This Privacy Policy sets out the privacy policy of Carium, Inc. (“Carium”, “our”, “we” and “us”), any website maintained or operated by Carium (the “Website”), our mobile or other applications (the “Apps”) and all services that we offer (the “Offerings” together with the Website and the Apps, the “Services”) in connection with information, data, documentation, and any other materials relating to or about you (the “Content”), collected, stored, transmitted or maintained by Carium from or for you or in connection with the Services. This Privacy Policy covers any Content and other information transmitted by you or on your behalf to Carium in connection with the Services, whether such transmittal is made through the Website, the Mobile Apps, other electronic messaging or any other method. Our overall goal is to respect the information that you entrust to us. To put it plainly, this Privacy Policy explains how the information that is stored in or passed through the Service may be used by us.
As our business changes, this Privacy Policy will also change and Carium reserves the right to change this Privacy Policy at any time and without notice. If you use any of the Services, you should check our Website periodically for changes. Carium will use reasonable efforts to post a notice when changes are made, but may not always be able to post a notice. If you continue to use the Services, your continued use will represent your acceptance of any changes that we may make, whether or not we were able to post a notice about the changes.
This Privacy Policy does not cover any of your Content when it is in your possession, nor does this Privacy Policy cover your Content that may be displayed or visible on any device that you use to access the Services.
What Information Does Carium Collect and How are the Data Used?
Carium collects only the types of Personal and Non-Personal Information described below that are necessary for our legitimate business purposes, and we maintain appropriate safeguards to ensure the security, integrity, and privacy of this information.
Carium’s Mobile Apps may collect certain information automatically, including but not limited to: (i) the type of mobile device that you use, (ii) the unique device identification number of your mobile device, (iii) your mobile device’s IP address, (iv) the type of operating system running in your mobile device, (v) the type of internet browser that you utilize, and (vi) information about your usage of the Mobile Apps.
Carium will retain your Content, Personal Information, and Non-Personal Information for as long as you use the Services and until you ask for your Content to be deleted. While we will do our best to honor a request for deletion, we will also retain and use your Content as necessary to comply with legal, regulatory, and contractual obligations applicable to our operations, to resolve disputes, and to enforce our agreements. For example, regulations may require us to retain healthcare-related information for a specified period of time or if we are holding information on behalf of the healthcare organization where you receive services, then we may be required to comply with that organization’s information retention requirements. You acknowledge that your Content and/or Personal Information provided to third parties is outside of Carium’s control and will be subject to each applicable third party’s policies covering privacy and use.
Personal and Business Information
When you use the Services, we may collect what is generally called “personally identifiable information,” or “Personal Information,” which is information that specifically identifies you. Examples of Personal Information include name, email address, mailing address, phone number, date of birth, geographic area when any such information is linked to information that identifies a specific individual, gender, birthday, marital status, educational level, health history, and health records.
The Mobile Apps may utilize GPS technology, IP address, other sensors such as nearby devices, Wi-Fi access points or cell towers, or other similar geolocation technology in order to determine your current location, if enabled or necessary for use of the Services.
We may use the Content, Personal Information, and Non-Personal Information to (i) provide the Services to you, which includes providing the Content to your healthcare clinician or healthcare system or organization (ii) personalize your use of the Services, (iii) provide you with personalized analyses of your Content, (iv) communicate with you and respond to your requests, and related activities, (v) develop and deliver more impactful analyses by aggregating with other data, (vi) conduct research, and (vii) improve or enhance the Services. In engaging in any of the described uses, we may de-identify your Content, Personal Information or Non-Personal Information. You have the ability to opt-out of receiving promotional communications by following the unsubscribe instructions contained in a promotional communication.
By submitting your Content to us and by using the Services, you consent to our use of your Content as described in this Privacy Policy. If you do not consent, you should not register with Carium and you should not use the Services. Ultimately, you own, control, and determine how to share your Content.
Non-Personal Information
Certain Non-Personal Information about site visits is recorded by the standard operation of the Website, including but not limited to (i) IP address, (ii) domain server, (iii) type of device(s) used to access the Services, (iv) web browser(s) used to access the Services, (v) referring webpage or other source through which you accessed the Services, (vi) geolocation information, and (vii) other statistics and information associated with the interaction between your browser or device and the Services. Non-personally identifiable information may be used to improve the design and content of the Services or to personalize your experience.
We may also collection the additional Non-Personal Information:
Cookies
Carium uses cookies on its Website to make your experience easy and meaningful and to enable certain technical operations. Cookies are files that web browsers place in a device’s memory and are used to tell us whether customers and visitors have previously visited our website. Usage of a cookie is not linked to any personally identifiable information while on the Website.
Social Media Cookies
These cookies are used when you use a social media sharing button or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter, or LinkedIn. The social network will record that you have done this. This information may be linked to targeting and/or advertising activities.
Web Beacons
“Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to analyze how many people are using the Services, using the selected advertisers’ websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
Website Analytics
We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that you type into the Site. These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites that do not use their services.
