OMZO

PRIVACY POLICY

Last Updated: November 17, 2023

This Privacy Policy ("Policy") explains how Omzo ("Omzo," "we," "us," or "our") collects, uses, discloses, and protects your information when you access or use our website, platform, mobile experiences, and related services (collectively, the "Service").


By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, do not use the Service.

1. INTRODUCTION

At OMZO, we recognize the critical importance of privacy, especially when it comes to your health information. This Privacy Policy describes our comprehensive approach to protecting your personal and health-related information. We are committed to maintaining the highest standards of data protection and transparency in how we collect, use, share, and safeguard your information.

This Policy applies to all information collected through our website, mobile applications, telehealth platform, and any other services we provide. It covers information collected online and offline, including information you provide directly to us, information we collect automatically, and information we receive from third parties.

Please read this Privacy Policy carefully. By using our Services, you consent to the practices described in this Policy. If you do not agree with any part of this Policy, please discontinue use of our Services immediately.

2. INFORMATION WE COLLECT

We collect various types of information to provide, maintain, and improve our Services. The categories of information we collect include:

2.1 Information You Provide Directly

When you use our Services, you may provide us with the following categories of information:

  • Personal Identifiers: Full name, date of birth, email address, telephone number, mailing address, billing address, government-issued identification numbers (when required for prescription services), and other contact information
  • Protected Health Information (PHI): Medical history, current health conditions, symptoms, medications (prescription and over-the-counter), allergies, family medical history, laboratory results, diagnostic information, treatment plans, and any other health-related information you provide during consultations or assessments
  • Financial Information: Payment card numbers, billing addresses, bank account information (when applicable), insurance information, and other payment-related data. Note: Payment card information is processed securely through PCI-DSS compliant third-party payment processors and is not stored on our servers
  • Account Credentials: Username, password, security questions and answers, and other authentication information
  • Communications: Messages, emails, chat transcripts, video consultation recordings (with your consent), feedback, reviews, and other communications you send to us or through our platform
  • Profile Information: Profile photos, gender, age, health goals, preferences, and other information you choose to provide
  • Survey and Research Data: Responses to health assessments, surveys, questionnaires, and research studies (with your explicit consent)

2.2 Information Collected Automatically

When you interact with our Services, we automatically collect certain technical and usage information:

  • Device Information: IP address, device type (mobile, tablet, computer), device identifiers (UDID, IMEI, MAC address), operating system, browser type and version, screen resolution, mobile carrier, and network information
  • Usage Analytics: Pages visited, features used, time spent on pages, clickstream data, search queries, links clicked, date and time of access, referring website addresses, and navigation patterns
  • Location Data: General geographic location based on IP address, precise location data (only with your explicit permission), and time zone information
  • Technical Logs: Server logs, error reports, performance data, crash reports, and system diagnostics
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, pixel tags, local storage, and similar tracking technologies (see Section 6 for more details)

2.3 Information from Third Parties

We may receive information about you from third-party sources:

  • Healthcare Providers: Medical records, prescription history, lab results, and treatment information from healthcare providers, pharmacies, laboratories, and other medical service providers (with your authorization)
  • Insurance Companies: Insurance coverage information, claims data, and eligibility verification (with your authorization)
  • Payment Processors: Transaction confirmations, payment status, and billing information from our payment service providers
  • Business Partners: Information from partners who provide services on our behalf or with whom we collaborate
  • Public Sources: Publicly available information from social media platforms, public databases, and other publicly accessible sources (when you connect your accounts or when legally permissible)
  • Marketing Partners: Demographic information, interests, and marketing preferences from advertising and analytics partners

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 Service Delivery and Operations

  • Provide, operate, maintain, and improve our telehealth platform and services
  • Process and manage appointments, consultations, and healthcare services
  • Facilitate communication between you and healthcare providers
  • Manage prescriptions, medication delivery, and pharmacy services
  • Process payments, manage billing, and handle financial transactions
  • Create and manage your account, authenticate your identity, and provide customer support
  • Send service-related communications, including appointment reminders, treatment updates, and account notifications

3.2 Healthcare and Medical Services

  • Enable healthcare providers to deliver medical consultations, diagnoses, and treatment recommendations
  • Coordinate care between multiple healthcare providers and specialists
  • Manage and maintain your medical records and health information
  • Provide medication management, prescription refills, and pharmacy services
  • Conduct health assessments, screenings, and wellness evaluations
  • Generate treatment plans, care recommendations, and health reports

