Last Updated: July 12, 2022
This Policy describes how Nellie Health Group Inc., and its affiliates (“Nellie”) collects, uses, and shares personal information obtained by us, including via our website, platform, mobile applications, and any other products or services (the “Platform”).
Nellie operates in both the USA and Canada. Each of these countries has enacted legislation to protect their citizen’s rights to privacy regarding their Personal Health Information (PHI). Nellie Health is committed to compliance with both the letter and spirit of these rules. This document serves as part of that compliance, informing you of what type of information we collect, for what purpose, and how we protect it.
PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with us or use our Platform and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Platform, information from third-party services and organizations, as described below. In order to provide and enhance our services, Nellie collects a variety of different types of personal information. Our different services prompt for information relevant to the service that has been selected. Information entered into the Platform is also used to ensure and improve service delivery and improve our offerings over time. All personal information is treated as confidential and Nellie Health uses industry technologies to ensure your privacy. Respecting your privacy, we do not sell or rent your data, or otherwise share with any advertisers.
If you register as a potential client through the Platform, we may collect information from you including your name, postal address, location, email address, phone number, username, password, demographic information (such as your gender and date of birth, as well as race, ethnicity, religious affiliations, sexual orientation and/or pronouns if you choose to share such information), information about your mood, mental or physical health, or emotional state, as well as other information you directly give us through the Platform.
Depending on the services and products you use, you may be asked to complete additional forms (e.g., intake form, consent for therapy) which may ask for personal information such as your name, contact information, information about your current or historical health or mental health and treatment, and information about your lifestyle.
In some cases, you may be asked to provide medical records to be placed on the Platform, for which we will obtain a signed authorization from you. Your clinician may capture clinical notes during your sessions, which would be subject to their own HIPAA privacy practices. If you communicate with Nellie, such as by email, phone, Text, chat, or within our app, we will collect personal information from you, such as your name, contact information, and information you provide within your communication to us. You have the option of using the secure Platform for communication. Note that channels outside of the Platform, such as your personal email, Text message, or video chat may be unsecure.
If you register as a Provider on the Platform, we may collect information from you including your name, photo, email address, phone number, postal address, date of birth, social insurance/security number, your bank account information to receive payment, copies of your identification, and information about your education, experience, and practice, including licensure/registration information. We also collect optional demographic information including your race, disability status, and sexual orientation.
Information Automatically Collected. Some information is automatically logged in a manner common to websites and online platforms. This includes items such as IP address, operating system type, screen size, etc. On our external website we collect traffic statistics such as last used website, frequency of visits, time on-site, etc., to allow analysis of our reach marketing effectiveness. This can include the use of services such as Google Analytics. Third party traffic analysis tools (such as Google Analytics) are not used during logged in Platform sessions. The Platform also uses technologies that allow you to access services, applications, and tools that are required to identify irregular online behavior, prevent fraudulent activity, and improve security or that allow you to make use of our functionality.
Cookies. Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our website. Note that advertising technologies are not used once clients login to the Platform, they are only used on our publicly facing website that does not require a login.
With your consent: We may use information about you in other ways or for other purposes, where you have given us consent to do so for a specific purpose not listed above. This includes audio/video-recording of your self-directed and treatment sessions with providers with the purpose of evaluating the quality of services provided. These recordings will be securely and privately stored consistent with the policies below.
Automated Decision Making. We may engage in automated decision making to facilitate your experience on the Platform. Our processing of your personal information will not result in a decision based solely on automated processing. You always have the option to request human support and not participate in the automated decision making. If you have questions about our automated decision making, you may contact us as set forth below.
De-identified and Aggregated Information. We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, location information, information about the device from which you access the Platform, or other data sets we may create. In some cases, we use aggregated, de-identified clinical data to provide our clients and the public with insight into how people are responding to services offered by Providers who use the Platform. If you do not want your data used for these purposes, you may contact us at firstname.lastname@example.org.
HOW INFORMATION IS STORED AND PROCESSED
We are committed to protecting your privacy and data. We have put in place appropriate safeguards and security measures to help prevent your personal information from being lost, used or accessed in an unauthorized way, altered or disclosed. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its security. If you have any questions about the security of the Platform, you can contact us as described below.
We will retain personal information we process pursuant to statutory requirements, for as long as needed to provide services, and to comply with our legal and compliance obligations (including those under HIPAA or PIPEDA, as the case may be for auditing purposes), resolve potential or actual disputes, conduct research and development for Nellie or enforce our agreements.
SHARING OF PERSONAL INFORMATION
As noted above, we will not rent or sell your personal information to others without your consent. We disclose your information to third parties for a variety of business purposes, as described below.
Your Provider. If you are a client seeking treatment or other services from a Provider available through Nellie, your Provider will have access to your personal information in order to provide you with services. Please note that the use and disclosure of your PHI in connection with such services will be governed by this policy.
Service Providers. For example, we may share your personal information with our third-party service providers. The categories of service providers (processors) to whom we entrust personal information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of services.
De-identified and Aggregated Information: We may share de-identified and aggregated information (such as de-identified usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties who help us understand the usage patterns for certain services and those of our partners. To the extent that Nellie uses artificial intelligence or machine learning on the data we collect, Nellie shall only use non-personally identifiable information for these purposes. Non-personally identifiable information may be stored indefinitely.
APIs/SDKs We may use third-party Application Program Interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of the Platform. For more information about our use of APIs and SDKs, please contact us as described below.
Disclosures to Protect Us and Others: We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate: to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; when required by health oversight agencies for legally authorized health oversight activities; to protect your, our or others' rights, property, or safety, including to protect the security or integrity of Nellie and any facilities or equipment used to make Nellie available; to enforce our policies or contracts; to collect amounts owed to us or any Nellie provider; or to assist with an investigation or prosecution of suspected or actual illegal activity or in an emergency.
What Happens in the Event of a Change of Control: We may buy or sell/divest/transfer the Company (including any shares in the Company), or any combination of its products, services, assets and/or businesses. Your information such as names and email addresses, and other information related to Nellie may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign, or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of Nellie.
INTERNATIONAL DATA TRANSFER
By using Nellie, you acknowledge and understand that your information will be stored within the United States and Canada, where privacy rules differ and may be less stringent than those of the country in which you reside.
Nellie may contain links to other websites/applications and other websites/applications may reference or link to Nellie. These third-party services/applications are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
YOUR PRIVACY CHOICES AND RIGHTS
Your Privacy Choices You have a number of choices you can make regarding your personal information, including as follows:
Text Messages. You may opt out of receiving Text messages from us by following the instructions in the Text message/replying “STOP” to a Text message you have received from us or by contacting us as described below.
Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device.
Do Not Track. We currently do not support the Do Not Track browser setting or respond to Do Not Track signals. Do Not Track (or DNT) is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you. For more details about Do Not Track, including how to enable or disable this preference, visit https://termsfeed.com/do-not-track.
Your Privacy Rights. In accordance with applicable law, you may have the right to:
Access Personal Information about you, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or receiving a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or (iv) asking us to send that information to another company (the “right of data portability”);
Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
Request Deletion of your personal information;
Request Restriction of or Object to our processing of your personal information; and
Withdraw your Consent to our processing of your personal information.
You may submit requests about personal information by contacting us through our contact page.