Owl Insights Inc. Privacy Notice
Effective Date: November 14, 2022
Protecting your privacy is important to us. This Privacy Notice is meant to help you understand how we collect, use and share your personal information and to assist you in exercising the privacy rights available to you.
Mental Health Data Services, Inc. (“Owl”, “Owl Health”, “us, “we”, or “our”) operates https://owl.health (the “Site”). This Privacy Notice applies to personal information processed by us in our business, including on the Site and other online or offline offerings (collectively, the “Services”).
Our Customers are Health Care Providers who use the Services to provide behavioral health services to their patients.
This Privacy Notice does not apply to your Protected Health Information (“PHI”), such as information about your past, present, or future physical or mental health, that we receive from your Health Care Providers. PHI is handled differently, and you may have additional rights regarding such information, pursuant to the federal Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), and other applicable laws.
Accordingly, if you are a patient of a Health Care Provider who is our Customer, your PHI (which we call “Customer Data”) is governed by your Health Care Provider’s terms of service and privacy practices. Our processing of Customer Data is governed by the contracts that we have in place with our Customers, not this Privacy Notice. Any questions or requests relating to Customer Data should be directed to your Health Care Provider. We will provide assistance to our Customers to address any concerns you may have, in accordance with the terms of our contracts with them.
This Privacy Notice also does not apply to any third-party websites, services or applications, even if they are accessible through our Services. Also, please note that, unless we define a term differently in this Privacy Notice, all capitalized terms used in this Privacy Notice have the same meanings as in our Terms and Conditions. So, please make sure that you have read, understand and agree to our Terms and Conditions.
This Privacy Notice applies to our operating divisions, subsidiaries, and affiliates, including any additional subsidiary, or affiliate that we may subsequently form.
PERSONAL INFORMATION WE COLLECT
Information You Provide to Us
Account Creation. We may collect information when you create an account, such as your name, email address, username and password. If you are a Healthcare Provider, we may collect additional information when you use Provider Portals, such as your professional contact information, credential and institutional affiliations information, information about our programs and activities in which you have participated, and our interactions with you. We may also collect your photograph and phone number, at your discretion.
Regulatory Information. We are also obligated to collect certain personal information to comply with regulatory requirements. We collect such information only where you have provided your consent to disclose that information to us, as required by law.
Your Communications with Us. We collect personal information from you such as first and last name, email address, phone number, job title, and mailing address, when you request information about our Services, register for our newsletter, apply for a job or otherwise communicate with us. Additionally, when you request customer or technical support, we may collect information about how you use our Services.
Social Media Content. We, and others who use our Services, may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, or social media pages). Any content you provide using the public sharing features of the Services (referred to herein as “User Content”) on these channels will be considered “public,” unless otherwise required by applicable law, and is not subject to privacy protections.
Conferences, Trade Shows, and Other Events. We may attend or host conferences, trade shows, and other events where we may collect personal information from individuals who interact with or express an interest in the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. We may post job openings and opportunities on our Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use this information to assess your qualifications.
Information Collected Automatically or From Others
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, and other unique identifiers, details about your browser, operating system or device, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit before, during and after using the Services, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.
Cookies, Pixel Tags/Web Beacons, and Analytics Information
- Cookies. Cookies are small text files placed in Site visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about users’ engagement on the Site. The use of a pixel allows us to record, for example, that a user has visited the Site.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular website behavior, prevent fraudulent activity, improve security, or allow you to make use of our functionality;
- Performance-Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how individuals use our Services (see Analytics below).
- Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
- Analytics. We may also use Technologies and other service providers to collect information and process analytics regarding visitor behavior and visitor demographics on our Services.
Information Collected from Other Sources
We may obtain information about you from other sources, including through third-party services and organizations.
HOW WE USE YOUR INFORMATION
As permitted by applicable law, we use the personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below:
Fulfill our contract with you and provide you with our Services, such as:
- Managing your information
- Providing access to certain areas, functionalities, and features of our Services
- Sending you alerts and reminders via texts or emails
- Communicating with you about your account or your activities on our Services and changes to our Privacy Notice
- Providing you with newsletters, marketing or promotional materials and other information
- Processing applications if you apply for a job we post on our Services
- Allowing you to register for events
- Providing analytics and marketing services to our Site visitors
Analyze and improve our Services pursuant to our legitimate interest, such as:
- Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity
- Pursuing our legitimate interests, such as direct marketing, researching and developing products, services, marketing or network and information security, and fraud prevention procedures to improve their performance, resilience, reliability or efficiency
- Improving, upgrading or enhancing our Services
- Enforcing our terms and policies
- Sharing non-sensitive personal information with third parties as needed to provide the Services
- Complying with our legal obligations, protecting your vital interest, or as may be required for the public good
Provide you with additional content and Services, such as:
- Tailoring and providing you with content. We may provide you with these materials as permitted by applicable law.
With your Consent. Other purposes you consent to, are clearly notified of, or are disclosed when you provide personal information.
- Important Note: Owl does not use your PHI in its marketing activities. If you have any questions about our marketing practices or if you would like to opt out of the use of your information for marketing purposes, you may contact us at any time as set forth in “Contact Us” below.
Automated Decision Making. We may engage in automated decision making, including profiling, without using your PHI. Our processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth in “Contact Us” below.
Use of De-identified and Aggregated Information. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our Services, or other analyses we create. If we create or receive personal data that has been de-identified or aggregated, we will not attempt to reidentify it, except to comply with applicable law.
Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities that allow you to provide information about your friends through our referral service; third parties may also use these services to upload information about you. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend, neighbor, or co-worker).
