Health Innovators Inc., d/b/a DayToDay Health, having a place of business as follow:
United States 🇺🇸
131 Dartmouth Street, 3rd Floor (DayToDay),
Boston, Massachusetts, 02116
Bengaluru, Karnataka – 560025, India
(also referred to as "Company", “our”, “us” or "we") operates an online platform in the name and style of “DayToDay Health” that enables its partner Health Care Providers to connect with their Patients.
Additional terms related to data privacy laws in certain countries:
For the purposes of interpreting data privacy laws and regulations in certain countries (including the European Union General Data Protection Regulation or “GDPR”, and the United Kingdom 2018 Data Protection Act), we are considered to be a “data processor” of the Personal Information that is collected and processed through DayToDay Health. We process your personal data on behalf of your Health Care Provider, who is the “data controller” of that Personal Information. We provide more information in the section titled “Information for Users Located in the European Union or United Kingdom”, about how we protect the rights granted to you under these laws, and how you can exercise those rights.
Additional information related to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)
In the event that your Health Care Provider is located in the United States, it is possible that some of the information that we collect about you on your Health Care Provider’s behalf is considered “Protected Health Information” or “PHI”, according to the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”, a US federal law that governs the privacy of certain health care information.
Our business associate agreement, and the designation of some of your personal information as “PHI”, may limit our ability to respond to certain requests that you make about your personal information, or may require us to forward those requests to your Health Care Provider for follow-up. In any case, we will respond to any inquiry you make to us regarding your PHI, according to HIPAA requirements.
Information that is collected as you use DayToDay Health is summarized in the following table:
Your Personal Information: When you sign up and register with us through DayToDay Health, we ask you for your Personal Information. “Personal Information” means information that would allow someone to identify or contact you, such as your first and last name, date of birth, e-mail address, and phone number. Further, we may ask for the name and contact details of the patient’s caregiver, if and when required. However, Personal Information does not include aggregated information that, by itself, does not permit the identification of individual persons and does not include Activity Information (defined below).
Your Sensitive Personal Information: In order for your Health Care Provider to provide you the Services on DayToDay Health, we collect the following sensitive personal information: (a) details such as your patient ID, Health Care Provider Name, name and type of scheduled surgical procedure, date of procedure, date of discharge, prescribed medications; (b) in the event you use any of our connected devices, we also collect and store details such as your blood pressure levels, glucose levels, BMI and other vital signs (“Sensitive Personal Information”). This information can be collected from the application or from our Care Team’s direct interactions with you in-person and via phone.
Visitor Analytics: When visiting the DayToDay Health website we collect statistics like pages visited, repeat visits, forms filled/not filled. This information will be also used to automate emails for various signals and uses of the third-party CRM services Hubspot.
We will use your name and patient ID number to synchronize your user account with your registered account/records of your Health Care Provider.
We use your name to customize messaging in the service.
Your date of birth is collected and will be used to support 2 (Two) factor authentication to verify your identity. We also use your date of birth to ensure that we are complying with laws protecting children in the countries where we offer our app for download. We do not knowingly collect or maintain personally identifiable information from persons under 13 years of age without verifiable parental consent, and no part of our website or mobile app is directed at persons under 13. If you are under 13 years of age, then do not use the website or mobile app. If we learn that we have collected personally identifiable information of persons under 13 years of age without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, please contact us at email@example.com.
Your email address and Phone Number will be used to communicate the following:
Details of your vital signs such as weight, blood pressure, BMI, glucose levels, and others, will be used solely to update your medical records and enable your Health Care Provider to provide you the Services on DayToDay Health.
To improve the quality of DayToDay Health and/or the Services we may ask you to provide us with information regarding your experiences on Day to Day on a periodic basis. Patients do not have to provide this information;
We will use the information that we collect for the following purposes:
Individuals who reside in the European Union (“EU”) or the United Kingdom (“UK”) have “data subject” rights which may be subject to limitations and/or restrictions. You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email at firstname.lastname@example.org.
If you do not live in a country where you are legally entitled to these rights, we will still respect a request from you to exercise any of these rights to the extent that we are able.
We process personal data based on one or more of the following:
Users of DayToDay Health are “data subjects” under applicable data protection laws (including the European Union General Data Protection Regulation or “GDPR” and the United Kingdom 2018 Data Protection Act). You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email at email@example.com.
Right to access your information – Information that you provide, and information that we derive from what you provide (such as answers to questionnaires or chat messages between you and your Health Care Provider) are generally available for you to view. However, you may also ask us to provide supplementary information about:
We will provide you with the information that you have requested within 30 days of receiving your request. If providing you with any piece of information that you have requested would affect the rights and freedoms of another person, we won’t be able to provide that piece of information. If we can’t provide a complete response to your request for information based on that reason, we will inform you. We will still provide you with all the other information that you have requested that we are able to share.
