Website Privacy Policy
Cala Health Inc. (“Company”) is committed to protecting your privacy. We have prepared this Privacy Policy to describe to you our practices regarding the Personal Data (as defined below) we collect from users of our website, located at calahealth.com and all related websites, including the patient portal located at mycala.com (the “Patient Portal”, and collectively, the “Site”). This Privacy policy is incorporated into and is subject to the Cala Health Terms of Use found at calahealth.com. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Use.
For Cala TrioTM and Cala kIQTM device users: This Privacy Policy applies to your use of this Site. If you are a therapy user of a Cala Trio or Cala kIQ device, please also refer to our Notice of Privacy Practices located at https://calahealth.com/terms/notice-of-privacy-practices-hipaa.
Questions; Contacting Company; Reporting Violations. If you have any questions or concerns or complaints about our Privacy Policy or our data collection or processing practices, or if you want to report any security violations to us, please contact us at the following address or phone number:
Cala Health Inc.
Attn: Privacy Officer
1800 Gateway Blvd, Suite 300
San Mateo, CA 94404
PrivacyOfficer@CalaHealth.com
(888) 699-1009
1. User Consent. We only have access to and collect information that you voluntarily give us via email, or other direct contact from you by using our Site. By submitting Personal Data through the Site, you agree to the terms of this Privacy Policy, and you expressly consent to the collection, use and disclosure of your Personal Data in accordance with this Privacy Policy.
2. A Note About Children. We do not intentionally gather Personal Data from visitors who are under the age of 13. If a child under 13 submits Personal Data to Company and we learn that the Personal Data is the information of a child under 13, we will attempt to delete the information as soon as possible. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us using the contact details provided above. We will delete such information from our files as soon as reasonably possible.
3. A Note to Users Outside of the United States. If you are a non-U.S. user of the Site, by visiting the Site and providing us with data, you acknowledge and agree that your Personal Data may be processed for the purposes identified in the Privacy Policy. In addition, your Personal Data may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of Personal Data may be less stringent than the laws in your country. By providing your data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
4. Types of Data We Collect. As used in this Privacy Policy, “Personal Data” includes any information which, either alone or in combination with other information we hold about you, identifies you as an individual, including, for example, your name, postal address, email address and telephone number. When we use the term “Anonymous Data,” we are referring to data and information that does not permit you to be identified or identifiable, either alone or when combined with any other information available to a third party. Anonymous Data might include analytics information and information collected by us using cookies (“Cookies”). We collect Personal Data and Anonymous Data, as described below.
4.1 Information You Provide to Us.
- We may collect Personal Data from you, such as your first and last name, email, and zip code when you submit such information via our online forms or register for webinars.
- We may collect Personal Data from you, such as your first and last name, email and mailing address, and password when you create an account to log in to the Patient Portal (“Account”).
- Certain portions of the Site may let you store preferences like how your content is displayed. We may associate these choices with your ID, browser, or the mobile device, and you can edit these preferences at any time.
- If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, to send you a reply.
- When you participate in one of our surveys, we may collect additional profile information.
- We also collect other types of Personal Data that you provide to us voluntarily if you contact us via email regarding support for the Site.
- We may also collect other forms of Personal Data, such as at other points on the Site that state that Personal Data is being collected
4.2 Information Collected via Technology.
- Information Collected by Our Servers. To make the Site more useful to you, our servers (which may be hosted by a third-party service provider) collect information from you, including your browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit.
- Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyze trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base, and better tailor the Site to our users’ needs. Except as noted in this Privacy Policy, we do not link this automatically-collected data to Personal Data.
- How We Respond to Do Not Track Signals: we do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on the Site. You can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable do not track settings (“DNT”) by visiting the preferences or settings page of your web browser. However, there is no accepted standard for how a website should respond to this signal, and we do not take any action in response to this signal.
4.3 Automatic Decision-Making and Profiling. We do not use your Personal Data for the purposes of automated decision-making. However, we may do so to fulfil obligations imposed by law, in which case we will inform you of any such processing and provide you with an opportunity to object.
4.4 Information Collected via Your Connected Device. This Privacy Policy governs your use of the Site. If you are a therapy user of a Cala Trio or Cala kIQ device, please also refer to our Notice of Privacy Practices.
5. Cookies and Other Technologies
We may collect information using Cookies. Cookies are small data files stored on the hard drive of your computer or mobile device by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on the Site. We use two broad categories of Cookies: (1) first party Cookies, served directly by us to your computer or mobile device, which are used only by us to recognize your computer or mobile device when you revisit the Site; and (2) third party Cookies, which are served by service providers on the Site, and can be used by such service providers to recognize your computer or mobile device when it visits other websites. The Site use the following types of Cookies for the purposes set out below:
5.1. Essential Cookies
- These Cookies are essential to provide you with services available through the Site and to enable you to use some of its features. For example, they allow you to log in to the Patient Portal and help the content of the pages you request load quickly. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services. We do not use essential Cookies to collect information about you for marketing purposes or to track your Internet activity on other websites.
5.2 Functionality Cookies
- These Cookies allow the Site to remember choices you make when you use the Site, such as remembering your login details and remembering the changes you make to other parts of the Site which you can customize. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit the Site. We do not use functionality Cookies to target you with advertisements on other websites. You can block these Cookies using your browser settings, but this may mean that we cannot offer you certain services and may prevent us from remembering that you have chosen not to receive a certain service.