Process Information on Behalf of Our Customers (as processors). Our Customers may choose to use our Services to process certain data of their own, which may contain personal information. The data that we process through our Services is processed by us on behalf of our Customer, and our privacy practices will be governed by the contracts that we have in place with our Customers, not this Privacy Notice.
If you have any questions or concerns about how such data is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use the Service to process this data. Our Customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, provide assistance to our Customers to address any concerns you may have, in accordance with the terms of our contracts with them.
Notice Regarding Third Party Websites and Social Media Platforms. Our Services may contain links to other websites, and other websites may reference or link to our website or other Services. These third-party services are not controlled by us, even if they are accessible through our Services. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve and are not responsible for the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
Our Services may include publicly accessible blogs, forums, social media pages, and private messaging features. By using such Services, you assume the risk that the personal information provided by you may be viewed and used by third parties for any number of purposes. In addition, social media buttons (such as Twitter or LinkedIn that might include widgets such as the “share this” button or other interactive mini programs) may be on our site. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These social media features are either hosted by a third party or hosted directly on our site. Your interactions with these features apart from your visit to our site are governed by the privacy notice of the company providing it.
DISCLOSING YOUR INFORMATION TO THIRD PARTIES
We may share your personal information with the following categories of third parties:
Service Providers. We may share any personal information we collect about you with our third- party service providers. The categories of service providers to whom we entrust personal information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of the Services.
Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may provide personal information to business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.
Affiliates. We may share personal information with our affiliated companies.
APIs/SDKs. We may use third-party Application Program Interfaces (“APIs”) and Software Development Kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.
Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your personal information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
YOUR PRIVACY CHOICES AND RIGHTS
You have certain privacy choices about your personal information, as described below, in accordance with the applicable law. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described in this Privacy Notice.
Email and Telephone Communications
If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms and Conditions or this Privacy Notice).
We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.
Text Messages. You may opt out of receiving text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us, as described below.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers because doing so might affect the usability of our platform.
YOUR PRIVACY RIGHTS
Depending upon your location and in accordance with applicable laws, you may have the right to:
- Access personal information about you consistent with legal requirements. In addition, you may have the right to: (i) confirm whether we are processing your personal information; (ii) obtain access to or a copy of your personal information in a structured, commonly used, and machine readable format; and (iii) to receive or have your electronic personal information that you have provided to us, or asking us to it transferred to another party, in a structured, commonly used, and machine readable format (the “right of data portability”)
- Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information
- Request Deletion of your personal information, subject to certain exceptions prescribed by law
- Request restriction of or object to processing of your personal information, where the processing of your personal information is based on our legitimate interest or for direct marketing purposes
- Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal
- Not be Discriminated Against by us for exercising your privacy rights
If you would like to exercise any of these rights, please contact us as set forth below or as otherwise instructed in the additional privacy notices provided at the time we collected your personal information. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
INTERNATIONAL DATA TRANSFERS
You acknowledge that all information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws.
We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well.
We store the personal information we receive as described in this Privacy Notice for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Notice. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an e-mail to you.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children. If you are a parent or guardian and you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
If you are located in the European Economic Area (EEA) or the UK, you have the right to lodge a complaint with an applicable supervisory authority if you believe our processing of your personal information violates applicable law.
The following notices apply to California residents and consumers.
California Shine the Light Law. The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. To make such a request from us, if entitled, please use the contact information listed below.
California Consumer Privacy Act of 2018 (“CCPA”). This Supplemental Notice for California Residents only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). Owl believes it is not subject to the CCPA. However, Owl provides this notice for sake of transparency.
The CCPA provides California residents with the right to know what categories of personal information Owl has collected about them, and whether Owl disclosed that personal information for a business purpose (e.g., to a service provider). In providing our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a consumer or household (“Personal Information”), as defined in the California Consumer Privacy Act (“CCPA”). Personal Information under the CCPA does not include PHI, health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data.
We have collected the following categories of Personal Information from our consumers in our role as a business within the last twelve (12) months (as indicated below):
Internet or other electronic network activity.Browsing history, search history, information on a consumer’s interaction with an internet website, or application.Service providers
|Category of Personal Information Collected by Owl
|Category of Third Parties Information is Disclosed to for a Business Purpose
|name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
|Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|Professional or employment-related information.
|Current or past job history or performance evaluations.
|Personal information categories listed in the categories above, but references in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, physical characteristics or description, address, telephone number, driver’s license or state identification card number, education, employment, employment history, medical information, or health insurance information. Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Note: Some personal information included in this category may overlap with other categories.
Categories of Sources from Which Personal Information is Collected
We obtain the categories of Personal Information listed above from the types and categories of sources described above in this Privacy Notice.
Business or Commercial Purposes for Collecting Personal Information
We may use or disclose the Personal Information we collect for the business purposes describe above in this Privacy Notice.
Sales of Personal Information
For purposes of the CCPA, Owl does not “sell” Personal Information, nor do we have actual knowledge of any “sale” of Personal Information of minors under 16 years of age, in a manner that would be considered a sale under the CCPA.
Additional Privacy Rights for California Residents
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contact Us” below and provide written authorization signed by you and your designated agent.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
If you are a resident of Nevada, you have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that personal information. You can exercise this right by contacting us at as set forth in “Contact Us” below with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update or change our Privacy Notice at any time and you should check this Privacy Notice periodically. Your continued use of the Service after we post any modifications to the Privacy Notice on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Notice.
If we make any material changes to this Privacy Notice, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.
If you have any questions about our privacy practices or this Privacy Notice, or if you wish to submit a request to exercise your rights as detailed in this Privacy Notice, please contact us via email at firstname.lastname@example.org or
Mental Health Data Services, Inc.
2175 NW Raleigh St., Suite 110
Portland OR 97210