Revised: February 2018
At Flexi Digital, we are committed to safeguarding your privacy and ensuring that your personal information is protected and kept confidential.
Control. You are in control of the personal information you provide to us, which includes sharing, use, and retention.
Access. We endeavour to empower you with access to your data so that you may take charge of your health.
Transparency. We are committed to the transparent collection, storage, sharing, and processing of your personal information and providing services to help you explore and understand your health.
Protection. The privacy and protection of your personal information is of the utmost importance to us. We are committed to strengthening security measures and providing you with choices about how we collect, process, and store your personal information.
- what information we collect;
- how we may process that information;
- how we may use that information; and
- choices about accessing and updating information.
Consenting to Use of Personal Information
We do not sell, lease, or rent your individual-level information to any third party, including our customers, without your consent.
Service or Services. Our products, software, Services, and Site as accessed by a user whether or not a user has an account.
Personal Information. Personal Information is information that can identify you, either alone or in combination with other information. This includes Protected Health Information that is identified under HIPAA (Health Insurance Portability and Accountability Act of 1996). Please review the section “Information We Collect from You” for more details.
Anonymised (or De-identified) Information. De-identified or anonymized information does not identify you based on individual pieces of information or combinations of information. Your direct information (e.g., name) and indirect information (e.g., Device ID) are removed, such that you cannot be reasonably re-identified as an individual.
Aggregate Information. Your individual information is combined and compiled with other individuals’ information for the purpose of analysis. The aggregation process involves de-identification of Personal Information such that you and other individuals cannot be reasonably re-identified as specific individuals.
Customers. Customers are business partners of Flexi that may incorporate our Services as a component or feature of the Customer’s products (e.g., a chronic condition management platform that uses data from Flexi to measure your nutrition levels) or may deliver features within our Services (e.g., a pharmacy that provides your prescription history).
Information We Collect from You
We collect Personal Information as part of providing Services to all of our users. Upon your becoming a user of our Services, we will only collect information that you voluntarily authorise for submission. Personal Information may include information you report about yourself and/or information collected from devices or third parties. We vigorously believe in keeping confidential all personally identifiable information that identifies an individual, including your past, present, or future physical or mental health condition.
Account Information. We may collect Personal Information that includes, but is not limited to, identifying data such as name, email address, password, and address information. If our Services are provided by your employer or your employer’s service provider, your Personal Information may be forwarded to set up our Services for your use. Depending on the Services used, we may also collect Social Security number, date of birth, current benefit coverage, and other official identifiers, such as a driver license number.
Health Information. We may collect information such as personal activities, health and wellness data, medications, tests, medical records, and health issues submitted through the Services.
Sensitive Information. Certain information you provide is considered Sensitive Information and may include genetic information, HIV testing or status, mental health, race, ethnicity, and sexual orientation. This information may be recorded in information shared with us by a third party such as a doctor.
Device Information. We may collect device identifiers such as serial number, device type, IP address and browser type, language preferences and location, operating system, date and time of your access, internet service provider or mobile carrier, internet domain and host name, and referral URL.
Profile Information. We collect the information that you voluntarily enter into a user profile. This may include pictures, nicknames, and other personal details. This information is available to third parties that you consent to share your Personal Information through our Services.
Research and Studies Information. Your Personal Information is collected when you voluntarily participate in research and studies through our Services.
Information from Your Use of Services. We collect information related to your use of our Services, such as which health care provider you search for, which menus you use, pages you view, or search results you click on. You may interact with our support team during the use of our Services, in which case, we would collect information about your communications.
How We Use Your Information
We use your Personal Information to provide Services to you. Examples of how we use your information include:
- Authenticating your identity and access to the Services;
- Restricting access to your Personal Information;
- Collecting Personal Information entered by you, imported by you (e.g., from a device) or authorised by you (e.g., blood test results from a lab);
- Transmitting information to a third party that you authorize to receive your Personal Information through our Services;
- Creating an export of your Personal Information based on your authorisation;
- Sending you account notifications and updates about your Services;
- Building new Services and improving existing Services;
- Conducting scientific and statistical research and studies;
- Studying Aggregated Information on population health, wellness, chronic, or physical conditions to better understand trends and metrics that may improve Services;
- Troubleshooting our Services or enforcing Terms of Service use; or
- Detecting and protecting against error, fraud, malicious activity, or other suspicious or criminal activity.
Non-Personal Data Use
We may also use non-Personal Information to analyze data into useful information. This process of data analysis is done using Aggregate Information, is non-personal, and allows us to find correlations and patterns in the data.
Connecting Your Personal Information to our Services
We maintain your Personal Information, and in particular protected health information, in compliance with applicable healthcare privacy and security rules and our contractual obligations with our Customers. Currently, we act as a conduit between (a) entities that collect and store health data (b) organisational Customers that use our Services to collect data from consumers, and (c) consumers such as you.
If you visit the Site, whether or not you become a user of our Services, be advised that we will maintain weblogs to record data about all visitors and customers who use this Site and interact with the Services, and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and, if you are a user of our Services, information about the type of any personal tracker or other device or service you connect to the Services and information about the data uploaded from any such device or service.
