Genova Health, Inc. (“Company,” or “we,” “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy.
This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit or use our website and our practices for collecting, using, maintaining, protecting, and disclosing that information. For purposes of this Privacy Policy, our website, and all related services and functionality that we provide through them are referred to as our “Digital Services”.
Scope of This Policy This policy applies to information we collect:
• on our Digital Services;
• in email, text, and other electronic messages between you and our Digital Services; and
• when you interact with our advertising and applications on third party websites and services, if those applications or advertising include links to this policy.
This policy does not apply to information collected through our electronic healthcare record system or patient portal, which is governed by separate terms and our customers’ Notice of Privacy Practices under HIPAA.
Our Digital Services are not intended for children under the age of 18 and children under the age of 18 are not permitted to use our Digital Services independently. We will remove any information about a child under the age of 18 if we become aware of it.
Types of Information Collected
We collect several types of personal information from and about users of our Digital Services, specifically information by which you may be personally identified, such as first and last name, home address, work address, email address, home, work, and mobile telephone numbers, and company or organization name.
Technical Information: We also collect information that is about you but individually does not identify you, such as traffic data, logs, referring/exit pages, date and time of your visit to or use of our Digital Services, error information, clickstream data, and other communication data and the resources that you access and use on or through our Digital Services; and information about your Internet connection, the equipment you use to access or use our Digital Services and usage details.
How We Collect Information
We collect this personal information:
• directly from you when you provide it to us;
• automatically as you navigate through or use our Digital Services. Information collected automatically may include estimated or precise geo-location, usage details, IP addresses, and information collected through automatic data collection technologies; and
• from third parties, for example, our business partners.
Information You Provide: The personal information we collect on or through our Digital Services includes information that you provide by filling in forms on our Digital Services. This includes information provided at the time of registering to use our Digital Services, subscribing to our services, requesting information about our products or services, or requesting further services. We may also ask you for information when you report a problem with our Digital Services; records and copies of your correspondence (including email addresses), if you contact us; and your responses to surveys that we might ask you to complete for research purposes.
Automatic Data Collection - Limited Use: As you navigate through and interact with our Digital Services, we may use automatic data collection technologies to collect certain personal information about your equipment, browsing actions, and patterns, specifically: details of your visits to our Digital Services, such as traffic data, location, logs, referring/exit pages, date and time of your visit to or use of our Digital Services, error information, clickstream data, and other communication data and the resources that you access and use on or in the Digital Services; and information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, and browser type.
No Cookies or Tracking Pixels for Marketing: We do not use cookies, web beacons, tracking pixels, or similar technologies for marketing, advertising, or tracking purposes. We do not use third-party analytics services such as Google Analytics, Facebook Pixel, or similar services that track user behavior across websites.
Essential Technical Cookies Only: We use only essential technical cookies that are strictly necessary for the operation and security of our Digital Services, including:
• Session management cookies to maintain your login state
• Security cookies to detect authentication abuse and protect user data
• Load balancing cookies to ensure system performance We may associate the information we collect automatically with other personal information we collect in other ways or receive from third parties. It helps us to improve our Digital Services and to deliver a better and more personalized service by enabling us to maintain system security, ensure proper functionality, and improve user experience.
Browser Settings: You can set your browser to refuse all cookies or to alert you when cookies are being sent. However, if you disable or refuse essential cookies, some parts of our Digital Services may be inaccessible or not function properly.
We use personal information that we collect about you or that you provide to us:
• to provide our website and its functionality, contents and services to you;
• to provide you with information, products, or services that you request from us;
• to process, fulfill, support, and administer requests for information or inquiries submitted by you;
• to provide you with notices about your account or subscription;
• to contact you in response to a request;
• to fulfill any other purpose for which you provide it;
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us;
• to notify you about changes to our Digital Services or any products or services we offer or provide though them;
• in any other way we may describe when you provide the information; and
• for any other purpose with your consent.
System Improvement: We use de-identified and aggregated data to improve our Digital Services, develop new features, and enhance system security and performance.
Communications: We may use your information to send you information about our products and services that may be of interest to you. You may opt out of receiving such communications at any time by following the unsubscribe instructions in the communication or by contacting us.
