HAZEL HEALTH, INC. (“we, “us”, “our” or “Company”) operates the www.hazel.co and my.hazel.co websites (“Sites”) and partners with Telehealth USA to provide telemedicine services. This policy applies to our websites as well as to the services and applications we and Telehealth Services USA provide, collectively known as the “Services.” Last reviewed and updated September 3, 2024.
We are committed to ensuring that your personal information shared over our Sites and/or Services is protected and kept confidential. By accepting Company’s Terms of Use or providing information to us via our Site, you consent to the use and disclosure of personally identifiable information as outlined in this Privacy Policy. Please note that the use and disclosure of such information is also subject to the practices of the health care providers with whom you may interact through the Services, as described in the Notice of Privacy Practices which is provided to you by such providers.
Information Collection
Protected Health Information (PHI) is information that includes, but is not limited to, identifying data such as name, social security number, address, contact information, as well as information about personal health issues and insurance submitted through the Services. Personally Identifiable Information (PII) may include all such types of information, except for health- or health-care-specific information. We aim to protect both types of information.
We collect PHI and other PII that you voluntarily submit. We know that privacy is of the utmost importance. We vigorously believe in keeping confidential any and all personally identifiable information that identifies an individual whether or not it relates to an individual’s past, present, or future physical or mental health condition.
As a Business Associate of health care providers that are Covered Entities under the federal health care privacy and security rules (HIPAA and HITECH), we maintain Protected Health Information (PHI) in compliance with these rules when applicable under our contractual obligations with health care providers. We collect information solely for the purposes of providing the Services, marketing and promoting our Services to you and for market research data. We use this information ourselves and we share it as needed with our partners solely for their performance of contracted services for us. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
You have the opportunity to “opt out” of receiving direct marketing or market research information by emailing us at privacy@hazel.co.
We maintain web logs to record data about all visitors who use the Sites and interact with the Services and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and information about the type of device you use to connect to the Services, the Sites pages you visited.
All Web logs are stored securely and are accessible to a very limited number of employees and contractors, who must adhere to strict guidelines regarding user data security and privacy.
“Cookies”
We may collect and process information about your use of the Services, such as the Sites pages you visit and the webSites you came from. Such information is used by us to help improve the contents of the Sites and the Services and to compile aggregate statistics about the use of our Sites and the Services for internal, market research purposes. In doing this, we may install “cookies” that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. A cookie is a small piece of information which is sent to your browser and stored on your computer or other device. Cookies do not damage your device. You can set your browser to notify you when you receive a cookie. This will enable you to decide if you want to accept it or not. If you do not accept cookies, you may not be able to use all functionality of your browser software or this Site. We may obtain the services of outside parties to assist us in collecting and processing information collected through cookies.
Internet Tags
We may also use internet tags (also known as action tags, web beacons, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) and cookies through the Services and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP address) in a foreign country. These tags/cookies may be placed both on online advertisements that bring users to the Services and on different pages of the Site. We use this technology to measure the visitors’ responses to the Sites and the Services and the effectiveness of our advertising campaigns (including how many times a page is opened and which information is consulted) as well as to evaluate your use of the Services. The third-party partner or the web analytical service partner may be able to collect data about visitors to the Sites and other sites because of these internet tags/cookies, may compose reports regarding the Site’s activity for us and may provide further services which are related to the use of the Sites and the internet. They may provide such information to other parties if there is a legal requirement that they do so, or if they hire the other parties to process information on their behalf. If you would like more information about web tags and cookies associated with on-line advertising or to opt-out of third-party collection of this information, please visit the Network Advertising Initiative webSites http://www.networkadvertising.org. (We are not affiliated with the Networking Advertising Initiative in any way.) If you opt out, please be advised that your user experience will be degraded.
Non-Personal Data
We may use non-personal information to analyze data into useful information. This process of data mining is done in the aggregate, is non-personal, and allows Company to find correlations and patterns in the data.
We do not provide any personal information to third party sites that display our interest-based ads. However, third parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the group that the ad or content is directed towards (for example, users in the Southwest who have experienced ear infections). Also, some third parties may provide us information about you (such as the sites where you have been shown ads or demographic information) from offline and online sources that we may use to provide you with more relevant and useful advertising.
Sharing of Information
We share Protected Health Information (PHI) and Personally Identifiable Information (PII) as permitted or required by law and as authorized by you as described in the Terms of Use, this Privacy Policy, or otherwise.
We employ other companies and individuals to perform functions on our behalf. Examples include analyzing data, providing marketing assistance, processing credit card payments, and providing customer service. They have access to anonymized and personal information needed to perform their functions, but may not use it for other purposes. Access to this information will permit them to provide services more efficiently and effectively to you and to us.
For example: your IP address may be used to estimate your location and personalize your experience with the Services; we may share information such as IP address, user name, email address and cookie and web beacon information with third parties in order to personalize your experience; your IP address and email address and the page you are viewing may be shared with a third party that operates the customer service “chat” feature for our Services; and aggregate data about IP addresses, pages loaded, time to load pages and errors encountered may be used by third-party performance monitoring and improvement products.
These third parties may be required to disclose information, as described in the section below entitled “Disclosures in Accordance with Law.”
Security of Information Collected
We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical and technical safeguards to protect data. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and industry standard data encryption during transmission and storage.
In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal account and log-in/password information. If you use a public computer, e.g., at a library or a university, always remember to log out of the Sites or Services. Please remember that use of the Sites or the Services is at your own risk and Hazel cannot and does not guarantee the security of information sent to, or received by it.
If you use our Sites or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer’s or such other site’s privacy and security policy with respect to Internet use.
We are not responsible for your handling, sharing, re-sharing and/or distribution of your personal health information. Moreover, if you forward Personal Health Information (PHI) electronically to another person on or off the Sites or Service, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.
Self-Review of Data and Ability to Delete Your Account Information
You may request to delete any personal information and to de-authorize the collection of personal information in the future by sending us an email at privacy@hazel.co.
Third Party Sites / Trusted Relationships
As noted above, the Company is a Business Associate of health care providers under HIPAA and we share information with health care providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and health care operations, and otherwise as agreed or authorized by you.
Our Sites contain links to other sites. We do not share your Personally Identifiable Information (PII) with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards, however, we encourage you to learn their particular privacy policies.
Disclosures in Accordance with Law
We disclose Personally Identifiable Information (PII) about you as required or permitted by law, including complying with legal process (for example, we may disclose your information as necessary to comply with an authorized civil, criminal or regulatory investigation). We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, subpoena, or government request. We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise in violation of our Terms of Use, even without a subpoena, warrant or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our Sites or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, suppliers, sponsors, or licensors. We also reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
Children
We do not knowingly allow individuals under the age 18 to create accounts that allow access to our Site.
California Residents
Pursuant to California Civil Code Section 1798.83, residents of the State of California have the right to request from companies conducting business in California certain information regarding Hazel’s disclosure within the immediately preceding calendar year of that California resident’s personal information to third parties (and in some cases affiliates) for their direct marketing purposes. Alternatively, the law provides that a company may comply, as Hazel does, by disclosing in its privacy policy that it provides consumers choice (opt-out or opt-in) regarding sharing personal information with third parties and affiliates for those third parties’ and affiliates’ direct marketing purposes, and information on how to exercise that choice.
Changes to This Privacy Policy
We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Sites and at other places we deem appropriate.
Questions or Suggestions
If you have any questions or suggestions on ways we can improve our privacy policy with respect to personal information, please email us at privacy@hazel.co.
