Welcome to Certainly Health, a website available at www.certainlyhealth.com (the “Site”). The Site and related services (collectively, the “Services”) are owned and operated by Certainly Health Inc ("Certainly Health", “we”, “us,” or “our”). We have developed this Privacy Policy to inform our users (“user(s),” “you,” or “your”) about how we collect data through our Services, how we use the collected data, and a user’s rights with respect to the collected data.

Certainly Health is hosted and operated in the United States. If you use the Services from outside the United States, please be aware that the information you provide to us is transmitted to, processed, and stored in the United States. Data will be collected, processed, maintained, and used subject to this Privacy Policy and applicable privacy laws in the United States and in the European Economic Area (the “EEA” and citizens thereof referred to herein as “Data Subjects”). These laws may be different from the privacy laws in your country. However, this does not change our commitments to safeguard your privacy, and we will comply with all applicable laws relating to the cross-border transfer of your Personal Data (as that term is described below).

Please read this Privacy Policy carefully. If you do not agree to be bound by this Privacy Policy, then do not access or use the Services. By accessing and/or using the Services, you accept and agree to be bound by this Privacy Policy and our Terms of Use, which are hereby incorporated by reference.

If you have any questions about this Privacy Policy, please contact us at support@certainlyhealth.com.

1. Data We Collect
When you use the Site, we collect and process the following types of information:

Information We Collect about You
We collect information about your use of our Services, including but not limited to your Internet connections, computer equipment, web browsers, sites visited before using or accessing our Site, sites visited after leaving our Site, and other similar information about traffic and usage, as you navigate to, through, and away from our Site(s)). This is called “Non-Personal Data” because it does not identify you, but provides insights to us regarding your use of the Services. Non-Personal Data may become linked to you and/or your account only after you submit certain types of Personal Data to us, e.g. logging into your Site account. This does not apply, however, after you have left our Site.

We also use automated data collection tools, such as Cookies and Web Beacons, to collect certain types of Non-Personal Data. By using our Services, you acknowledge that we use these data collection tools and accept the terms of our Cookie Notification. You can set your browser to reject Cookies, but that may limit your use of some convenience features on the Services. For more information on Cookies and how to control Cookies on your web browser, please search the web.

Web Beacons are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of our Services, and to monitor how many visitors view our Services. Unlike Cookies, which are stored on the device, Web Beacons are typically embedded invisibly on web pages or in an e-mail.

Log Data refers to certain information about how a user (including both account holders and non-Account holders) uses our Services. Log Data may include information such as a user’s Internet Protocol address, browser type, operating system, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a user clicked on, and other statistics.

You may be given the option to receive push notifications while using our Services. In order to serve push notifications, we may need to collect your IP address and a persistent identifier from your device. You can turn off push notifications in your device settings.

Information You Provide
When you register to use our Services, place an order, set up an account, respond to communications (e.g., surveys, requests for feedback), contact us via phone, e-mail, or postal mail, and so on, we will collect certain types of the information you provide to us. This may include, but is not limited to your first and last name(s), mailing address, e-mail address, phone number, organization, payment information, geolocation information, and/or your IP address. By using the Services, you may also choose to disclose or provide your communication preferences, your physical location, and your demographic information. This type of data is called “Personal Data” because it can be used to identify you.When you wish to make a payment to Certainly Health for our Services, you may choose how you would like to do so.

You may provide your payment information (i.e. credit card number, cvc number, and billing zip code) through our Site, in which case our payment processing service provider, Stripe, will then process the payment for us. The only payment information that we retain from you is the billing zip code, last four (4) digits of the payment card, and the card’s expiration date. We then save an identifier token from Stripe that we can use to bill the same card on subsequent purchases without requiring you to re-enter your information.

Collectively in this Privacy Policy, Personal Data and Non-Personal Data is referenced as “Data.”

Geolocation Data
When you connect to the Services, we are able to recognize the internet (IP) address of the computer providing you with internet access. Our use of this IP address may be to help diagnose problems with our server or otherwise administer our Services. This IP address may also be used to gather broad demographic information. Your IP address is never associated with you as an individual (unless you have first logged into your account with your personal log-in information) and is never provided to another company or organization besides web services such as Amazon Web Services, Datadog, Sentry, etc that are needed to maintain website operations.

