Certain of VFlo’s Services, including the VitalFlo Mobile App, are designed to work in conjunction with certain third party products and services, including a third party spirometer (each a “Device”) and intermediary software application (“Intermediary App”). The Device and Intermediary App are made available by our third party partners and such third party partners are solely responsible for the Device and Intermediary App, including their privacy and data policies.
Device Data. If you are using a Device and Intermediary App in connection with your use of the Services, your Device collects data to measure and monitor airflow into and out of your lungs, including air intake and exhalation and the speed of your breath (“Device Data”). The data collected may vary depending on your Device and the settings you have chosen for your Device, the Intermediary App (such as iSpirometry®), or our App. You may share the Device Data from the Intermediary App to us through our App or our third party messaging provider. You control how you wish to share this Device Data with us and your Providers. This information may include date and time of usage from your Device and your responses to our follow up questions.
Information that your Providers provide. You understand and agree that the Providers may contact us or you, we may contact them or you, they may share with us or you, and we may share with them or you any information about you that is necessary or useful to enable us to provide the Services that you request of us. Such information may include, among other information, User Health Data and other information described in the Information you provide paragraph above.
Information Automatically Collected; Cookies; Tags. When you access or use the Services, we may collect information about you and your computer or device, including through the use of both session and persistent “cookies,” “pixel tags,” or “web beacons” (collectively, “Tags”). “Cookies” are small data files stored on your hard drive, and “pixel tags” or “web beacons” are small graphic files placed on a website or within the body of an email for the purpose of tracking your internet activity and tracking when emails are opened or accessed. A “session” Tag will not collect information once you close the program used to access the Tag (e.g., a web browser), while a persistent Tag will collect information until it is deleted.
The type of information we automatically collect when you access or use the Services may include the IP (Internet Protocol) address of your computer or device; information about Tags on your computer or device; pages you viewed on the Site; how long you spent accessing each page; how long you used an App; times and dates that you accessed or used the Services; your computer or device type and operating system type; browser type and language; and other information about how you accessed or used the Services.
We also analyze your information and your access and use of the Services in order to improve and customize your experience, including remembering information so you will not have to reenter it. We may also use such information to contact you regarding changes, system maintenance and outage issues, account or membership issues, or otherwise troubleshoot problems related to the Site, Services, or Apps.
We may share with your Providers any information about you that is necessary or useful to enable us to provide the Services that you request of us.
Communications with your Providers. We may share your information with your Providers, including information collected from your Device (if applicable) and which you choose to share with us, including User Health Data, through our App or third party messaging partner. We cannot control how any Provider may use or disclose of the information you may make available through use of the Service.
Improving our Products and Services. We may use your data, including your User Health Data, to improve our algorithms, technology, products and services, including to train our software and to gain greater understanding of the factors involved in controlling and monitoring asthma and lung health. For these purposes, unless otherwise expressly permitted by you, we will anonymize or de-identify your User Health Data in a way that complies with HIPAA requirements so that such User Health Data is not identifiable or linkable to you. For example, we may request that you consent to use of zip code level data so that we may track applicable environmental factors and improve our algorithms.
Service providers. We will disclose your information to our service providers that assist with the Site, Services, or Apps. For example, we may use a third party messaging service to gather additional information about your symptoms based on information collected by the Device. We contractually require our service providers not to use or share your information for purposes other than as needed to provide the applicable services.
Marketing Communications. We may in the future distribute a newsletter or other marketing or promotional communications to inform our user about promotions, upcoming events, news about products and services offered by us and our selected partners or news and information relating to lung health, wellness or asthma conditions. Prior to sending you any such newsletter or other marketing communications, we will obtain your consent. Thereafter, our marketing emails will tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails, including emails about purchase confirmations, invoices, technical notices, security alerts, and support and administrative messages.