Mobile Device Identifiers
Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and non-personally identifiable information. Mobile device identifiers help Carium learn more about our users’ demographics and internet behaviors.
Log Files
Like many standard website servers, our web servers use log files. Log files include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks. Log files are used to analyze trends, administer the site, track aggregated users' movement and gather broad demographic information. IP addresses, etc. are not linked to personally identifiable information.
Location
We may collect your real-time geographic location in order to present relevant information from third parties with whom you may have authorized a connection. If your location is collected and used to push content, the location information will not specifically identify you.
Is Content or Personal Information Shared With Third Parties?
Carium does not sell your Content or Personal Information (whether or not de-identified) to any third parties, except as may be consented to or directed by you or as set forth in this Privacy Policy, or other terms governing use of the Services. If we use any subcontractors, each subcontractor that may access your Content will be contractually obligated to maintain the confidentiality and privacy of all Content accessed, used or stored.
As we continue to develop our business, we might sell or buy assets or engage in other strategic transactions. In such transactions, your Content may be transferred to: (i) a parent or subsidiary; (ii) an acquirer of assets or equity; or (iii) a successor by merger.
Carium shares all of your Content, Personal Information, and Non-Personal Information with your healthcare clinician, healthcare system, or other organization sponsoring your access to the Services (the “Sponsor”). Through the Services, your Sponsor can view, send, and/or receive your Content and messages relating to or about you. You acknowledge that your Sponsor may integrate your Content, Personal Information, and/or Non-Personal Information into its records about you and any such integration will be subject to Sponsor’s policies on privacy and use. Carium may also be required to maintain your Content and/or Personal Information for any period of time identified by your Sponsor.
We may release your Content when we believe release is appropriate to (i) comply with applicable laws; (ii) enforce an agreement with Carium; or (iii) protect the rights, property, or safety of Carium, our users, or others. A potential use may include exchanging Content, Personal Information, and/or Non-Personal Information with other companies and organizations for fraud protection.
Security
We have industry reasonable security measures in place to help protect against the loss, misuse, and/or alteration of the data under our control. The security measures include system and network components, and application components. When the website is accessed using a compatible internet browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that the data are safe, secure, and available only to you.
Although we make good faith efforts to store Personal Information in a secure operating environment that is not open to the public, we do not and cannot absolutely guarantee the security of your Personal Information. If we become aware that your Personal Information has been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted or required by law.
Communications from Carium
Users who have provided contact information may occasionally receive email updates or information from Carium. In order to respect our customers’ privacy, we present the option to decline these types of communications.
Choice/Opt-Out
Users who no longer wish to receive e-mail communications or other information from Carium may opt-out of receiving these communications by emailing us at legal@carium.com using "unsubscribe" in the subject line or following the “unsubscribe” link in an email.
Removal or Modification
If you would like us to remove and/or modify your Personal Information and/or Non-Personal Information from our system, you may make that request by sending an e-mail to legal@carium.com. If you request deletion of your account, we may retain some information in our records after deletion of your account, including but not limited to any information or records that we are legally obligated to retain and as explained earlier in this Privacy Policy. If you request modification of your information, we will review your request and determine if modification is required. Additionally, you may modify your own information by logging into your account. We will process your request within a reasonable time.
HIPAA Compliance
To the extent Carium and any of the Services are subject to any requirements of the Health Insurance Portability and Accountability Act and its implementing regulations, as all may be amended from time to time (“HIPAA”), we comply with those HIPAA requirements. We comply with HIPAA to the extent required, which is not every circumstance or use relating to the Services or our operations.
Children’s Privacy
Except as set out in the Terms of Use, do not use or access any part of the Service if you are under 18 years of age. If you are a parent or guardian and discover that your child under 18 years of age has obtained an account on the Service, then you may alert us at legal@carium.com, and we can take action to prevent access, unless you are complying with the Terms of Use to authorize use of the Service by a minor.
International Visitors
The Service is hosted in the United States and intended for use solely by individuals in the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.
Links to Third-Party Websites
The Website contains links to other sites. Please be aware that Carium is not responsible for the privacy practices of any other website or the policies, content, and practices of other websites. To the extent you visit a third-party site accessible through this Website, we encourage you to read the privacy policies of each and every website as those third-party privacy policies govern the collection and use of information provided when visiting those sites. This Privacy Policy applies solely to information collected by the Services.
Changes to this Privacy Statement
From time to time, we may change the terms of this Privacy Policy. We will do so by posting updated text on the Website, and your continued use constitutes acceptance of those changes. To ensure that you are aware of current privacy practices, we recommend that you check this site periodically.
Contact Information
Any questions, comments or concerns regarding our Privacy Policy should be directed to the Privacy Officer by e-mailing such questions to legal@carium.com or by regular mail addressed to:
201 1st Street
Suite 211
Petaluma, CA 94952
Effective Date: June 27, 2018
Updated: October 15, 2018
Updated: January 11, 2019
Updated: June 1, 2019
Updated: July 26, 2019
Updated: June 30, 2020