Third-Party Social Networking Service(s)
Additionally, if you choose to access, visit, and/or use any third-party social networking service(s) that may be integrated with our Service, we may receive your Personal Data and other information about you and your computer, mobile, or other device that you have made available to those social networking services, including information about your contacts on those services. For example, some social networking services allow you to push content from our Service to your contacts or to pull information about your contacts so you can connect with them on or through our Service. Some social networking services also will facilitate your registration for our Service or enhance or personalize your experience on our Service. Your decision to use a social networking service in connection with our Service is voluntary. However, you should make sure you are comfortable with the information your third-party social networking services may make available to our Service by visiting those services’ privacy policies and/or modifying your privacy settings directly with those services.

2. Use of Data
For Legitimate Interests. We do not sell or rent Personal Data to any third parties. We use information collected by clickstream data collection, web pixels, and cookies to store your preferences, improve website navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Site, and otherwise help administer and improve the Services.

We may identify you from your Personal Data and merge or co-mingle Personal Data and Non-Personal Data, for any lawful business purpose. Where you provide registration information, cookies can also be used to identify you when you log onto the Services or portions of the Services. Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our Services to you, including, but not limited to:

to respond to your requests and provide user support;
to evaluate and improve the content of our Services;
to customize the Services to your preferences;
to establish accounts to use the Services;
to communicate information and promotional materials to you (where you have not expressed a preference otherwise);
to check on your account status and maintain record of activities in connection with your use of the Site;
to notify you of any changes to relevant agreements or policies;
for research analysis;
to enforce our agreements, terms, conditions, and policies;
to work with our service providers who perform certain business functions or services on our behalf and who are bound by contractual obligations consistent with this Privacy Policy;
to prevent or investigate fraud (or for risk management purposes), or to comply with a legal obligations, court order, or in order to exercise our legal claims or to defend against legal claims;
to comply with a legal obligation, a court order, or in order to exercise our legal claims, or to defend against legal claims;
to conduct aggregate analysis and develop business intelligence that helps us to enhance, operate, protect, make informed decisions and report on the performances of our Services;
to describe our Services to current and prospective business partners and to other third parties for other lawful purposes; and
for other purposes identified to you and as requested by you (please note that you have the right to withdraw your consent to such use at any time by contacting us via the contact information below).
With the Consent of a Data Subject within the EEA; or without consent, if a citizen of any other jurisdiction. If you are a Data Subject within the EEA, and we have obtained your consent, we may also use your information in the following ways; and, if you are a citizen of any other jurisdiction, you acknowledge that we may use your information in the following ways:

to share your information with our corporate parents, subsidiaries, other affiliated entities, and associated entities only for the purposes described in this Privacy Policy (never for the purpose of selling Data);
to send e-mail and postal mail, if you have consented to such use, to provide you with updates and news;
to process any request you make;
to process any commercial transaction, including but not limited to fulfilling an order or subscription request; and
to process your Personal Data as described throughout this Privacy Policy.
Performance of a Contract. If you have agreed to our terms of use, or other terms of service, and you have created an account or initiated a purchase through our Services, we may also use your information:

to establish your account to use the Services;
to validate your username, e-mail, password, and/or other login credentials;
to respond to your requests;
to fulfill your purchase(s);
to send you e-mail and postal mail supplying you with the most recent service information or to send you information about your order (e.g., order confirmations, shipment notifications, etc.);
to notify you of any changes to relevant agreements or policies; and
to process your Non-Personal Data as outlined as described throughout this Privacy Policy.
We may use third party email providers to deliver these communications to you. This is an opt-in e-mail program. If you no longer want to receive these e-mail communications, you may opt-out of receiving e-mail communications.

We may, from time to time, invite you to participate in online surveys, such as a post-purchase feedback survey on your experience with our Services. The information requested in these surveys may include, but is not limited to, your opinions, beliefs, insights, ideas, activities, experience, purchase history, and purchase intent regarding products, events, and Services. We use the information collected by these surveys to research market trends, company growth, community needs, etc. Your input will help us to improve customer experience and shape development of our products and Services.

We may anonymize or aggregate Data that we collect from the use of the Services, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services, market trends, and other analysis that we create based on the information we receive from you and other users. If you provide Personal Data through our Services, we may aggregate that Data with other active Data, unless we specify otherwise at the point of collection.