We do not share, sell, or otherwise disclose your personal information for purposes other than those outlined in this Privacy Policy. We may disclose your personal information:
• to our affiliates and third-party service providers that we use to support our business, including providing IT and infrastructure support services;
• to a company we merge, acquire, or that buys us, or in the event of change in structure of our company of any form;
• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• to enforce our rights; and
• with your consent.
Third Party Service Providers: We may disclose personal information to contractors, service providers, and other third parties we use to support our business. These third parties are contractually obligated to keep personal information confidential and use it only for the purposes for which we disclose it to them.
No Third-Party Marketing or Advertising: We do not share your information with third parties for their marketing purposes. We do not participate in advertising networks or use third-party advertising services that track users across websites.
Artificial Intelligence Services: We may disclose information to artificial intelligence service providers to assist in generating content and supporting certain workflows. We ensure that appropriate agreements are in place with such services before making any of your data available to them.
You may contact us to access or change your personal information. You may also be able to review and change your personal information by logging into the Digital Service and visiting your Account Preferences page.
Access and Correction: You can contact us to access and/or find out what personal information we have about you, and to correct that information. You may also notify us through the Contact Information below of any changes or errors in any personal information we have about you to ensure that it is complete, accurate, and as current as possible.
Deletion: You may request deletion of your account and personal information. Please note that we may retain certain information as required by law or for legitimate business purposes.
Opt-Out: You may opt out of receiving marketing communications from us by following the unsubscribe instructions in those communications or by contacting us directly. Response Time: We will respond to requests to exercise your rights within a reasonable timeframe, typically within 30 days.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for personal information sent and received by us.
The safety and security of your personal information also depends on you. Where you have chosen a password for the use of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we work diligently to try and protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk.
Security Measures: We maintain administrative, physical, and technical safeguards, including:
• Access controls and unique user identification
• Encryption of data in transit and at rest
• Security monitoring and logging
• Regular security assessments
• Workforce training on data security Security Incidents: In the event of a data security incident that affects your personal information, we will notify you as required by applicable law.
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Generally, we retain:
• Account information for the duration of your account plus a reasonable period thereafter
• Communication records as needed for business purposes
• Technical and usage data in aggregated or de-identified form for analytical purposes
• Other records as required by applicable regulations Even after account closure, we may retain certain information for legal, regulatory, and operational purpose.
We currently do not honor do-not-track signals that may be sent by some browsers. Because there is no standard for these signals at this time, we currently do not honor such signals, and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us. However, as noted above, we do not use tracking technologies for marketing or advertising purposes.
You may have rights under state consumer privacy laws, including California, Colorado, Connecticut, Oregon, Texas, Utah, and Virginia. These rights may include:
• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information (note: we do not sell or share personal information)
• The right to limit the use of sensitive personal information
• The right to non-discrimination for exercising your privacy rights
Please contact us using the method below if you have questions or would like to exercise a right under these laws.
If you are accessing our Digital Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. By using our Digital Services, you consent to your information being transferred to our facilities and to the facilities of those third parties with whom we share it as described in this Privacy Policy.
We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated. If we make material changes to how we treat our users' personal information, we will notify you by email to the email address specified in your account and/or through a notice on the Website's home page.
The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our website and reviewing this Privacy Policy to check for any changes.
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on or in our Digital Services.
Contact Information:
Genova Health 447 Broadway, 2nd Floor Suite #3287, New York, New York 10013, United States
Email: hello@genova-health.com
ADDITION TO PRIVACY POLICY
Consumer Health Data Privacy Policy
This notice supplements our Privacy Policy and applies to personal information defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA), the Nevada Health Data Privacy Act (NHDPA), Connecticut’s Data Privacy Act or other applicable state consumer health privacy law.
Note: This Consumer Health Data Privacy Policy applies only to our public-facing website and Digital Services. It does not apply to information collected through our Platform, which is governed by separate terms and our customers’ Notice of Privacy Practices under HIPAA.