5.3 Analytics and Performance Cookies
- These Cookies are used to collect information about traffic on the Site and how users use the Site. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to the Site, the websites that referred them to the Site, the pages they visited on the Site, what time of day they visited the Site, whether they have visited the Site before, the amount of time spent using the Site, and other similar information. We use this information to help operate the Site more efficiently, to gather broad demographic information, to monitor the level of activity on the Site, and to inform marketing campaigns.
We use Google Analytics and other third-party analytics services for this purpose. Google Analytics uses its own Cookies. It is only used to improve how the Site works. You can learn more information about Google Analytics Cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies. You can learn more about how Google protects your data here: www.google.com/analytics/learn/privacy.html.
You can prevent the use of Google Analytics relating to your use of the Site by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB.
5.4 Flash Cookies
- When we post videos, third parties may use local shared objects, known as “Flash Cookies,” to store your preferences for volume control or to personalize certain video features. Flash Cookies are different from browser Cookies because of the amount and type of data collected and how the data is stored. Cookie management tools provided by your browser will not remove Flash Cookies. To learn how to manage privacy and storage settings for Flash Cookies, click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
5.5 Pixel Tags
- Pages of the Site and our emails may contain pixel tags (also referred to as web beacons, web bugs, tracking pixels, java tags and clear gifs) that allow us and our service providers to track online movements of Web users, send email messages in a format users can read, and tell us whether emails have been opened to ensure that we are sending only messages that interest our users. They can also be used to collect statistics on the Site and emails (e.g., number of users who have visited a page or opened an email). We do not tie the information gathered by Pixel Tags to our users’ Personal Data.
6. Use of Your Personal Data
6.1 General Use. In general, Personal Data you submit to us is used either to respond to requests that you make or to aid us in serving you better. We use your Personal Data in various ways, including as follows:
- send you information about our company, our clinical trials, and our products if you have filled out an online contact form
- facilitate the creation of and secure your Account on our network.
- identify you as a user in our system;
- provide improved administration of the Site;
- provide the services you request;
- improve the quality of experience when you interact with the Site;
- send you a welcome email to verify ownership of the email address provided when your Account was created;
- send you administrative email notifications, such as security or support and maintenance advisories;
- respond to your inquiries and requests;
- send you useful tips in using our products and provide customer support; and
- send newsletters, surveys, offers, and other promotional materials related to the Site and for other marketing purposes of Company.
6.2 Creation of Anonymous Data. We may create Anonymous Data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data for various purpose, including to analyze request and usage patterns so that we may enhance the content of the Site and improve navigation on the Site. We reserve the right to use Anonymous Data and aggregated and other de-identified information for any purpose and disclose Anonymous Data to third parties in our sole discretion.
7. Disclosure of Your Personal Data. We disclose your Personal Data as described below and as described elsewhere in this Privacy Policy.
7.1 Third Party Service Providers. We may share your Personal Data with third party service providers to provide services to the Company.
7.2 Affiliates. We may share some or all your Personal Data with our parent company, subsidiaries, joint ventures, or other companies under a common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.
7.3 Corporate Restructuring. We may share some or all your Personal Data in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.
7.4 Other Disclosures. Regardless of any choices you make regarding your Personal Data (as described below), Company may disclose Personal Data if it believes in good faith that such disclosure is necessary (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas or warrants served on Company; (c) to protect or defend the rights or property of Company or users of the Site; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use agreement.
8. Your Choices Regarding Your Information. You have several choices regarding use of information on the Site:
8.1 Email Communications. We will periodically send you free newsletters and emails that directly promote the use of our products or services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information above). Despite your indicated email preferences, we may send you service-related communications, including notices of any updates to our Terms of Use agreement or Privacy Policy.
8.2 Cookies If you decide at any time that you no longer wish to accept Cookies from the Site for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit. Consult your browser’s technical information. If you do not accept Cookies, however, you may not be able to use all portions of the Site or all functionality of the Site. If you have any questions about how to disable or modify Cookies, please let us know at the contact information provided above.
8.3 Changing or Deleting Your Personal Data; Retention. You may change any of your Personal Data in your Account by editing your profile within your Account or by sending an email to us at the email address set forth above. Site users may request deletion of your Personal Data by us, and we will use commercially reasonable efforts to honor your request, but please note that we may be required to keep such information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives.
9. Security. We seek to use reasonable organizational, technical, and administrative measures to protect Personal Data within our organization. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the Internet may not always be completely secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised, please immediately notify us of the problem by contacting us using the contact details above).
10. We are committed to resolve any complaints about our collection or use of your Personal Data. If you would like to make a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us at PrivacyOfficer@CalaHealth.com. We will reply to your complaint as soon as we can, and in any event, within 45 days. We hope to resolve any complaint brought to our attention; however, if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority.
11. Changes to This Privacy Policy. This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your Personal Data, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on the Site. Any changes to this Privacy Policy will be effective upon the earlier of 30 calendar days following our dispatch of an e-mail notice to you or 30 calendar days following our posting of notice of the changes on the Site. These changes will be effective immediately for new users of our Service. Please always note that you are responsible for updating your Personal Data to provide us with your most current e-mail address. If the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. If you do not wish to permit changes in our use of your Personal Data, you must notify us prior to the effective date of the changes that you wish to deactivate your Account with us. Continued use of the Site, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
State Specific Notices:
California’s Shine the Light law
Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Information with third parties for the third parties’ direct marketing purposes. If you’d like to request more information under the California Shine the Light law, and if you are a California resident, you can contact us using the contact information provided in this Policy.
California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)
California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted.
To request removal of such data, and if you are a California resident, you can contact us using the contact information provided in this Policy and include the email address associated with your account.
Be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
MKG-1521 Rev B