July 21, 2021
Celloscope, Inc. and its affiliates (“OneStep”) are deeply committed to protecting the privacy and security of our customers’ data.
Description of Users and Acceptance of Terms
Types of Information We May Collect
Personal Information which you actively provide to us through use of the Services.
This is information you intentionally and/or actively provide to us in the course of your use of the Services, including contact information from Visitors of the Website; this information typically includes your name, email address, and any information you provide in messages or job applications to us; when you register and open an Account and/or update your Account details, such as your e-mail address, birthday, gender, phone number, full address, username and password.
Some of the information we collect may constitute protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended from time to time. To the the extent other state or local privacy and data protection laws apply to your data, we comply with those requirements as well. You may also share information directly to a Provider acting within the scope of their license in the provision of service.
Personal Information which is being collected by us automatically when you use or access the Services.
This is information which we automatically receive upon you access or interact with our Services . This information may include:
- IP address, UDID (Unique Device Identifier) or other persistent user and/or mobile device token (as applicable), advertising ID, device type, operating system, browser type and version, screen resolution, browser and keyboard language, the User’s ‘click-stream’ and activities on the Services, the period of time the User visited the Website and/or and related time stamps.
- Geolocational Information – with your consent, we may, automatically collect geolocational information from your mobile device, your wireless carrier, or certain third-party service providers (“Geolocational Information”). Collection of such Geolocational Information occurs only when the OneStep Application is running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case OneStep will not be able to provide certain features of the OneStep Application to you.
- Gait Information – with your consent we will automatically collect information from sensors on your mobile device, in order to evaluate Your gait and Your walk score and monitor your progress (“Gait Information”). The Gait Information is tracked only while the OneStep Application is running on your mobile device. You may decline to allow us to collect such Gait Information, by turning off your location services on your mobile device, in which case OneStep will not be able to provide certain features of the OneStep Application to you.
Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We use both first- and third-party session cookies and persistent cookies.
- Session Cookies: These make it easier for you to navigate our Website and Services.
- Persistent Cookies: This cookie remains on your hard drive for an extended period of time or until you delete them. To the extent we provide a log-in portal or related feature on our Services, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our Visitors, Users and Providers to personalize the experience on our Platform. You can remove persistent cookies by following directions provided on your web browser. If you do not wish for us to place this cookie on your hard drive, please consult your Internet browser’s documentation for information please. However, if you decide not to accept cookies from us, the Service may not function properly.
For Google Analytics, please visit https://www.google.com/analytics,
For Mixpanel, please visit htts://www.mixpanel.com.
Use of Health Information and Personal Information
The OneStep Service enables Users to access and communicate with their Providers through their use of the Services. These communications may include Health Information and personal information, which may be stored on the Services as a result of your relationship with a Provider. The User is solely responsible for choosing and approving any Providers as and sharing their Health Information and personal information with these Providers.
The Purposes and Legal Basis of the Collection, Processing and Use of Information
Legal Basis for Use
- With your consent: We ask for your agreement to collect and process your information for specific purposes and you have the right to withdraw your consent at any time.
Purpose of Use
We may use the Personal Information that we collect about you for the following purposes:
- To provide operate and improve the Services, Website and/or Application for our Users and to manage our business.
- To send you updates, notices, notifications, and announcement related to the Services as well as newsletters, coupons, commercial offers and additional communications regarding our products and services.
- To verify your eligibility and deliver prizes in connection with promotions and referral programs we may hold from time to time;
- To be able to manage your Account and provide you with customer support services. to enable us to further develop, customize and improve the Service based on Users’ common preferences, uses, attributes and anonymized or de-identified data;
- Aggregated Information. We may use aggregated statistical data and other cumulative information and we perform anonymization on your information so as to render it non-identifiable, and sue such anonymized or other conclusive information that is non-personal, to enable us to provide our Users with a better user experience with more relevant and accurate information, services, third party services, features and functionalities, statistical and research purposes, marketing purposes, etc. and to improve our Website, Application and/or Services. We may share aggregated or anonymized information between Users who are performing similar exercises and/or undergoing similar therapy,
- To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities,
- To complete a transaction through our Services.
- To comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates.
- To engage with the Providers and Related Third Parties in order to to perform certain operations on behalf of OneStep, including service providers and affiliates of our customers. These companies will have access only the Information only as necessary to perform their functions and to the extent permitted by law. We may also share your Information with any of our affiliates.