3. How We Share Data
We do not sell or rent Personal Data to marketers or unaffiliated third parties. We do have relationships with trusted third parties, but we will not share any Personal Data that we have collected from or regarding you except as described below:

Corporate affiliates, including corporate parents, subsidiaries, other affiliated entities, and associated entities for the purposes described in this Policy which are required to treat the information in accordance with this Privacy Policy;
Service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our platform). These third-party services providers have access to your Personal Data only for the purpose of performing services on our behalf. We have entered into contractual relationships with these service providers and require them to comply with all applicable data privacy laws and regulations and to use the Data only for the purposes for which it was disclosed. We require that any third-party service providers limit their use of your Data solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Data and not make unauthorized use or disclosure of the Data;
Authorized third parties, who are parties directly authorized by you to receive the applicable Data. The use of your Data by an authorized third party is subject to that third party’s privacy policy;
Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we will require the recipient to use such information in accordance with this Privacy Policy;
As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence;
Pursuant to your explicit approval prior to the disclosure; and
We may share aggregated, de-identified Data with our partners to let them know how many users viewed and interacted with their materials. This information does not identify any individual or educational institution.

4. Third-Party Service Providers
We use third-party service providers to help us operate our Services, who may collect, store, and/or process the information detailed herein. We allow access to our database by third parties that provide us with services, such as technical maintenance, market research, community and forums management, and personal/job search functionality, but only for the purpose of and to the extent necessary to provide those services.

There are times when you provide information about yourself to us in areas of the Service that may be managed or participated in by third parties. In such cases, the information may be used by us and by such third party(ies), each pursuant to its own policies. We may also provide your information to our advertisers, so that they can serve ads to you that meet your needs or match your interests.

We use commercially reasonable efforts to engage with third parties that post a privacy policy governing their collection, processing, and use of Non-Personal Data and Personal Data. While we may seek to require such third parties to follow appropriate privacy policies and will not authorize them to use this information except for the express purpose for which it is provided, and you agree that we do not bear any responsibility for any actions or policies of third parties.

A Note about Third-Party Tracking and Our Site — We do not serve targeted advertising; however, when you use the Internet, unaffiliated parties such as ad networks, web analytics companies, and social networking platforms may collect information about your online activities over time and across our and other websites. This information may be used to provide advertisements for products and services that may interest you, and those companies may use Cookies, clear GIFs, and other tracking technologies. We do not track your activity across different websites or online services. We do not honor “do not track” signals transmitted by web browsers.

For more information about third-party advertisers and how to prevent them from using your information, visit the NAI’s consumer website at http://www.networkadvertising.org/choices or http://www.aboutads.info/choices. If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser (such as Internet Explorer, Firefox or Safari) that you use on each device

5. Data Security
We take reasonable steps online and offline to safeguard the Personal Data that you provide to us, including Secure Sockets Layer (SSL) encrypted connections (HTTPS) to the web site(s) on our Service(s), secure multi-tiered firewalls, and portions of your data may also be encrypted on our storage server for additional security, secure cloud-based environments and uses server authentication and industry-standard firewalls in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time users log into their accounts or use of secure password credentials to an authorized third-party portal.

Nonetheless, it is common knowledge that transmission of information via the internet is not wholly secure, and we cannot guarantee the security of your Personal Data, or any other information, transmitted to or through any of our Service(s). Any transmission of Personal Data, or other information, is at your own risk. By using our Service(s), you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Service(s). Any transmission of information is at your own risk. By using our Service(s), you acknowledge and accept these risks.

If you have any questions about security on our Services, or if you become aware of any unauthorized use of an account, loss of your account credentials, or suspect a security breach, notify us immediately via email at support@certainlyhealth.com. If our security system is breached, we will notify you of the breach only if and to the extent required under applicable law.

6. Your Choices, Access, and Rights to Your Personal Data
You may change, edit, update, or delete the information that you provided when you set up your account through our Service(s) through your account settings. You may also request the deletion of this information by sending an email to support@certainlyhealth.com. If you reside in certain jurisdictions, such as the EEA or California, you may have additional rights and options with regard to accessing, reviewing, correcting, and updating your Personal Data, as well as how we use and disclose your Personal Data.

As a Data Subject, you have the right to request access to your Personal Data as it exists in our records by emailing us at support@certainlyhealth.com. You also have the right to rectification, correction, or amendment of your Personal Data if it is inaccurate or incomplete. You may also have the right to erasure of your Personal Data; however, this is not always possible due to legal requirements and exceptions may apply. A Data Subject may have the right to object to the processing of his or her Personal Data, for example, due to his or her particular situation, for direct marketing uses, or for scientific or historical research. In certain circumstances, Data Subjects may have the right to obtain a restriction on our processing of their Personal Data, in which case such Personal Data will, with the exception of storage, only be processed with the Data Subject’s consent or in circumstances such as our exercise or defense of legal claims or the protection of another person. Data Subjects may also have the right to request that we provide data portability for their Personal Data via a copy of the data in a commonly-used format and/or transfer their Personal Data directly to another data controller (where technically feasible). Exceptions to these rights may apply, for example, if the processing is necessary for a task carried out in the public interest. Finally, if a Data Subject has given his or her consent to our processing of his or her Personal Data for certain purposes, he or she has the right to withdraw consent to such use at any time by contacting us via our contact information.

