hero-cro

Privacy Policy

Last updated: 07/15/22

Your privacy comes first.  Control over your data, transparency, security, and privacy are the pillars of any product or technology we build. 

We respect your personal information when we enable researchers to collect and manage your health data, and enable you to participate in digital health Research Studies and A.I. training projects in pursuit of clinical research aims.

  1. Introduction

This Privacy Policy describes the types of personal information we collect from the users of the Smart Omix mobile application (the “App”) and the services offered via the App (together with the App, the “Services”).  We also describe how we use the information we collect, with whom we may share it, the choices available to you regarding our use and disclosure of your information, the measures we take to protect the security of your information, and how you can contact us about our privacy practices.

By using our Services, you agree that your information will be handled as described in this Privacy Policy, and you agree that your use of the Services, and any dispute over privacy, is subject to this Privacy Policy and our Terms of Service (which are incorporated by reference into this Privacy Policy), including its applicable limitations on damages and the resolution of disputes. 

  1. Information We Collect About You and From You

The Information We Collect About You.

We collect information about you directly from you, from third parties, and automatically through your use of our Services.

Information We Collect Directly From You. The information we collect from you depends on how you use our Services. To create an account (which is required to use our Services via our App), you must provide your first and last name, email address and select a password for your account.  Account creation also requires you to agree to the Terms of Service and this Privacy Policy.

We also may collect additional information from you that you choose to provide to us to build your Smart Omix profile, including basic health information such as age, gender, sex, photographs, physical activity and health information (including medical conditions, medical vitals such as blood pressure and heart rate, lab results, and prescription drug history).  

In addition, if you choose to participate in one of the digital health Research Studies, (the “Research Studies”) or A.I. trainings offered via our Services, you may be asked to provide additional information relevant to the topic of the Research Studies. 

Finally, we collect any information you provide to us via your communications with us, including in connection with any support features offered via our Services.  

Information We Collect From Other Entities. 

At your direction, we may collect information about you from other sources, such as when you direct us to import data from other entities (for example, when you direct us to import into the Services your lab results from your medical provider or prescription information from your pharmacy).  

In addition, if you choose to participate in one of the Research Studies offered via our Services, our research institute partners (who run such Research Studies) will analyze the information provided (please see below for further information regarding Research Studies) and provide back via the Services the results or insights derived from the data provided as part of the Research Studies.  This information is made available to you via your account.

Information We Collect Automatically.

We automatically collect information about your use of our Services through features such as location information; operating system; screens you view in the App; links you click in the App; your IP address; the length of time you visit the App and/or use our Services; the referring URL, or the webpage that led you to the App; your mobile device ID, name, model, operating system type, name, and version; language information; and primary account information.

To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information.

 

Third-Party Links.

Our Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

 

  1. How We Use Your Information

We use your information to provide our Services to you and to improve our Services.  This includes: 

  • to allow you to use the Services, including to participate in Research Studies offered by our research institution partners.  
  • to tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Services.
  • to communicate with you about your use of the Services.
  • to improve our Services, including to better train our artificial intelligence tools.  For example, if you upload a photo of yourself via the Services, as part of our Services we will estimate your age and ask you to confirm this information.  Each time we do this, we are training our age recognition tool.  
  • to better understand how users access and use our Services, both on an aggregated and individualized basis. For example, we will evaluate which features of our Services are more (or least) used by users.
  • to send you email marketing about our Services, including updates from researchers running studies on the Smart Omix platform.

And we use your information for legal and business-related purposes.  This includes:

  • to comply with legal obligations, as part of our general business operations, and for other business administration purposes.
  • where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Service or this Privacy Policy.

Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your personal information only for as long as we believe it is necessary to fulfill the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations).

