and other information you choose to provide to us when entering text while filling in our forms, surveys, or assessments.

    Information We Collect Automatically and From Other Sources.

    We collect different types of information about you, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users.

    Automated Collection.

    We may collect information directly from you or through automated collection technologies when you use the Sites, such as:

    • Device information: We may collect information about your device and the applications you use to access the Sites, such as your IP address, operating system, browser ID, or other information about your system and connection.
    • Log data: We keep log files on our web servers that record the nature of each access and the applicable data every time a device accesses an applicable server, which may include your originating IP address and your activity while using the Sites (for example, date and time stamps, pages and files viewed, searches and other actions you take such as which features you accessed), device event information (for example, system activity, error reports or crash dumps), hardware settings, and metadata (or other data about data), and other information associated with files that you upload to the Sites.
    • Usage data: We collect usage data about you whenever you interact with the Sites, which can include dates and times you access the Sites and browsing activities (for example, the portions of the Sites you used) as well as performance data regarding the Sites, including metrics related to the deliverability of emails and other communications you send through the Sites. This information allows us to improve the content and operation of the Sites, and facilitate research and analysis of the Sites.
    • Communication Engagement Data: Communication sent by or on behalf of our Providers through the Sites may include page tags (also known as web beacons) that allow us or the Provider to receive information about when and who opened those messages. Additionally, your engagement with any links in messages sent using the Sites is reported to the us. This tracking of communication engagement is active by default for all users of the Sites. Our users are able to turn off message tracking whenever a user withdraws consent for tracking; or based on the user’s determination of their own legal obligations regarding the use of this technology.

    (such device information, log, usage, and communication engagement data, collectively, “PS Usage Data”). In some jurisdictions, this information is considered Personal Data under applicable data protection laws. We use cookies and other tracking technologies to collect some of this information. Please see Section ‎11 (Cookie Notice) for more information.

    Analytics Technologies.

    We may use Google Analytics or other similar technologies (the “Analytics Technologies”) to collect and process certain information about you and your use of the Sites. The information collected by the Analytics Technologies is statistical in nature and does not include Personal Data, and we do not maintain it or associate it with Personal Data we collect in other ways or receive from third parties.

    Our web server and/or the Analytics Technologies may collect and store the following general information about you: the originating name of the domain from which you access the internet; the date and time you access the Sites; the pages of the Sites you visit; your internet protocol addresses; the internet address of the website from which you linked directly to us; and the type of device, device ID and web browser you use to access the Sites.

    This information is collected automatically. It is used to help us improve the Sites by tabulating the number of visitors to the Sites in terms of Users, origin of referrers, popularity of pages, amount of use, types of errors, and to make the Sites more useful to you.

    • Google Analytics: You may learn more about how Google uses the information it collects by visiting the following website: “How Google Uses Data When You Use Our Partners' Sites or Apps” (located at https://www.google.com/policies/privacy/partners/). Google’s ability to use and share information collected by Google Analytics about your visits to the Sites is restricted by the Google Privacy Policy (located at https://www.google.com/policies/privacy/).

    Information We Collect from Other Sources.

    Occasionally, we may obtain information about you from third-party sources, such as public databases, social media platforms, third-party data providers, and our joint marketing partners. Examples of information we may receive from other sources include general demographic information, IP addresses, location/GPS information, and online behavioral data. We may use this information alone or in combination with other Personal Data we collect in an effort to enhance our ability to provide relevant service and content to you or to develop and provide more relevant products, features, and services.

    How We Use Your Information.

    For Our Legitimate Business Purposes.