- Business Transfers. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
Onboarding and Provider Engagement
You acknowledge and affirmatively consent to the fact that OneStep personnel will, as needed, review your particular reports or forms in a HIPAA/HITECH approved de-identified form for any or all of the following reasons:
During the process of your enrollment and onboarding to a Provider in order to determine whether you are able to successfully engage with the Provider, and similarly to transition you to another Provider, which will access only de-identified information and which may be accomplished using a OneStep on-boarding specialist and not a Provider; if applicable, to review your complaint that you may report about your Provider Provider practices; or to address raised quality assurance concern(s) that may apply to an individual Provider, a state-wide compliance issue or a national network issue.
You also consent to OneStep using “Meta Data” and other search terms to scan only HIPAA ‘Safe Harbor” de-identified transcripts to search for trends and patterns that may affect the quality of the Services provided to you; or to assess the practices utilized by the Providers.
Your Consent to OneStep recording your calls to Customer Service to assure quality assurance.
You grant OneStep permission to have your Provider supply non-content based assessments of your progress to OneStep. You understand that OneStep gives the Providers clinical assessment tools that in order to provide information on your fitness and well-being; and that results can be seen by your Provider to discuss with you.
Accessing and Amending Personal Information and Choices
If you enrolled in the Services, and have an Account with OneStep, you may access, review, and make changes to your personal information by following the instructions found on the Website. You may also modify and manage your marketing and non-transactional communications by clicking on the “unsubscribe” button located at the end of any marketing email sent by OneStep. We will use commercially reasonable efforts to timely handle your requests. You cannot opt out of receiving e-mails related to your Account. Please note that we are not responsible for the the information, including, modifying, updating or removing the information held by Provider.
How We Protect the Information
We take commercially reasonable steps to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Website and/or Application may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. You further understand that the electronic nature of the Services means that there is a greater risk to the privacy of your electronic health information relative to receiving in-person care.
Intellectual Property Rights
Portable Electronic Devices
Our Services are available to you on many different portable electronic devices. Our connection to the mobile device is free of charge, but your carrier’s normal rates and fees, such as text messaging fees, may still apply.
Important Notice to Non-U.S. Residents
The Website may contain links to third-party websites (“Third-Party Sites”). We do not endorse or sponsor such Third-Party Sites and we are not responsible for their privacy practices o. Please refer to the privacy policies of those Third-Party Sites for more information.
California Residents and the California Consumer Privacy Act (CCPA) Notice
If you are a California resident you have certain rights. California Users should understand that OneStep does not sell User data to third parties. Almost all User data is kept in encrypted storage, including all User created transcripts. State Law requires OneStep to retain such records for at least seven years. The CCPA does not generally apply to medical information governed by the California Confidentiality of Medical Information Act (CMIA) or protected health information collected by a covered entity or business associate governed by the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
“Shine-the-Light Law”: Once every year, residents of California have the right to request whether OneStep has shared their personal information (non-medical record data only) with other companies for direct marketing purposes during the preceding calendar year. To request a copy of this information, please contact us on the link on the website or at our email address email@example.com. Please allow a reasonable time for a response.
Minors: If you are a California resident and under the age of 18, and a registered User, you have the right to request and obtain removal of content or information you have publicly posted on our site. OneStep does not have Users below the age of 13 and does not allow or enable Users to publicly post information on our Website. However, if you think that you have indeed posted information on the Website and you are between the ages of 13 and 17, please contact us through our Website or via email at firstname.lastname@example.org. Please note that this request does not necessarily mean complete removal of the information/content you may have posted and that there may be circumstances in which the law does not require or even allow removal of data, specifically medical data, even if requested. Please allow reasonable time to respond to this request.
Right to Know: You may request access to your specific personal data collected by us over the past 12 months. You may also request additional details about our information practices, including the categories of your personal data collected by us, the sources of the collection, the categories of personal data we share for business or commercial purpose, and the categories of third parties with whom we share your personal data. You may make these requests by contacting us on at the “contact us” link on the website, or via email email@example.com. Please note the response may take a reasonable amount of time.
Designated Agent: You may designate an agent to make any of the requests on your behalf, such agent must be authorized to and have access to your account in order for us to confirm requests.
Non-Discrimination: OneStep will never discriminate against you, for exercising your rights under the CCPA.