Corporate events. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, your information may be included in the assets sold or transferred to the acquirer. You agree that we may transfer or assign the information we have collected about you in connection with any such event. In the event of a bankruptcy, insolvency, reorganization, receivership or assignment for the benefit of creditors, we may not be able to control how your personal information is treated, transferred, or used.
California requires operators of websites or similar services to make certain disclosures to users who reside in California regarding their rights, specifically:
Your Consumer Rights. California consumers have the right to request access to their personal data, additional details about our information practices and deletion of their personal information (subject to certain exceptions). California consumers also have the right to opt out of sales of personal information, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information. We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information. We will not discriminate against you if you choose to exercise your rights under the CCPA.
Rights to Know. You may request, no more than twice in a 12-month period, access to the specific pieces of personal data we have collected about you in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for a legitimate business or commercial purposes, and the categories of third parties with whom we share your personal information. You may make these requests by contacting using the contact information provided below in the “Contact Us” Section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
Copies of Personal Information. You may request, no more than twice in a 12-month period, transportable copies of your personal information that we have collected about you in the last 12 months. You may make these requests by contacting using the contact information provided below in the “Contact Us” Section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
Deletion. You may request that we delete the personal information we have collected about you. Please note that we may retain certain information as required or permitted by applicable law. You may make these requests by contacting us using the contact information provided below in the “Contact Us” Section. After submitting your request, please monitor your email for a verification email. We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.
Do-Not-Track. Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California residents are entitled to know how we respond to “Do Not Track” browser settings. However, we do not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed.
You may update, change, or correct your personal information through the App, the Services or by contacting us at firstname.lastname@example.org. We will update your account, membership, or information as requested, provided, that we may decline to update information if we determine the request to be impractical (for instance, requests concerning information residing on backup tapes or other historical data) or to be inconsistent with our data retention practices (described above). In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
Social media sites. We may have pages or other presence on various social networking sites or services, such as Facebook, Twitter, and the like. Any information you post or provide through such sites and services will be subject to the policies of those sites and services.
Disclaimer and release. We cannot control how any Providers, or third parties might use or disclose your information, so be sure that you trust them and that you are comfortable with the information that may be shared with them. You are responsible for designating your Providers and for keeping your list of Providers current, so please add, remove, or modify relevant information about Providers as such information changes.
The Site, Services, and Apps are not intended for use by minors under the age of 13, unless through a parent or guardian. If we learn that a child under the age of 13 has provided us with personal information without parental consent, we will promptly take reasonable and appropriate actions to remove such user and delete any personal information from our servers.
In certain situations, we are a "Business Associate," as defined by HIPAA (the federal Health Insurance Portability and Accountability act) of certain “covered entities”, and have certain federal, state and contractual restrictions as to how we can use your "protected health information" (PHI), including with respect to the Providers. In other situations, we are required by federal and state data protection laws to protect the confidentiality of your Personally Identifiable Information (PII). When acting as a Business Associate, we may only use or disclose your PHI and PII as required by law or, in the case of PHI, as permitted by the Business Associate Agreements (BAAs) we have with our customers including Providers, and as otherwise expressly permitted by you. Please be aware that when you give others access to your data (including PHI and PII), they may be able to use, reproduce, distribute, display, transmit, and/or communicate that data to others and the public. Please consider carefully what you choose to share or make public. We shall not have any responsibility for access, use or disclosure of your data by people you authorized to have access to your user account. If you are using the Service in coordination with your Providers or as part of a research study, you are granting access to your health information (including PHI and PII) to the Providers and study personnel. You expressly consent to the access and disclosures outlined in this section.
In the absence of such business associate agreement or provider agreement, you understand and agree that your information is not protected under HIPAA. However, we will take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of your information. However, we cannot guarantee your information will be absolutely secure or that unauthorized persons will not access or use your personal information for improper purposes. In the event of a breach of security affecting the personal information that you or Providers have provided to us, or the personal information that we have collected, we will take remedial actions as required by applicable laws, which might include providing you notice of such breach. You agree that we may send you such notices via the Site, Services, Apps, email, or mail.