7. Data Retention
Unless otherwise described or requested by you, we will retain your Data only for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

At any time, users may request deletion of their accounts by e-mailing support@certainlyhealth.com. When you delete your account, it cannot be recovered.

Please note that we do retain Non-Personal Data, including aggregated, de-identified data for the purposes described in the section titled, “How We Use Data.”

8. Certainly Health as a Data Processor
We may collect, use, and disclose certain Personal Data about you when acting as service provider to an organization that uses or provides our Site or Services. These organizations are responsible for ensuring that your privacy rights are respected, and should include information to help you understand how third parties collect and use your Personal Data. To the extent that we are acting as a data processor, we will process your Personal Data according to the terms of our agreement with the respective organization and its lawful instructions.

9. Data Protection Officer
Our appointed Data Protection Officer is Daryl Sew. If you have an inquiry regarding your Personal Data, pursuant to the rights listed in the preceding section (above), please send your message to support@certainlyhealth.com, and Daryl will respond to you.


10. Links to Third Party Sites
Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. Such links do not constitute an endorsement by us of those other websites, their content or services, or the persons or entities associated with those websites. This Privacy Policy does not apply to third-party websites. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies and terms of all third-party websites or services that you may visit.

11. Children's Privacy
We do not sell products or services for purchase by anyone under the age of thirteen (13). In accordance with the Children’s Online Privacy Protection Act (“COPPA”), we will never knowingly request or solicit Personal Data from anyone under the age of thirteen (13) without verifiable parental consent. In the event that we receive actual knowledge that we have collected such Personal Data without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Service(s).

12. Your California Privacy Rights
California Civil Code Section 1798.100-199, the California Consumer Privacy Act (“CCPA”) permits certain additional responsibilities towards California Residents. Before collection of Personal Data, we will notify California residents as to the categories of Personal Data that will be collected. In the last twelve (12) months, Certainly Health collected the following categories of personal information from its consumers: identifiers; personal information categories listed in the California Customer Records statute (California Civil Code Section 1798.80(e)); protected classification characteristics under California or federal law; commercial information; Internet or other similar network activity; and geolocation data. In the last twelve (12) months, Certainly Health has not sold personal information. Certainly Health has disclosed the following categories of personal information to service providers for a business purpose in the last twelve (12) months: identifiers; personal information categories listed in the California Customer Records statute (California Civil Code Section 1798.80(e)); protected classification characteristics under California or federal law; commercial information; Internet or other similar network activity; and geolocation data. Certainly Health may disclose deidentified patient information, and as part of such disclosure, Certainly Health uses the HIPAA safe harbor method under 45 C.F.R. § 164.514(b)(2) to deidentify such information.

In addition, California residents may request the list of the Personal Data and related information collected by us as denoted in California Civil Code Sections 1798.110(a) and 1798.115. A California resident may also request that we delete any Personal Data about the California resident, so long as the Personal Data is not necessary to our business or service provider functions, as denoted in California Civil Code Section 1798.105(d). California residents will not receive discriminatory treatment by us for the exercise of their privacy rights conferred by the CCPA. In addition, a California resident may designate an authorized agent to make a request under the CCPA on his or her behalf. Any California resident Personal Data requests may be emailed to support@certainlyhealth.com.

California Civil Code Section 1798.83 permits California residents to request and obtain a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made up to twice per year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by e-mailing a request to support@certainlyhealth.com.

13. Changes in the Privacy Policy
We reserve the right to modify and update this Privacy Policy at any time by posting an amended version of the statement on our Site. Please refer to this policy regularly. If at any time we decide to use Personal Data in a manner different from that stated at the time it was collected, we will notify you either on the panel home page of our Site or via e-mail.

14. How to Contact Us
Because protecting your privacy is important to us, you may always submit concerns regarding our Privacy Policy on the contact us page. We will attempt to respond to all reasonable concerns and inquiries expeditiously. If you have any questions or comments about our Privacy Policy, please contact us at support@certainlyhealth.com.

Please be assured that any Personal Data that you provide in communications to us will not be used to send you promotional materials, unless you so request.

LAST UPDATED October 18, 2022