Shasta Health Privacy Notice
Last Updated: July 14, 2023
This Privacy Notice describes how Shasta Health, Inc. and its affiliates (collectively, "Shasta Health," "we," "us," or"our") collects, uses, and shares your personal information on the website located at www.shasta.health (the "Site") and through the virtual physical therapy sessions offered on our Site through our affiliated professional entities ("Virtual Sessions"). To make this Privacy Notice easier to read, the Site, and other online or offline services, including Virtual Sessions, are collectively called the "Services." Unless separately defined in this Privacy Notice, all capitalized terms have the meaning as set forth in our Terms of Service.
An Important Note: This Privacy Notice does not apply to any of the personal information that we process on behalf of our customers through their use of our Services ("Customer Data"). Our customers' respective privacy policies govern their collection and use of Customer Data. Our processing of Customer Data is governed by the contracts that we have in place with our customers, not this Privacy Notice. Any questions or requests relating to Customer Data should be directed to our customers. For clarity, our customers include licensed or otherwise qualified healthcare providers offering Virtual Sessions in affiliation with Shasta Health ("Professionals").
- PERSONAL INFORMATION WE COLLECT
- HOW WE USE YOUR PERSONAL INFORMATION
- HOW WE disclose YOUR PERSONAL INFORMATION
- YOUR PRIVACY CHOICES
- How long we keep PERSONAL INFORMATION
- SUPPLEMENTAL notice for Nevada residents
- Third-Party Websites or Applications
- Changes to this Privacy Notice
- CONTACT US
PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with Shasta Health, the Services, and the requirements of applicable law.
- Personal Information You Provide to Us Directly
We collect personal information that you provide to us.
- Account and Registration Information. We may collect personal information, such as yourname,zip code, email address, and phone number, when you create an account with us or provide us with your information to match you with one of our available Professionals.
- Health Information. We may collect information about your symptoms, injury, details about your medical history, and other health information that you provide to us to receive the Services.
- User Content. We may collect User Content, such as text (in posts or communications with Professionals or others), files, assessments, self-report measures, prescriptions and pharmaceutical information, medical records, documents, graphics, images, music, software, audio and video that you choose to make available via the Services.
- Payment Information. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
Communication Information. We may collect personal information, such as your name and an email address, when you request information about Shasta Health or the Services, request support, provide Feedback, or otherwise communicate with us.
Professionals. If you are a Professional, we may collect personal information, such as your professional contact information, credentials and institutional affiliations information, information about our programs and activities in which you have participated, information about our interactions with you, information about your published papers, your photograph, information about your use of our Services, and information contained in agreements executed with us.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Personal Information Collected Automatically
We may collect personal information automatically when you use the Services.
Usage Information. When you use the Services, we collect certain information automatically, including your Internet protocol (IP) address, user settings, cookie identifiers, mobile carrier, other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and Internet service provider (ISP). We may also collect personal information about your use of the Services, such as the links you click within the Services, the types of content you interact with, the frequency and duration of your activities, and other similar information.
Crash Reports. If you provide crash reports, we may collect personal information related to such crash reports, including detailed diagnostic information about your device and the activities that led to the crash.
Cookies. Cookies are small text files placed on device browsers. Cookies store preferences and enable and enhance your experience.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page. We may also include web beacons in emails to understand if a recipient opened, acted on, or forwarded them.
Our uses of these Technologies fall into the following general categories:
Operationally Necessary. This includes Technologies that allow you access to the Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality.
Performance-Related. We may use Technologies to assess the performance of the Services, including as part of our analytic practices to help us understand how individuals use the Services (see Analytics below).
Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using the Services. This may include identifying you when you sign into the Services or keeping track of your specified preferences, interests, or past items viewed.
Advertising- or Targeting-Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third-party digital properties. Some of the advertising Technologies we use include:
See "Your Privacy Choices" below to understand your choices regarding these Technologies.
Analytics. We may use Technologies and other third-party tools to process analytics information on the Services. These Technologies allow us to better understand how the Services is used and to continually improve and personalize the Services. Some of our analytics providers include:
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for a variety of business purposes, including to provide the Services and for administrative purposes, as described below.
- Provide Our Services
We use your personal information to for purposes of providing you with the Services, such as:
Managing your information and accounts;
Providing access to certain areas, functionalities, and features of the Services;
Answering support requests;
Using your past interaction with the Services to make exercise recommendations;
Communicating with you about your account, activities on the Services, and policy changes; and
Processing your financial information and other payment methods for services purchased.