    We may use the Personal Data we collect through the Sites and in connection with our events and marketing activities, and whether alone or in combination with other data we collect, for a range of reasons in reliance on (and to the extent necessary for) our legitimate interests, including, but not limited to:

    • providing, operating, optimizing, maintaining, and managing the Sites; improving navigation and content; conducting research and development; processing transactions and setting up Accounts; identifying any server problems or other IT or network issues; conducting data analysis and identifying usage trends; expanding our business activities or product offerings; and facilitating the security and continued proper functioning of the Sites;
    • recruiting, if you have applied for a position with ViaSana;
    • cooperating with public and government authorities, courts, or regulators in accordance with our legal obligations under applicable laws to the extent such cooperation requires the processing or disclosure of Personal Data as necessary to (1) protect our rights, (2) protect against misuse or abuse of the Sites, (3) protect the safety of personal property or others, (4) pursue remedies available to us and limit our damages, (5) comply with judicial proceedings, court orders, or other legal processes, or (6) respond to lawful requests.

    To Send You Information or Deliver Advertisements to You

    We may also use your information:

    • to send you secure electronic messages and personalized emails pertaining to your interests as inferred from your use of the Sites, in accordance with your marketing preferences, including, but not limited to news, announcements, reminders, and opportunities from ViaSana; about our own goods and services that may be of interest to you; information about our products, services, promotions, or events as necessary to conduct direct marketing; responding to and providing you with information and access to resources or services based on your inquiries or requests; and other information to the extent you have provided your prior consent; and
    • about how you browse the Sites in order to display ads for us or our advertising partners that are relevant to your interests using cookies or other information to provide relevant interest-based advertising (which are ads presented to you based on your browsing behavior and tailored to your interests) while you are browsing the Sites or third-party sites not owned by ViaSana.

    Please see Section ‎8 (Disclosure Of Your Information) or Section ‎9 (Choices About How We Use And Disclose Your Information) for more information.

    For Data Aggregation or De-Identification.

    We may aggregate or de-identify your information such that it is no longer considered Personal Data (specifically, PHI or PII) under applicable laws. We may disclose, sell, or otherwise use such aggregated or de-identified information for our own purposes or provide such information to third parties for analytics, research, or other purposes without restriction.

    Where we collect your information in our role as a HIPAA business associate to your Provider, we will use and disclose that information solely in accordance with the terms of applicable law and the applicable BAA between your Provider and us. Please see Section ‎13 (HIPAA Business Associate Privacy Policy) for more information.

    Disclosure Of Your Information.

    We process Personal Data only to the extent necessary to carry out our obligations to you and our Providers. We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy.

    We may disclose your Personal Data to a few third parties, including:

    • with your consent;
    • to fulfill the purpose for which you provide it (such as to a Provider if you have requested such a feature of the Sites);
    • for any other purpose disclosed by us when you consent to and do provide the information;
    • our affiliates and our third-party service providers that we use to support our business;
    • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
    • to enforce or apply our TOSs or other agreements with us to which you are a party (including for billing and collection purposes);
    • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction); or
    • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by ViaSana about the Sites users are among the assets transferred.

    Third-party contractors, service providers, and other third parties we use to support our business may include those providing IT and infrastructure support services as well as ordering, marketing, and payment processing services. Our payment processors’ privacy policies may be found at:

    Choices About How We Use And Disclose Your Information.

    We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising. However, we do not control the collection and use of your information collected by third parties as described above in Section ‎8 (Disclosure of Your Information).

    When possible, these organizations are under contractual obligations to use this data only for providing the applicable services to us and to maintain it as strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes. We have created mechanisms to provide you with control over your Personal Data:

    • Tracking Technologies and Advertising. You can set your browser or operating to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Sites may then be inaccessible or not function properly.
    • Promotional Offers from Us. If you have opted-in to our marketing emails, you can opt-out of receiving marketing emails from us at any time by clicking the “unsubscribe” link at the bottom of our marketing messages or logging onto your Account profile page. This opt-out does not apply to information provided to us as a result of a product purchase, or your use of our services.
    • Targeted Advertising. We belong to ad networks that may use your browsing activity across participating websites to show you interest-based advertisements on those websites. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance (https://www.aboutads.info) and the Network Adverti sing Initiative websites (https://www.networkadvertising.org). Please note that choosing to o pt out will not remove or disable ads, but the ads you see will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising, though third parties may provide you with ways for to opt out of having your information collected or used in this manner.

