Effective Date: February 21, 2024
NOTICE TO EUROPEAN USERS: Please see the Notice to European Users section for additional information for individuals located in the European Economic Area or United Kingdom (which we refer to as “Europe”, and “European” should be understood accordingly) below.
Third-Party Advertising on Our Site
We do not allow third parties to advertise to Users on our Site.
How to Contact Us
Personal Information and Privacy
When you use our Service, you may be creating and maintaining a personal, private area of the application (“Individual Team”) on behalf of yourself and/or one or more persons within your care team (“Care Team”), or visiting and posting to an Individual Team created by someone else within your Care Team. By their very nature, these Individual Teams contain personal information about the subject of the Individual Team and other Users on the Care Team. Our goal is to balance our Users’ need to find each other and communicate information and support against our Users’ desire for privacy.
The Individual Team is accessible “By Invitation Only.” Once established, every member of a Care Team, including the creators of Individual Teams and all Users are responsible for maintaining the confidentiality of the Individual Team in accordance with the care recipient’s wishes.
Information You Provide Directly to ianacare
When you use the Site, you may provide certain information directly to us.
- Contact data. When you choose to register a user account, you will be required to provide, among other things, your e-mail address, name, and phone number.
- Profile data, such as the username and password that you may set to establish an account on the Services, date of birth, biographical details, profile photograph.
- Care status. When you create a Care Team, we may collect identifying information about members of the Care Team and the caregiver, including the caregiver’s work status and living situation. We also collect information about how the supporter can help the care recipient.
- Communications data based on our exchanges with you, including when you contact us through the Service.
- Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- Medical history. Where you use our caregiver navigator services and you are a care recipient, we may collect information regarding your past and present medical history (i.e., diagnosis, medical events, medications, etc.).
- Financial data. Where you are a care recipient, we may collect financial information in order to determine eligibility for certain programs and benefits.
- Insurance data. Where you are a care recipient, we may collect information regarding your insurance coverage and benefits.
Certain Information in the Services is Visible to Other Users
- Care actions, including information regarding the care recipient’s needs, actions taken and updates may be shared among and be available to Care Team members, but is not publicly visible to other Users outside of the Care Team.
Information that is Automatically Collected
We and third parties may use automated means to collect information about you, your computer or other device that you used to access the Site, and your use of the Site, such as:
- Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
Information We Collect from Third Parties
Our Use of Information
To Provide You with the Site and Services
Ianacare, and any third party vendors acting on ianacare’s behalf, may use and store your Information to perform activities associated with providing you with the Site and related services such as: (i) registering you to use the Site and otherwise logging you into the Site, including the authentication of your identity, where applicable, and otherwise enabling your access to the Site; (ii) resolving disputes and/or troubleshooting problems including logging into your account to troubleshoot problems or otherwise help you navigate the Site; (iii) verifying your compliance with your obligations in our Terms of Service or other ianacare policies; (iv) improving the quality of the Site, (v) fulfilling any request you make; (vi) communicating with you; (vii) connecting you with and providing you with information about services, providers of services, resources or programs to which you may have access; (viii) providing you with Site content, including, without limitation, generating recommendations (such as recommended Site activities or services), providing caregiver navigation services, creating action plans for caregivers, helping caregivers anticipate the needs of the care recipient, and processing your preferences and requests; (ix) analyzing, customizing, and personalizing the Site, including through the delivery of tailored content and communications; and (x) otherwise as directed by you or provided for herein. Except where prohibited by law, and only to the extent permitted by ianacare’s agreements with applicable Ianacare Partners, we may also use your Information in connection with any other services we make available to you.
To Communicate with You and Your Friends (including Marketing)
If you choose to tell a friend about our Service or share an Individual Team through our Site, we will ask you for your friend’s name and email address or phone number. We will automatically send your friend a one-time email or text message inviting him or her to visit the Site. We retain this information to identify the User as part of the care team when they sign in. You represent that you will obtain the consent of your friend to allow us to send the email or text message inviting him or her to visit the Site.
Ianacare, Ianacare Partners, and any third-party vendors acting on ianacare’s behalf, may also use your Information to communicate with you (including, without limitation, via email and/or mobile push notifications) about the Site and/or our products and services (and related features and functionality) or those of any Ianacare Partner that is providing services to you. Our communications to you will include, without limitation, contacting you by SMS text message or at the email address(es) that you use to register for our Site to communicate with you regarding the Site and actions that you take in connection with the Site.
To Conduct Research and Development
We may use your Information for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services.
To Create and Use of Combined Data, De-Identified Data, and Aggregated Data
As permitted by law and by ianacare’s agreements with applicable Ianacare Partners, ianacare, and any third-party vendors acting on ianacare’s behalf, may aggregate and/or de-identify your Information and/or combine your Information with other information maintained or available to ianacare and use or disclose such information as follows:
We may use aggregated or combined data to communicate with you about the Site and/or our products and services and disclose such aggregated or combined data to Ianacare Partners in connection with providing the Site.