All web logs are stored securely and have restricted access by a very limited number of employees that have to adhere to strict guidelines regarding user data security and privacy.
How We Keep Your Data Safe
As the shepherds of your health data, the protection of that data is of the utmost importance to us. We use all reasonable technical, physical, and administrative controls to protect your Personal Information from unauthorized access or disclosure and to ensure the appropriate use of information. We store your data in the United Kingdom and the United States. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and data encryption. Our Site and Services use Secure Socket Layer (SSL) technology to encrypt all connections to and from our Site and Services to enhance the security of electronic data transmissions. However, no data transmission or storage system is guaranteed to be 100% secure. If you have questions about security or possible reason to believe that your interaction with our Site or Services is no longer secure (e.g., you feel that your account’s security may be compromised), please contact us immediately at firstname.lastname@example.org.
Your Access and Choices
You are the owner of your health data. We help you move your data throughout the healthcare ecosystem, but you have the ultimate control over who has access to which information.
You can review your Personal Information that is stored and available within our Services at any time. You also have choices concerning the Personal Information you authorize to be stored within our Services and the export of your Personal Information. Please review the following options you have to control the management, use, change, and deletion of your Personal Information that is stored within our Services.
Your Personal Information with our Services
You authorise the Personal Information that is collected, processed and used within our Services.
Deleting or De-authorising Your Data
You may request to delete any Personal Information and to de-authorise the collection of Personal Information in the future by sending us an email at email@example.com. Any such deletion or de-authorisation will have no effect on sharing of Personal Information before we receive and are able to act upon such a request.
During the use of our Services, you may authorize us to send your Personal Information to Customers or third parties who are providing you value. You will have full transparency regarding who within the ecosystem you previously sent your Personal Information. To delete a copy of your records from these entities, you will need to follow their policies and procedures for data deletion.
Exporting a Copy of Your Data
You can export a copy of your Personal Information that is stored within our Services. If you have questions about exporting Personal Information from our Services, please contact firstname.lastname@example.org
Changes to Your Personal Information
We work with thousands of medical and wellness providers to enable you to obtain and hold copies of your Personal Information. We may also provide tools for you to manually enter health data or collect data from devices. While we strive to collect complete and accurate information from the sources provided to us, we do not have control over the accuracy, completeness, or quality of information entered or sent to us. For example, you may identify incorrect, incomplete, or outdated information from a third-party provider. If you have questions or find issues with your Personal Information, it is your responsibility to identify issues and ensure corrections are made to the original source of information.
- For manually entered information, you are responsible for reviewing information and making corrections.
- For a device, you should contact the device’s manufacturer.
- For a care provider, you should contact the provider who controls your original information.
Information You Share with Others
You can share information through our Services by (i) exporting a copy of your Personal Information, (ii) sending your Personal Information to providers and (iii) other features that may be offered through our Services. Within our Services, sharing Personal Information with third parties such as a doctor requires your consent. You provide consent to sharing through the settings in our application. You may also participate in research or clinical studies by providing express consent.
Your Responsibility to Protect Your Personal Information
You are responsible for your handling, sharing, re-sharing and/or distribution of your Personal Information. We will have no responsibility or liability for any consequences that may result from your disclosure of your Personal Information. Moreover, if you forward Personal Information electronically to another person on or off the Site or Services, we are not responsible for any harm or other consequences from third party use or re-sharing of your information. We recommend sharing personal information only with individuals and other third parties that you know and trust.
In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal accounts and log-in username and password information. If you use a public computer, such as the library or a university, or a shared device, always remember to log out of the Site or Services.
If you use our Site or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand with the company’s privacy and security policy with respect to Internet use.
We cannot guarantee the identity of any other non-employee person with whom you may interact in the course of using the Site or Services, or the authenticity of any information that others may provide.
Third Party Sites and Trusted Relationships
Our Site contains links to other sites. We do not share your personally identifiable information with those sites except as authorized under the End User Terms of Service and are not responsible for their privacy policies and procedures. We encourage you to learn their particular privacy policies but we seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards.
We disclose personally identifiable information about you as required or permitted by law, including complying with the legal process. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, subpoena, or government request. We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise in violation of our Terms of Service, even without a subpoena, warrant or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our Services or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, or licensors. We also reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
You may close your account by sending a request to email@example.com. We will close your account and delete the personal information within your account within thirty (30) days of our receipt of your request. Please note that deletion of personal information within our Services does not include any information that you previously provided to a third party through our Services or research that you consented to participate in. You must contact third parties separately regarding controls and choices for the personal information that you shared. We cannot remove personal information from ongoing or completed studies that use this information.
As stated in our Terms of Service, we may retain your personal information in backup copies as required by law or contractual obligations with third parties. We may also retain de-identified personal information, and limited account registration information needed for accounting, audit, and compliance purposes.
Other Important Information
Identifiable information about you is held no longer than necessary for our business purposes or to meet legal requirements.
We do not knowingly allow individual Customers under the age of 13 to create accounts that allow access to our secure Site, without them obtaining the prior consent of a parent or guardian.