    Additionally, opt-out requests can be made by contacting us using the contact details provided in Section ‎16 (Contact Us). Please note that some communications (such as service messages, account notifications, billing information) are considered transactional and necessary for account management, and you cannot opt out of these messages unless you cancel your Account.

    Your Rights Regarding Your Information And Accessing And Correcting Your Information.

    You may review and change your personal information by logging into the Sites and visiting your Account profile. However, we cannot delete your Personal Data except by also deleting your Account. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect. If you have concerns about your Personal Data, please contact us using the contact details provided in Section ‎16 (Contact Us).

    Cookie Notice.

    ViaSana, our partners, and our vendors use cookies and similar technologies to recognize you, as well as to collect and store PS Usage Data or to track and analyze your actions when you visit the Sites. In addition, we use these technologies to track and analyze logged-in users of the Sites and recipients of messages sent through our Platform Services.

    These may include using cookies and similar tracking technologies, such as pixels and web beacons. Such technologies allow us to collect information such as your IP address, browser, email client type, and other similar details. We use this information to measure the performance of our application and to provide analytics information and enhance the effectiveness of the Sites.

    What are Cookies?

    Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

    We refer to cookies created by us as “ViaSana Cookies” and those created by parties other than us as “third-party cookies”. Third-party cookies enable third-party features or functionality to be provided on or through the Sites (for example, advertising, interactive content, and analytics). The parties that provide these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

    In addition to the party which sets the cookie, the duration of the cookie’s retention in your browser can help define its purpose. Session cookies are cookies which are stored on your device for the duration of the browser session. When you close your browser, the session cookies are cleared. Persistent cookies are stored either until you manually delete them or until your browser deletes them based on the duration set within the persistent cookie file.

    Why we use Cookies.

    We use both ViaSana Cookies and third-party cookies for several reasons which can be delineated into broad categories as follows:

    • Essential: Those cookies that are strictly necessary to provide you with services available through the Sites and to use its features, such as access to secure areas. Refusal of these cookies may impact functionality.
    • Performance/Functionality: Those cookies that are used to enhance performance or functionality of the Sites but are non-essential to their use. Without these cookies, however, certain functionality may become unavailable.
    • Analytics/Customization: Those cookies that collect information in aggregate form either (1) to help us understand (A) how the Sites are being used or (B) how effective our marketing campaigns are or (2) to help us customize the Sites for you.
    • Advertising: Those cookies that are used to ensure advertising messages are relevant to you, for instance, by preventing the same ad from reappearing continuously, ensuring that ads are properly displayed, or, in some cases, selecting advertisements based on your interests.
    • Social Networking: Those cookies that are used to enable you to share pages and content you find interesting on the Sites through third-party social networking or other websites (including, potentially for advertising purposes related to social networking).

    ViaSana Cookies

    Name

    Type

    Subject

    Purpose

    Retention

    Registrants, Providers, Visitors

    Third-Party Cookies

    Name

    Type

    Subject

    Purpose

    Retention

    Google Analytics

    Analytics

    Registrants, Providers, Visitors

    Google Analytics cookies help us measure and evaluate Sites performance by providing insights into User behavior and actions

    26 months

    Facebook

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    180 days

    LinkedIn

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    90 days

    Twitter

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    Pinterest

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    Google AdWords

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    Google AdSense

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    Bing Ads

    Advertising

    Registrants, Providers, Visitors

    Display targeted, more personal ads

    How to Control the Use of Cookies.

    Electronic devices and software applications on these devices may offer you tools to opt out of or block advertisements on the device or in specific applications. Consult the help documentation and settings specific to your devices and applications to learn more about your options. You have the right to decide whether to accept or reject cookies. You can withdraw your consent at any time for any cookies or other tracking technologies used by us by deleting them from your device. Should you choose to remove or block cookies, some of the Sites’ functionality may become unavailable or unreliable.