- Administrative Purposes
We use personal information for various administrative purposes, such as:
Pursuing our legitimate interests such as research and development and network and information security;
Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and taking appropriate actions against malicious actors;
Short-term, transient use, such as contextual customization of ads;
Measuring interest and engagement with the Services;
Creating de-identified and/or aggregated information;
Carrying out analytics;
Improving, upgrading, or enhancing the Services;
Developing new products and services;
Ensuring internal quality control and safety;
- Debugging to identify and repair errors on the Services;
- Auditing relating to interactions, transactions, and other compliance activities;
- Disclosing personal information to third parties as needed to provide the Services;
- Enforcing our agreements and policies; and
Carrying out activities that are required to comply with our legal obligations.
Advertising Our Services
We may use personal information to tailor and provide you with advertisements. We may provide you with these materials as permitted by applicable law. We will not use your health information to provide you with advertisements.
Some of the ways we may market to you include custom audiences advertising and "personalized advertising" or "targeted advertising," including through cross-device tracking.
If you have any questions about our advertising practices, you may contact us at any time as set forth in "Contact Us" below.
- With Your Consent
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
- Creating De-Identified and/or Aggregated Information.
We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about how you use the Services, information about the device from which you access the Services, or other analyses we create. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by or required to comply with applicable laws. De-identified and/or aggregated information is not personal information, and we may use, disclose, and retain such information as permitted by applicable laws including, but not limited to, for research, analysis, analytics, and any other legally permissible purposes.
HOW WE disclose YOUR PERSONAL INFORMATION
We may disclose your personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a corporate transaction, as described below.
- Disclosures to Provide the Services
The categories of third parties to whom we may disclose personal information are described below.
- Professionals and Authorized Users. We may disclose certain personal information, including your name, location, and any video or image content that you have uploaded to the Services, to other authorized users (such as Professionals and/or the Shasta Concierge) to facilitate your interaction within the Services or address your request for the Virtual Sessions.
- Other Users of the Services. The Services may allow you to disclose your personal information and other User Content to or interact with other users of the Services. For example, your profile may be visible to other individuals attending group Virtual Sessions, and you may interact with other individuals through messaging or other similar features. We are not responsible for the processing of your personal information by other users who receive information about you through the Services.
- Emergency Responders. We may disclose your personal information to Emergency Responders if we need to secure any emergency treatment or response that we deem necessary for your immediate care.
- Service Providers. We may disclose your personal information to our third-party Service Providers. By "Service Providers" we mean companies, agents, contractors, vendors, or other third parties engaged to perform functions on our behalf, such as IT support, hosting, payment processing, data storage, customer service, analytics, scheduling, capturing customer feedback, and related services.
Business Partners. We may disclose your personal information to business partners to provide you with a product or service you have requested.
Affiliates. We may disclose your personal information to our corporate affiliates.
Advertising Partners. We may disclose your personal information to third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as "interest-based advertising", "personalized advertising", or "targeted advertising."
Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others' rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation or prosecution of suspected or actual illegal activity.
- Disclosures in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be sold or transferred as part of such a transaction.
YOUR PRIVACY CHOICES
The privacy choices you may have about your personal information are determined by applicable law and are described below.
- Access to Your Personal Information. Through your account settings or by contacting us, you may access, and, in some cases, edit or delete the following information you've provided to us: name, password, email address, phone number and other related user information. The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us as set forth in "Contact Us" below.
- Email Communications. If you receive a marketing email from us, you may opt-out by using the unsubscribe link at the bottom of such email or by contacting us. You will continue to receive service-related and other non-marketing emails related to the Services.
- Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in "Contact Us" below.
Phone Calls. If you receive an unwanted phone call from us, you may opt out of receiving future phone calls from us by following the instructions which may be available on the call or by otherwise contacting us as set forth in "Contact Us" below.
"Do Not Track." Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies and Personalized Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS, and others.
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, and the Digital Advertising Alliance.
Please note you must separately opt out in each browser and on each device.
How long we keep PERSONAL INFORMATION
We keep the personal information we collect for as long as you use the Services, or as necessary to fulfill the purpose(s) for which we collected it. There are also other reasons why we may keep personal information. They may include, but are not limited to, providing the Services, resolving disputes, establishing legal defenses, conducting audits, pursuing legitimate business purposes, enforcing our agreements, and complying with applicable laws.
To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.
SUPPLEMENTAL notice for nevada residents
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth in Contact Us below.
CHILDREN\ The Services are not directed to children under 13 years of age (or other age as required by local law outside of the United States). We do not knowingly collect personal information from children. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Services from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
Third-Party Websites or Applications
The Services may contain links to other websites or applications and other websites or applications may reference or link to the Services. We do not control these third-party services. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Shasta Health's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Changes to this Privacy Notice
We may update this Privacy Notice from time to time in our sole discretion. If we do, we will let you know by posting the updated Privacy Notice on the Services, and we may also send other communications. You understand and agree that you will be deemed to have accepted the updated Privacy Notice if you continue to use the Services after the new Privacy Notice takes effect.
If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact us via email at firstname.lastname@example.org.