July 21, 2021
Celloscope, Inc. and its affiliates (“OneStep”) are deeply committed to protecting the privacy and security of our customers’ data.
Description of Users and Acceptance of Terms
Types of Information We May Collect
Personal Information which you actively provide to us through use of the Services.
This is information you intentionally and/or actively provide to us in the course of your use of the Services, including contact information from Visitors of the Website; this information typically includes your name, email address, and any information you provide in messages or job applications to us; when you register and open an Account and/or update your Account details, such as your e-mail address, birthday, gender, phone number, full address, username and password.
Some of the information we collect may constitute protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended from time to time. To the the extent other state or local privacy and data protection laws apply to your data, we comply with those requirements as well. You may also share information directly to a Provider acting within the scope of their license in the provision of service.
Personal Information which is being collected by us automatically when you use or access the Services.
This is information which we automatically receive upon you access or interact with our Services . This information may include:
Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We use both first- and third-party session cookies and persistent cookies.
For Google Analytics, please visit https://www.google.com/analytics.
For Mixpanel, please visit https://www.mixpanel.com.
Use of Health Information and Personal Information
The OneStep Service enables Users to access and communicate with their Providers through their use of the Services. These communications may include Health Information and personal information, which may be stored on the Services as a result of your relationship with a Provider. The User is solely responsible for choosing and approving any Providers as and sharing their Health Information and personal information with these Providers.
The Purposes and Legal Basis of the Collection, Processing and Use of Information
Legal Basis for Use
Purpose of Use
We may use the Personal Information that we collect about you for the following purposes:
Onboarding and Provider Engagement
You acknowledge and affirmatively consent to the fact that OneStep personnel will, as needed, review your particular reports or forms in a HIPAA/HITECH approved de-identified form for any or all of the following reasons:
During the process of your enrollment and onboarding to a Provider in order to determine whether you are able to successfully engage with the Provider, and similarly to transition you to another Provider, which will access only de-identified information and which may be accomplished using a OneStep on-boarding specialist and not a Provider; if applicable, to review your complaint that you may report about your Provider Provider practices; or to address raised quality assurance concern(s) that may apply to an individual Provider, a state-wide compliance issue or a national network issue.
You also consent to OneStep using “Meta Data” and other search terms to scan only HIPAA ‘Safe Harbor” de-identified transcripts to search for trends and patterns that may affect the quality of the Services provided to you; or to assess the practices utilized by the Providers.
Your Consent to OneStep recording your calls to Customer Service to assure quality assurance.
You grant OneStep permission to have your Provider supply non-content based assessments of your progress to OneStep. You understand that OneStep gives the Providers clinical assessment tools that in order to provide information on your fitness and well-being; and that results can be seen by your Provider to discuss with you.
Accessing and Amending Personal Information and Choices
If you enrolled in the Services, and have an Account with OneStep, you may access, review, and make changes to your personal information by following the instructions found on the Website. You may also modify and manage your marketing and non-transactional communications by clicking on the “unsubscribe” button located at the end of any marketing email sent by OneStep. We will use commercially reasonable efforts to timely handle your requests. You cannot opt out of receiving e-mails related to your Account. Please note that we are not responsible for the the information, including, modifying, updating or removing the information held by Provider.
How We Protect the Information
We take commercially reasonable steps to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website and/or Application may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. You further understand that the electronic nature of the Services means that there is a greater risk to the privacy of your electronic health information relative to receiving in-person care.
Intellectual Property Rights
Portable Electronic Devices
Our Services are available to you on many different portable electronic devices. Our connection to the mobile device is free of charge, but your carrier’s normal rates and fees, such as text messaging fees, may still apply.
Important Notice to Non-U.S. Residents
The Website may contain links to third-party websites (“Third-Party Sites”). We do not endorse or sponsor such Third-Party Sites and we are not responsible for their privacy practices o. Please refer to the privacy policies of those Third-Party Sites for more information.
California Residents and the California Consumer Privacy Act (CCPA) Notice
If you are a California resident you have certain rights. California Users should understand that OneStep does not sell User data to third parties. Almost all User data is kept in encrypted storage, including all User created transcripts. State Law requires OneStep to retain such records for at least seven years. The CCPA does not generally apply to medical information governed by the California Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
“Shine-the-Light Law”: Once every year, residents of California have the right to request whether OneStep has shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. To request a copy of this information, please contact us on the link on the website or at our email address firstname.lastname@example.org. Please allow a reasonable time for a response.
Minors: If you are a California resident and under the age of 18, and a registered User, you have the right to request and obtain removal of content or information you have publicly posted on our site. OneStep does not have Users below the age of 13 and does not allow or enable Users to publicly post information on our Website. However, if you think that you have indeed posted information on the Website and you are between the ages of 13 and 17, please contact us through our Website or via email at email@example.com. Please note that this request does not necessarily mean complete removal of the information/content you may have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested. Please allow reasonable time to respond to this request.
Right to Know: You may request access to your specific personal data collected by us over the past 12 months. You may also request additional details about our information practices, including the categories of your personal data collected by us, the sources of the collection, the categories of personal data we share for business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us on at the “contact us” link on the website, or via email firstname.lastname@example.org. Please note the response may take a reasonable amount of time.
Designated Agent: You may designate an agent to make any of the requests on your behalf, such agent must be authorized to and have access to your account in order for us to confirm requests.
Non-Discrimination: OneStep will never discriminate against you, for exercising your rights under the CCPA.