    Other Tracking Technologies.

    Other than the cookies listed above, we have also implemented the following tracking technologies within certain parts of the Sites.

    • Page tags and web beacons. These technologies are used for the purposes of tracking users as they navigate the Sites to better understand and measure the overall performance of the Sites and advertising and are processed according to this Privacy Policy. Recipients of messages sent by through the Sites are also tracked using this technology. For example, web beacons track whether a message sent through the Sites was delivered and opened and whether links within the message were clicked.
    • Local and session storage. The Sites uses local and session storage to temporarily store information to improve Users’ experiences while interacting with the Sites.

    Cookies and CCPA.

    Information collected and stored by cookies and other tracking technologies will often meet the CCPA’s definition of personal information. CCPA defines “personal information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonable be linked, directly or indirectly, with a particular California resident or household.” Personal information collected by the cookies and related technologies described may include your location, information about your browsing behavior on the Sites and information you provide via forms or single fields on the Sites. This personal information will be used only in the manners described by this Cookie Notice and Privacy Policy.

    Do not Track.

    Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. Certain state laws require us to indicate whether we honor “Do Not Track” settings in your browser. At this time, we adhere to the standards set out in this Privacy Policy and do not monitor or follow any Do Not Track browser requests.

    Location-Enabled Features.

    Certain location-enabled features of the Sites may be made available through third-party vendors with additional terms and conditions and privacy practices; for example, by Google, Apple, or other third-party providers. Your use of that functionality may be subject to additional privacy (and other) terms and conditions (as updated from time-to-time), including the terms that are accessible through: http://www.google.com/intl/en-US_US/help/terms_maps.html and https://www.apple.com/legal/internet-services/maps/ terms-en.html. You must exercise your own judgment as to the adequacy and app ropriateness of the sharing of this information.

    Information for California Consumers and the California Consumer Privacy Act.

    The California Consumer Privacy Act (“CCPA”) states that organizations that process Personal Data for their own purposes (“businesses”) are differentiated from organizations that process Personal Data on behalf of other organizations (“service providers”). Therefore, we may act as either a business or service provider with respect to your Personal Data, depending on the circumstance in which we receive your information.

    For example, if you create an Account to meet Registrants as prospective clients, we will be a business with respect to Personal Data that you provide as part of your Account. We will also be a business as to Personal Data that we have obtained about the use of our Platform Services, which could relate to Providers or Registrants.

    However, if you register for an event as a Registrant, we will process your Personal Data to help administer communication on behalf of the Provider (for example, sending notices or relaying messages) and to help the Provider target and understand the success of their business needs (for example, providing reports or analytics to gain insights into the effectiveness of various communications or business processes). In these circumstances, we merely provide the tools for Providers and do not decide what Personal Data the Provider may request or collect in the provision of services to a Registrant. Therefore, any questions or concern about how your Personal Data is handled by a Provider and your rights under California law should be directed to the Provider as the business, not to us.

    Your Rights.

    If you are a California resident, you may have certain rights. For example, California law may permit you to request that we:

    • provide you with (1) the categories of PII we have collected or disclosed about you in the last twelve months; (2) the categories of sources of such information; (3) the business or commercial purpose for collecting or selling your PII; and (4) the categories of third parties with whom we shared PII;
    • provide access to and/or a copy of certain information we hold about you; and
    • delete certain information we have about you.

    You also have the right to receive information about the financial incentives that we offer (if any) and the right to not be discriminated against for exercising your rights.

    Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Platform Services to you. If you ask us to delete it, you may no longer be able to access or use the Platform Services.

    Summary of Information We Collect.