We may also use and disclose de-identified data, de-identified aggregated data, and/or de-identified combined data for any business purpose, which may include, without limitation, improving our products and services, conducting analytics such as evaluating our Site and developing additional benefits, programs, and services, and disclosing to Ianacare Partners for analytics purposes.
For Compliance and Protection
We may use your Information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); audit our internal processes for compliance with legal and contractual requirements or our internal policies; enforce the terms and conditions that govern the Service; and prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Disclosure of Information
We may share your Information in the following circumstances:
· Disclosures to Service Providers and Ianacare Partners
To Perform Services on Our Behalf: We may hire vendor companies to provide limited services on our behalf, such as payment processing, sending postal and electronic mail, providing technical support, and to assist us in providing the products and services that you request from us. We only provide those service providers with the information necessary to perform the requested service.
· Additional Disclosures with Your Consent
· Safety, Security and Compliance with Law
Your Information and the contents of your communications through the Site may be disclosed to third parties as required by law, such as to comply with a subpoena or similar legal process, or when we reasonably believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, report improper or unlawful activity, or respond to a government request.
· Subsidiaries and Affiliated Companies
· Sale, Merger or Similar Transaction
Your Choices Regarding Our Communications with You
We Do Not Control the Privacy Policies of Third Parties
Data Security and Integrity
The security of your Information is important to us. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We also maintain procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current.
Managing and Updating Information
To access, review, update and/or delete certain Information, you may contact us at firstname.lastname@example.org, and you may update and/or delete certain Information by logging into the Site and updating your account. We will respond to your request within a reasonable and lawful timeframe under the circumstances of your request. Please remember, however, if we have already disclosed some of this Information to third parties, we cannot access that Information any longer and cannot force the deletion or modification of any such Information by the parties to whom we have made those disclosures. Additionally, if you modify certain Information on our Site that we received from a third party, we reserve the right, but are not obligated, to share the updated information back to that third party. As a result, you will need to provide updated information to those third parties if you want to be sure they have your updates.
Certain Information is necessary in order for us to provide the Site and our related Services; therefore, if you delete such necessary Information you will not be able to use the Site or receive our Services. If you wish to have your account deactivated, you may contact us at email@example.com. After we receive your request, within a reasonable timeframe under the circumstances of your request, we will deactivate your account; provided, however, that: 1) ianacare (and our third-party vendors acting on our behalf), our Ianacare Partners, and any other applicable third parties may continue to use and share for any purpose de-identified data and aggregated or combined data developed using your Information that has been de-identified and 2) ianacare may continue to use Information in your deactivated account for compliance with applicable regulations. Also, please note that even though you may deactivate your account or request the deletion of your Information, we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to retain this information, in which case we will comply with your deletion request only after we have fulfilled such requirements. We may also keep a copy of your Information to protect our legal rights, such as in connection with your use of the Site or your agreement to our Terms of Service, as permitted or required by applicable law.
For more information about rights in relation to European users, please see the Notice to European Users below.
California Do-Not-Track Disclosure Requirements (for California Users)
We are committed to providing you with meaningful choices about the information collected on our Site for third-party purposes. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations, and solutions.
Your California Privacy Rights (for California Users)
California law permits customers of ianacare who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please write us:
716 Beacon St., #590713
Newton Center, MA 02459
We will provide a list of the categories of Information, if any, disclosed to third parties during the immediately preceding calendar year for third-party direct marketing purposes, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or postal address specified above. You should put “California Privacy Rights” in the subject line and in your request. You must provide us with specific information regarding yourself so that we can accurately respond to the request.
Children; Special California Notice
The Site and Services are not directed to children under the age of 18, and children under the age of 18 years of age are not eligible to use them. Protecting the privacy of children is very important to us. Through the Site and Services, we do not collect Information from people we actually know are under 18 years of age, and no part of the Site or Services is designed to attract people under 18 years of age. If we later learn that an individual has provided us with their information through the Site or Services and they are under 18 years of age, we will take steps to remove that User’s Information from our databases and to prevent the User from utilizing the Site or Services.
If you are a California resident under the age of 18 and are a registered User of our Site, you may request that we remove from our Site any content you post to our Site that can be accessed by any other User (whether registered or not). Please note that any content that is removed from our Site may still remain on our servers and in our systems. To request removal of content under this provision, please send an email to firstname.lastname@example.org and provide us with a description of the content and the location of the content on our Site, and any other information we may require in order to consider your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information posted on the Site by you.
Uses and Disclosures as Required or Permitted by Law, Including Research, Health Care Operations, and Public Health
To the extent not prohibited by law or precluded by Ianacare’s agreements with the applicable Ianacare Partner, Ianacare, and any third party vendors acting on Ianacare’s behalf, may use and disclose your Information: (a) as required or permitted by law, including, where applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which may include disclosures to the applicable Ianacare Partner; (b) for Research purposes; (c) for purposes of Health Care Operations of the applicable Ianacare Partner; and (d) for Public Health, as each is defined and in accordance with HIPAA.