3.3 Communication and Marketing

  • Send you marketing communications, promotional offers, and newsletters (only with your consent, which you may withdraw at any time)
  • Respond to your inquiries, requests, and customer service needs
  • Provide personalized content, recommendations, and health tips
  • Conduct surveys, research studies, and gather feedback to improve our services

3.4 Legal and Compliance

  • Comply with applicable laws, regulations, and legal obligations, including HIPAA, state medical board regulations, and FDA requirements
  • Respond to legal process, court orders, subpoenas, and government requests
  • Enforce our Terms of Service, Privacy Policy, and other agreements
  • Protect our rights, property, and safety, as well as that of our users and others
  • Detect, prevent, and address fraud, security threats, and illegal activities
  • Maintain records as required by healthcare regulations and professional standards

3.5 Analytics and Improvement

  • Analyze usage patterns, user behavior, and service performance
  • Conduct research and analytics to improve our services and develop new features
  • Create aggregated, anonymized, and de-identified datasets for research and statistical purposes
  • Monitor and improve platform security, performance, and reliability

4. HOW WE SHARE AND DISCLOSE INFORMATION

We may share your information in the following circumstances:

4.1 Healthcare Providers and Medical Professionals

We share your health information with licensed healthcare providers, physicians, nurse practitioners, pharmacists, and other medical professionals who provide services through our platform. This sharing is essential for delivering healthcare services and is done in accordance with applicable healthcare privacy laws.

4.2 Service Providers and Business Partners

We may share information with third-party service providers who perform services on our behalf, including:

  • Payment processors, billing services, and financial institutions
  • Cloud storage providers, data hosting services, and IT infrastructure providers
  • Analytics providers, marketing platforms, and advertising partners
  • Customer support services, communication platforms, and help desk providers
  • Pharmacy partners, medication delivery services, and prescription management systems
  • Legal, accounting, and professional service providers

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity or successor organization. We will notify you of any such transfer and any material changes to how your information is handled.

4.4 Legal Requirements

We may disclose your information when required by law, including:

  • In response to valid court orders, subpoenas, warrants, or other legal process
  • To comply with federal, state, or local laws and regulations
  • To respond to requests from government agencies, law enforcement officials, or regulatory bodies
  • To report suspected abuse, neglect, or threats to health or safety as required by law

4.5 Protection of Rights and Safety

We may share information to protect our rights, property, or safety, or that of our users, employees, or others, including to:

  • Prevent fraud, abuse, or illegal activities
  • Investigate potential violations of our Terms of Service
  • Protect against imminent harm to health or safety
  • Enforce our legal rights and agreements

4.6 With Your Consent

We may share your information with third parties when you explicitly authorize us to do so, such as when you:

  • Authorize sharing with specific healthcare providers or specialists
  • Connect your account with third-party applications or services
  • Participate in research studies or clinical trials
  • Request information sharing for specific purposes

4.7 De-Identified and Aggregated Information

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you. This information may be used for research, analytics, public health purposes, or other legitimate business purposes.

5. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, pixel tags, local storage, and similar technologies ("Tracking Technologies") to collect and store information about your interactions with our Services.

5.1 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function properly, including authentication, security, and load balancing
  • Functional Cookies: Remember your preferences, settings, and choices to enhance your experience
  • Analytics Cookies: Help us understand how visitors use our Services, including page views, user flows, and feature usage
  • Advertising Cookies: Used to deliver personalized advertisements and measure advertising effectiveness (only with your consent)

5.2 How to Manage Cookies

You can control cookies through your browser settings. Most browsers allow you to:

  • Block or delete cookies
  • Set your browser to notify you when cookies are being set
  • Manage cookie preferences for specific websites

Please note that disabling certain cookies may limit your ability to use some features of our Services. Essential cookies cannot be disabled as they are necessary for the Service to function.

6. DATA RETENTION

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Retention Periods

  • Medical Records: Retained in accordance with applicable healthcare regulations, typically for a minimum of 6 to 10 years from the date of last service, or as required by state and federal law
  • Account Information: Retained for as long as your account is active, plus a reasonable period thereafter for legal and business purposes
  • Financial Records: Retained for 7 years in accordance with tax and accounting requirements
  • Marketing Data: Retained until you opt out or withdraw consent, after which we will delete or anonymize your information
  • Legal Holds: Information may be retained longer if subject to a legal hold, investigation, or ongoing litigation

6.2 Deletion and Anonymization

When we no longer need your information for the purposes described in this Policy, we will securely delete or anonymize it in accordance with our data retention policies and applicable law. De-identified information may be retained indefinitely for research and analytics purposes.

7. DATA SECURITY AND PROTECTION

We implement comprehensive technical, administrative, and physical safeguards to protect your information against unauthorized access, alteration, disclosure, or destruction.