    If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the CCPA). We and our service providers may collect the below categories of information for the following business or commercial purposes (as those terms are defined in applicable law):

    • our or our service provider’s operational purposes;
    • auditing your interactions on the Sites (for example, measuring analytics such as frequency of use of ad links);
    • detecting, protecting against, and prosecuting security incidents and fraudulent or illegal activity;
    • bug detection and error reporting;
    • short-term (or transient) use, such as customizing content that we or our service providers display on the Sites (such as contextual ads);
    • providing the Sites (for example, account servicing and maintenance, order processing and fulfillment, customer service, advertising and marketing, analytics, and communication about the Platform Services);
    • improving the Sites and developing new Platform Services (for example, by conducting internal research to develop new products or features);
    • verifying or maintaining the quality or safety of, or upgrading or enhancing the Sites or the Platform Services;
    • other uses that advance our commercial or economic interests, such as third-party advertising and communicating with you about relevant offers from third-party partners; and
    • other uses about which we notify you.

    Categories of Personal Data Sold or Disclosed.

    The CCPA sets forth certain obligations for businesses that “sell” personal information. Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity. However, we do share certain information as set forth in this Privacy Policy and we allow third parties to collect certain information about your activity, for example through cookies, as explained in the section of this Privacy Policy that is applicable to your status as a Provider, Registrant, or Visitor.

    Exercising Your Rights.

    If would like to exercise any of your California Registrant rights, please submit a request to ccpa@viasana.co.

    You will be required to verify your identify before we fulfill your request. To do so, you will need to provide us with certain Account information, such as the full name and email address you used to create your Account and your most recent activity with us. You can also designate an authorized agent to make a request on your behalf. To do so, you must verify your identity directly with us and provide us with written authorization for the agent to act on your behalf.

    California Shine the Light.

    We do not sell or disclose personal information with third parties for their direct marketing purposes.

    Under 18: California Eraser Law Request.

    We do not advertise or market any of the products or services identified in California Business and Professionals Code § 22580(i) to users who we have actual knowledge are under 18 years of age.

    If you use the Sites when you are under the age of 18, you may request that we remove information you published or displayed (hereinafter, “posted”) on public areas of the Sites or transmitted to other users of the Sites or third parties (collectively, “User Contributions”) under certain circumstances. We do not advertise or market any goods and services that are identified as being inappropriate for children under the age of 18.

    California law permits minors under the age of 18 to request the removal of her/his User Contributions, subject to certain exceptions.

    If you are under the age of 18 and living in California, you may contact us by emailing us at CAEraserLaw@viasana.co, using the subject “C alifornia Eraser Law Request”). We may not remove your User Contributions that we are required to retain under any federal or state law, or that have been provided to a third party.

    While we will do our best to remove a minor’s information upon a valid request, we cannot ensure the complete or comprehensive removal of your User Contributions from the Sites or Application, or any information that has been republished, copied, downloaded, or reposted by any third party, and we cannot guarantee that any such information may not be accessible to users of the internet in the future.

    HIPAA Business Associate Privacy Policy.

    We are commited to protect the privacy and confidentiality of PHI that we obtain subject to the terms of a Business Associate Agreement (“BAA”) with our Providers (each of whom are covered entities or business associates of covered entities as those terms are defined by HIPAA). Each Provider must agree to our BAA which is a formal written contract that requires us and the Provider to comply with specific requirements related to PHI.

    Use and Disclosure of PHI.

    We may use PHI for our management, administration, data aggregation and legal obligations (including our obligation to report violations of the law to local, state, and federal authorities) to the extent such use of PHI is permitted or required by the BAA and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, our Providers for purposes of fulfilling our service obligations to them, if such use or disclosure of PHI is permitted or required by the BAA and would not violate the HIPAA Privacy Rule.

    In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BAA with respect to PHI, including the implementation of reasonable and appropriate safeguards.

    Safeguards.

    We use appropriate safeguards to prevent the use or disclosure of PHI, minimally as provided for in our BAA. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Provider. Such safeguards include:

    • maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
    • providing appropriate training for our staff to assure that our staff complies with our security policies;
    • making use of appropriate encryption when transmitting PHI;
    • utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
    • utilizing appropriate authentication and access controls to safeguard PHI;
    • utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
    • maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Provider is available when needed.