Consumer Health Data We Collect As described in the Information We Collect About You and How We Collect It section of the Privacy Policy, the data we collect depends on the context of your interactions with us and the choices you make (including your privacy settings), the Digital Services you use, your location, and applicable law. Because consumer health data is defined very broadly under state consumer health privacy laws, many of the categories of data we collect could also be considered consumer health data.
Examples of consumer health data may include:
• Information about health-related conditions, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions). For example, we may collect such information through contact forms, surveys, or other communication with you when you inquire about our products and services.
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies.
• Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person's health.
• Other information that may be used to infer or derive data related to the above or other health information.
Sources of Consumer Health Data
As described further in the Information We Collect About You and How We Collect It section of the Privacy Policy, we collect personal data (which may include consumer health data) directly from you, from your interactions with our Digital Services, from third parties, and from publicly available sources.
Why We Collect and Use Consumer Health Data
We collect and use consumer health data for the purposes described in the How We Use Your Personal Information section of the Privacy Policy. Primarily, we collect and use consumer health data as reasonably necessary to provide you with the Digital
Services you have requested or authorized. This may include delivering and operating the Digital Services and their features, personalization of certain Digital Service features, ensuring the secure and reliable operation of the Digital Services and the systems that support them, troubleshooting and improving the Digital Services, and other essential business operations that support the provision of the Digital Services (such as analyzing our performance, meeting our legal obligations, developing our workforce, and conducting research and development). We may use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law – for example, for communications about our products and services. See the Your Rights Regarding Your Personal Information section of the Privacy Policy and the How to Exercise Your Rights section below for more details on the controls and choices you may have.
Our Sharing of Consumer Health Data
We may share each of the categories of consumer health data described above for the purposes described in the Disclosure of Your Information section of the Privacy Policy. In particular, we may share personal data, including consumer health data, with your consent or as reasonably necessary to complete any transaction or provide any Digital Service you have requested or authorized, as described above. For example, we share your content with third parties when you tell us to do so. And we may disclose data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process.
Third Parties With Which We Share Consumer Health Data
As necessary for the purposes described above, we share consumer health data with the following categories of third parties:
Service providers. Vendors or agents (“processors”) working on our behalf may access consumer health data for the purposes described above. For example, companies we've hired to provide customer service support or assist in protecting and securing our systems and Digital Services may need access to data to provide those functions.
Business partners. We may share consumer health data with other companies, for example, where you use a Digital Service that is co-branded and jointly operated with another company, or where you use our Digital Services to interact with another company.
Financial institutions & payment processors. When you make a purchase or enter into a financial transaction, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
Parties to a corporate transaction. We may disclose consumer health data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
Affiliates. We enable access to data across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our Digital Services and operate our business.
Government agencies. As described in our Privacy Policy, we disclose data to law enforcement or other government agencies when we believe doing so is necessary to comply with applicable law or respond to valid legal process.
Other third parties. In certain circumstances, it may be necessary to provide data to other third parties, for example, to comply with the law or to protect our rights or those of our customers.
Sale or Sharing of Consumer Health Data
We do not sell consumer health data as defined by applicable state consumer health privacy laws. We do not share consumer health data for cross-context behavioral advertising or targeted advertising purposes.
How to Exercise Your Rights
If you are covered by the MHMDA, the NHDPA, or other applicable consumer health privacy law, then you may have certain rights with respect to consumer health data, including:
• Right to Access: You have the right to confirm whether we are collecting or sharing your consumer health data and to access such data.
• Right to Delete: You have the right to request deletion of your consumer health data, subject to certain exceptions
• Right to Withdraw Consent: Where we process consumer health data based on your consent, you have the right to withdraw that consent at any time.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your rights under applicable consumer health privacy laws.
You can request to exercise such rights using the contact methods described in the Contact Information section of our Privacy Policy. You can also access and manage some of your data through your account settings if you have created an account with us.
How We Respond to Requests: We will respond to your request within the timeframe required by applicable law (typically 45 days, with a possible extension). We may need to verify your identity before processing your request.
Appeals Process: If your request to exercise a right is denied, you may appeal that decision by contacting us at hello@genova-health.com. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with:
• The Washington State Attorney General at www.atg.wa.gov/file-complaint
• The Nevada State Attorney General at https://ag.nv.gov/complaints/file_complaint/