Retention of Personal Data
Notice to European Users
Our GDPR Representatives. We have appointed the following representatives in Europe as required by the GDPR – you can also contact them directly should you wish:
Our Representative in the EU. Our EU representative appointed under the EU GDPR is [insert]. You can contact them:
- By email to: [insert].
- By postal mail to: [insert]
Our Representative in the UK. Our UK representative appointed under the UK GDPR is [insert]. You can contact them:
- By email to: [insert].
- By postal mail to: [insert]
Our legal bases for processing
In respect of each of the purposes for which we use your Information, the GDPR requires us to ensure that we have a “legal basis” for that use.
- Where we need to perform a contract, we are about to enter into or have entered into with you (“Contractual Necessity”).
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Information for is set out in the table below.
- Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
- Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).
We have set out below, in a table format, the legal bases we rely on in respect of the relevant purposes for which we use your Information – for more information on these purposes and the data types involved, see the ‘Our use of Information’ section above.
Categories of Information involved
To provide you with the Site and Services
- Contact data
- Profile data
- Care status
- Communications data
- Financial data
- Insurance data
- Care actions
- Device data
- Contractual Necessity
- Where Contractual Necessity does not apply, Legitimate Interests
We have a legitimate interest in processing the Information in order to provide the Services to our users
To communicate with you and your friends (including marketing)
- Contact data
- Communications data
- Marketing data
- Contractual Necessity
- Consent, in circumstances or in jurisdictions where consent is required under applicable data protection laws to the sending of any given communications
To conduct research and development
- Profile data
- Care status
- Communications data
- Care actions
- Device data
- Online activity data
We have a legitimate interest in learning about how our users use our Site and Services in order to improve our Site and Services
To create and use combined data, de-identified data and aggregated data
Any and all data type(s) relevant in the circumstances
We have a legitimate interest in applying privacy enhancing techniques to learn more about how our users user our Site and Services whilst making efforts to maintain their privacy
For compliance and protection
Any and all data type(s) relevant in the circumstances
Special categories of personal data
You may choose to provide us with certain health-related data. We will only collect such health-related data where you have provided us with your explicit consent to its use for the specific purpose of providing you with certain aspects of the Services, including recording medical events and medication schedules. If you do not want us to process your health-related data, please do not provide it to us.
We retain Information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for Compliance and protection purposes.
To determine the appropriate retention period for Information, we consider the amount, nature, and sensitivity of the Information, the potential risk of harm from unauthorized use or disclosure of your Information, the purposes for which we process your Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Third Party Cookie Inventory
Ianacare provides the list below of third parties that set cookies on our websites. These third parties include service providers acting on our behalf.
The GDPR gives you certain rights regarding your Information. If you are located in Europe, you may ask us to take the following actions in relation to your Information that we hold:
- Access. Provide you with information about our processing of your Information and give you access to your Information.
- Correct. Update or correct inaccuracies in your Information.
- Delete. Delete your Information where there is no good reason for us continuing to process it – you also have the right to ask us to delete or remove your Information where you have exercised your right to object to processing (see below).
- Transfer. Transfer a machine-readable copy of your Information to you or a third party of your choice.
- Restrict. Restrict the processing of your Information, for example if you want us to establish its accuracy or the reason for processing it.
- Object. Object to our processing of your Information where we are relying on Legitimate Interests – you also have the right to object where we are processing your Information for direct marketing purposes.
- Withdraw Consent. When we use your Information based on your consent, you have the right to withdraw that consent at any time.
You may submit these requests by email to email@example.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your Information), if we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions.
In addition to your rights outlined above, if you are not satisfied with our response to a request you make, or how we process your Information, you can make a complaint to the data protection regulator in your habitual place of residence.
Data Processing outside Europe
We are a U.S.-based company and many of our service providers, advisers, partners or other recipients of data are also based in the U.S. This means that, if you use the Service, your Information will necessarily be accessed and processed in the U.S. It may also be provided to recipients in other countries outside Europe.
It is important to note that that the US is not the subject of an ‘adequacy decision’ under the GDPR – basically, this means that the U.S. legal regime is not considered by relevant European bodies to provide an adequate level of protection for Information, which is equivalent to that provided by relevant European laws.
Where we share your Information with third parties who are based outside Europe, we try to ensure a similar degree of protection is afforded to it by making sure one of the following mechanisms is implemented:
- Transfers to territories with an adequacy decision. We may transfer your Information to countries or territories whose laws have been deemed to provide an adequate level of protection for personal information by the European Commission or UK Government (as and where applicable) (from time to time).
- Transfers to territories without an adequacy decision.
- We may transfer your Information to countries or territories whose laws have not been deemed to provide such an adequate level of protection.
- However, in these cases:
- we may use specific appropriate safeguards, which are designed to give personal information effectively the same protection it has in Europe – for example, standard-form contracts approved by relevant authorise for this purpose; or
- in limited circumstances, we may rely on an exception, or ‘derogation’, which permits us to transfer your Information to such country despite the absence of an ‘adequacy decision’ or ‘appropriate safeguards’ – for example, reliance on your explicit consent to that transfer.
You may contact us if you want further information on the specific mechanism used by us when transferring your Information out of Europe.