7.1 Technical Safeguards

  • Encryption: End-to-end encryption for data in transit (TLS/SSL) and encryption at rest for stored data (AES-256)
  • Access Controls: Multi-factor authentication, role-based access controls, and least-privilege access principles
  • Network Security: Firewalls, intrusion detection systems, and secure network architecture
  • Secure Development: Regular security audits, vulnerability assessments, and penetration testing
  • Data Backup: Regular, encrypted backups with disaster recovery procedures

7.2 Administrative Safeguards

  • Comprehensive employee training on data protection and privacy
  • Background checks and confidentiality agreements for all personnel
  • Regular security awareness training and phishing simulations
  • Incident response procedures and breach notification protocols
  • Regular audits and compliance monitoring

7.3 Physical Safeguards

  • Secure data centers with restricted physical access
  • Environmental controls and redundant systems
  • Secure disposal of physical records and storage media

7.4 Compliance Standards

We maintain compliance with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health (HITECH) Act
  • State medical privacy laws and regulations
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • General Data Protection Regulation (GDPR) for applicable users

Important: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

8. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your location and applicable laws, you may have certain rights regarding your personal information:

8.1 Access and Portability

You have the right to:

  • Request access to your personal information and receive a copy of your data
  • Request your information in a portable, machine-readable format
  • Review your medical records and health information through our platform

8.2 Correction and Updates

You have the right to:

  • Request correction of inaccurate or incomplete information
  • Update your account information and preferences at any time
  • Request amendments to your medical records (subject to healthcare provider approval)

8.3 Deletion and Right to be Forgotten

You may request deletion of your personal information, subject to:

  • Legal and regulatory requirements (e.g., medical record retention requirements)
  • Ongoing legal proceedings or investigations
  • Legitimate business interests
  • Our ability to verify your identity

8.4 Opt-Out and Marketing Preferences

You have the right to:

  • Opt out of marketing communications at any time by clicking unsubscribe links or contacting us
  • Opt out of certain data processing activities, such as analytics or advertising
  • Manage your communication preferences through your account settings

8.5 Restriction and Objection

You may have the right to:

  • Request restriction of processing of your information in certain circumstances
  • Object to certain types of processing, such as automated decision-making or profiling
  • Withdraw consent for processing based on consent (where applicable)

8.6 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will:

  • Respond to your request within 30 days (or as required by applicable law)
  • Verify your identity before processing your request
  • Provide information about any actions taken or reasons for denial (if applicable)
  • Not discriminate against you for exercising your privacy rights

9. CHILDREN'S PRIVACY

Our Services are designed for individuals 18 years of age and older. We do not knowingly collect, use, or disclose personal information from children under the age of 18 without appropriate parental or guardian consent.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without appropriate consent, we will take steps to delete such information promptly.

In certain circumstances, we may provide services to minors with appropriate parental or guardian consent and supervision, in which case the parent or guardian's information may also be collected and used as described in this Policy.

10. INTERNATIONAL DATA TRANSFERS

If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

By using our Services, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy. We implement appropriate safeguards, such as standard contractual clauses and other mechanisms, to protect your information when transferred internationally.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific data protection laws, you may have additional rights under applicable regulations such as the GDPR. Please contact us to learn more about your rights and how we protect your information.

11. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by OMZO. This Privacy Policy does not apply to third-party sites or services.

We are not responsible for the privacy practices, content, or security of third-party sites or services. We encourage you to review the privacy policies of any third-party sites or services you visit or use.

When you interact with third-party services through our platform (such as connecting your account with a fitness app), you may be sharing information with those third parties. We recommend reviewing their privacy policies before connecting your accounts.

12. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information (subject to exceptions)
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information (we do not sell your personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use: Request limitation of use and disclosure of sensitive personal information

To exercise your California privacy rights, please contact us using the information provided in the "Contact Us" section. We will verify your identity and respond to your request in accordance with California law.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational, legal, or regulatory reasons.

When we make material changes to this Policy, we will:

  • Post the updated Privacy Policy on this page with a new "Last Updated" date
  • Notify you by email (if you have provided an email address) or through a prominent notice on our Services
  • Obtain your consent for material changes where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after changes become effective constitutes your acceptance of the updated Policy.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy, our privacy practices, or wish to exercise your privacy rights, please contact us:

OMZO Privacy Office

Insert Address

Email: privacy@omzo.com

Phone: +1234567890

Data Protection Officer: dpo@omzo.com

For privacy-related complaints, you may also contact your local data protection authority or the U.S. Department of Health and Human Services Office for Civil Rights.