  1. How We Share Your Information

We may share your information, including personal information, as follows:

  • Research Institution Partners in Research Studies.  Via our Services, you may elect to participate in one or more Research Studies offered by our research institution partners.  If you elect to participate in such a Research Study, you may choose to share certain information with the research institution partner conducting the Research Studies. Each Research Study requests users to provide different types of information, so the information you may share with the research institution partner varies. We only access this data on behalf of the Research Institution. You will always be informed of what information will be provided before you agree to participate in any such Research Study. If you choose to leave the Research Study prior to its completion, we will not collect any further information from you relevant to the Research Study but the information already collected from you will continue to be available to our research institution partner that is conducting the Research Study. 
  • Service Providers. We may disclose the information we collect from you to service providers, contractors or agents who perform functions on our behalf who are required to destroy all data after performing the task(s) they were asked to perform.

We also disclose information in the following circumstances:

  • Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company.  As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and third party advisors, including attorneys and consultants.
  • In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
  • To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Service or this Privacy Policy, or as evidence in litigation in which we are involved.
  • Aggregate and Not Individually Identifiable Information. We share aggregated information, incapable of being used to identify an individual, relating to usage of the Services. But, we do not sell aggregated data.

Where we qualify as a service provider or “business associate” to a covered entity under the Health Insurance Portability and Accountability Act, we may use or disclose your protected health information (“PHI”) only as permitted by our business associate agreement with the covered entity, including to provide services to the covered entity, to aggregate patient data, for our proper business and management services, or as otherwise required by law. Covered entities that collect your PHI will provide you with a separate privacy policy called a Notice of Privacy Practices that describes how that entity uses and discloses PHI collected from you.  That privacy policy is a separate document from this Privacy Policy and this Privacy Policy is not intended to cover the disclosures required by that separate privacy policy.  

Please be advised that we do not sell or share with third parties other than our service providers, and have not sold or shared with such third parties personal information in the last twelve (12) months.

 

  1. Security of My Personal Information

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

 

  1. What Choices Do I Have Regarding Use of My Personal Information?

Disclosures.  It is always your choice to participate in Research Studies offered via our Services and to share your information in connection with such Research Studies.  If you do not want your information shared with our research institutions in connection with Research Studies offered via our Services, you can simply not participate or not share certain information in connection with the Research Studies. Opting not to share certain information may affect your ability to participate in the Research Studies as designed, but it is always your right.  

Access.  You may modify personal information that you have submitted by logging into your account and updating your profile information. You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please go to our request form, submit a request via email to privacy@sharecare.com or call 1-800-655-4032.

When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. You may designate an authorized agent to request information on your behalf, provided that the authorized agent complies with our verification procedures to ensure your permission has been obtained.

Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law, regulatory requirements, or relationships with data controllers (e.g. Research Institutions) allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous. In the event that we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

 

Deletion.  You can delete individual data elements that you have provided via the Services by logging into your account and deleting that information.  You may request that we delete your account and all related information by going to our request form, submitting a request via email to privacy@sharecare.com or calling 1-800-655-4032.

Your right to have information deleted is not absolute. There are instances where applicable law, regulatory requirements, or relationships with data controllers (e.g. Research Institutions) prevent us from deleting some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous. In the event that we cannot delete any personal information you have requested to have deleted, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

 

Marketing and Account Communications.  We may send periodic promotional emails to you. You may opt-out of promotional emails by following the unsubscribe instructions contained in the email. If you unsubscribe from receiving promotional emails, we may still send you emails about your account or any services you have requested or received from us.

 

  1. Children Under 13; Minors.

Our Services are not designed for children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems. We do not knowingly collect or solicit personal information from minors under the age of 16. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13 or 16, please contact us at participantsupport@smartomix.com.

 

  1. Non-Discrimination

We will not discriminate against you, including but not limited to the following examples, for exercising any of your rights:

  • Denying you goods or services.
  • Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level or quality of goods or services.
  • Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

  1. Contact Us

If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at privacy@sharecare.com.

 

  1. Changes to this Privacy Policy

This Privacy Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our website. If we make any changes to this Privacy Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our website and by contacting you at the email address you have provided to us.