Right to correct your information – In the event that you provide, or that we collect any inaccurate information about you, we will forward your request to your Health Care Provider. If you have a concern about the accuracy of your information, you also have a right to ask us to temporarily restrict the processing of your Personal Information, while its accuracy is verified. To ask us to restrict processing, you may contact our privacy team at firstname.lastname@example.org.
Right to object to certain kinds of data processing - In certain circumstances, such as if you believe your Personal Information has been recorded inaccurately, you may object to us processing your data, either temporarily, or for those purposes. To object to processing, you can contact our privacy team at email@example.com. While we evaluate your objection, you may also ask us to temporarily restrict processing of your data. DayToDay Health does not use any personal data that we collect, either from you or from your healthcare provider, for marketing purposes.
Right to your data in a portable format – With agreement from, and at the direction of, your Healthcare Provider, we will give you an extract of your data so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not provide any information that involves disclosing data about any other individual.
Right to erasure - You can contact our privacy team at firstname.lastname@example.org to request erasure of any Personal Information that we hold about you. You understand that because your personal data has been collected for health care purposes on behalf of your health care provider, we will likely need to forward any such request to your health care provider for review and approval before we can act on a request to erase data.
Right to lodge a complaint – If you have any concerns about how we are handling your Personal Information, you have a right to file a complaint with the data protection authority, or other relevant regulator, in your country. However, we are dedicated to protecting your personal data and we want to make sure you feel safe when we process it, and if you have any concerns about how we are processing your Personal Information, we would appreciate the opportunity to resolve the issue before you contact the data protection authority. You can contact our privacy team at email@example.com.
Right to withdraw your consent – At any point, you may contact us to withdraw your consent for us to collect or process your Personal Information. Because we process your Personal Information on behalf of your Health Care Provider, we will forward any such request to your Health Care Provider for review. Withdrawing your consent will require us to delete your account and suspend your access to our app.
We do not sell, trade, or rent your Personal Information or your Sensitive Personal Information to any third party, and we only disclose your Personal Information and your Sensitive Personal Information to third parties as described in the section “Third Party Service Providers”. However, we cannot completely ensure that such information will not be disclosed to third parties. For example, we may be legally obliged to disclose information to the government or third parties under certain circumstances, third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications, or an error may occur in the administration of DayToDay Health. In the unlikely event that we need to investigate or resolve possible problems or inquiries, we may, and you authorize us to, disclose any information about you to government officials as permitted by applicable law.
If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, Personal Information and Sensitive Personal Information will be transferred to the new entity to continue providing DayToDay Health.
Once we receive a request to deactivate your User Account, we will forward that request to your Health Care Provider for processing. Once complete, we will deactivate your User Account. We will destroy your Personal Information and Sensitive Personal Information, if we are able to do so, however, because that information may be a part of your medical record, we may be required by your Health Care Provider to maintain certain information indefinitely for their purposes. Data that was already de-identified and/or aggregated at the time that we received your request will not be deleted, however we will render it impossible to re-identify you as the subject of that data.
We keep database backups of your Personal Information and Sensitive Personal Information for the purposes of recovering from an outage. On deactivation of your User Account, those backup records will be deleted after 7 (Seven) days from the date of deactivation of your User Account.
You acknowledge that your personal information and/or sensitive personal information may be shared with our third party service providers for monitoring your DayToDay Health usage patterns, enabling your chat/text/message communications through DayToDay Health. Some of these third parties may be located outside of your home country. We will ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfers.
This table lists the types of activity information we use service providers for, where they process the data that they receive and why they need it:
We follow cloud and healthcare industry best practices to implement technical safeguards to protect your personal data, consistent with all applicable data protection laws. We review the effectiveness of these safeguards on a regular basis to evaluate our compliance with applicable laws and regulations. We take these precautions in an effort to protect your personal data. However, we do not guarantee that personal data may not be accessed, disclosed, altered, or destroyed as a result of a security breach. By using our app, you understand the risks of providing your personal data.
In the event of a security breach, we commit to complying with all local, state and national laws to notify you and any relevant data protection authorities, to the extent required under applicable laws.
The contact details of our privacy team are provided below:
For the purposes of the European Union, North American and South American
E-mail Address: firstname.lastname@example.org
Postal Address: 131 Dartmouth Street, 3rd Floor, Boston, Massachusetts, 02116
For the purposes of Asia
E-mail Address: email@example.com
Postal Address: Bengaluru, Karnataka – 560025, India