    Mitigation of Harm.

    In the event of a use or disclosure of PHI that is in violation of the requirements of the BAA, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation includes, but is not limited to, reporting use or disclosure of PHI not provided for by the BAA and security incidents of which we become aware to the Provider; and documenting such disclosures of PHI and information related to such disclosures as would be required for a Provider to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.

    Access to PHI.

    We will make available to an applicable Provider, as provided in our BAA, information necessary for the Provider to give individuals their rights of access, amendment, and accounting in accordance with HIPAA. Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by us as a business associate on behalf of a Provider to the Provider or the Secretary of the U.S. Department of Health and Human Services, as appropriate, for the purpose of determining compliance with the terms of the BAA and HIPAA regulations.

    Data Security.

    Our Security.

    We take appropriate and reasonable technical and organizational measures designed to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We do not disclose our security practices in an effort to retain the utmost protection of the Sites. If you have any questions about the security of your Personal Data, please contact us using the contact details provided in Section ‎16 (Contact Us).

    Accounts require login credentials (minimally, a username and password) to log in. You must keep your login credentials secure and must never disclose them to any third party. The information in your Account is private, and account passwords are hashed, which means we cannot see your password nor can we resend forgotten passwords. You must use the “Forgot My Password” link on the login page to reset your password.

    Internet Transmission of Data.

    We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us. Unfortunately, however, information transmitted over the internet is not completely secure, though we do our best to protect your Personal Data. However, the safety and security of your Personal Data also depends on you. You are solely responsible to protect your login credentials may not share your password with anyone. ViaSana cannot and does not guarantee the security of your Personal Data transmitted to the Sites and we are not responsible for the circumvention of any privacy settings or security measures contained on the Sites or your operating system. ANY TRANSMISSION OF YOUR PERSONAL DATA OVER THE INTERNET IS DONE AT YOUR OWN RISK.

    Data Retention.

    We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). Though the specific retention period varies depending on the type of data, in generally we determine retention periods based on whether we have a legal or contractual need to retain the data and if the data is necessary to provide the Sites. You have the ability to access and delete data stored in your Account, and you may reasonably expect that we will retain your data until you remove it or until your Account is closed or terminated.

    When we no longer have any legitimate, ongoing business need to process your Personal Data, we will either delete or anonymize it. If this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store it and isolate it from any further processing until deletion is possible.

    We will retain information we process on behalf of our Providers for as long as needed to provide services to our Providers (unless deletion is requested at an earlier time by the Provider) and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. We reserve the right to delete an applicable Provider’s (including that Provider’s Authorized Users’) information at the termination of a Provider’s contract with us (unless such deletion is prohibited by applicable law).

    Consent To Processing Of Personal Data In The United States.

    This Sites are intended for United States residents’ use only and are not directed to residents outside the United States, especially residents of the European Union or signatories of the GDPR. If you access the Sites from outside of the United States and allow us to collect information about you, you acknowledge, agree, affirm (1) your consent to the transfer and processing of your information to servers inside the United States, to be maintained indefinitely; (2) that the protection of such information may be different than required under the laws of their residence or location; (3) that it is your sole responsibility to be aware of and to observe all applicable laws and regulations of your country, territory, or jurisdiction of residence; and (4) that you have determined and satisfied yourself that you are allowed to access the Sites under those laws and regulations before accessing the Sites. IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES, YOU USE OR ACCESS THE PLATFORM SOLELY AT YOUR OWN RISK AND INITIATIVE.

    Contact Us.

    This Privacy Policy does not apply to: (i) information collected by ViaSana offline or through any other means, including any other website operated by ViaSana or any third party (including our affiliates and subsidiaries); or (ii) any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Sites.

    If you have any questions or comments, or if you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message or email us at privacy@viasana.co.

    Runs on Unicorn Platform