PRIVACY POLICY

Health Innovators Inc., d/b/a DayToDay Health, having a place of business as follow:

United States 🇺🇸

India 🇮🇳

131 Dartmouth Street, 3rd Floor (DayToDay),
Boston, Massachusetts, 02116

Bengaluru, Karnataka – 560025, India


(also referred to as "Company", “our”, “us” or "we") operates an online platform in the name and style of “DayToDay Health” that enables its partner Health Care Providers to connect with their Patients.

Your privacy is very important to us. This Privacy Policy covers: (i) the types of information collected from the users through DayToDay Health including sensitive personal data or information; (ii) the purpose, means and modes of usage of such information; (iii) your rights as a user of DayToDay Health; and (iv) how and to whom such information which has been collected will be disclosed.

For the purpose of this Privacy Policy, wherever the context so requires "you", “your” or “user” shall mean any natural person who uses DayToDay Health.


Additional terms related to data privacy laws in certain countries:

‍For the purposes of interpreting data privacy laws and regulations in certain countries (including the European Union General Data Protection Regulation or “GDPR”, and the United Kingdom 2018 Data Protection Act), we are considered to be a “data processor” of the Personal Information that is collected and processed through DayToDay Health. We process your personal data on behalf of your Health Care Provider, who is the “data controller” of that Personal Information. We provide more information in the section titled “Information for Users Located in the European Union or United Kingdom”, about how we protect the rights granted to you under these laws, and how you can exercise those rights. 

To the extent allowed by law, we reserve the right to make changes to this Privacy Policy at any time. Any such modifications will become effective immediately upon posting on DayToDay Health and your continued use of DayToDay Health and/or the Services (as defined in the Terms of Use) constitutes your agreement to such modifications. You agree to periodically review the current version of the Privacy Policy as posted on DayToDay Health. If you do not agree with the terms of this Privacy Policy, please do not use DayToDay Health and/or the Services.

Additional information related to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)

In the event that your Health Care Provider is located in the United States, it is possible that some of the information that we collect about you on your Health Care Provider’s behalf is considered “Protected Health Information” or “PHI”, according to the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”, a US federal law that governs the privacy of certain health care information.

We operate as a “business associate” of your Health Care Provider, who may be a “covered entity” under HIPAA. This means that how we collect, use, and disclose PHI about you is governed by a written “business associate agreement” between us and your Health Care Provider. However generally, we handle PHI according to the terms of this privacy policy wherever possible.

Our business associate agreement, and the designation of some of your personal information as “PHI”, may limit our ability to respond to certain requests that you make about your personal information, or may require us to forward those requests to your Health Care Provider for follow-up. In any case, we will respond to any inquiry you make to us regarding your PHI, according to HIPAA requirements.
‍

INFORMATION THAT WE COLLECT

Information that is collected as you use DayToDay Health is summarized in the following table:

Collected from
Type of information
When it is collected
You
Your Health-Care Provider
Automated Means
Personal Information
Collected from you at registration or provided to us by your health care provider.
Yes
Yes
No
Sensitive Personal Information 
When you submit any information in our app; collected from you when a Care team member schedules a phone conference with you
Yes
Yes
No
Chat messages
‍
When you use the chat functionality in our app.
Yes
Yes
No
Data collection on our website
‍
When you visit the DayToDay Health Website
Yes
No
Yes
Activity Information
‍
When you access or use DayToDay Health.
No
No
Yes



Your Personal Information: When you sign up and register with us through DayToDay Health, we ask you for your Personal Information. “Personal Information” means information that would allow someone to identify or contact you, such as your first and last name, date of birth, e-mail address, and phone number. Further, we may ask for the name and contact details of the patient’s caregiver, if and when required. However, Personal Information does not include aggregated information that, by itself, does not permit the identification of individual persons and does not include Activity Information (defined below).

Your Sensitive Personal Information: In order for your Health Care Provider to provide you the Services on DayToDay Health, we collect the following sensitive personal information: (a) details such as your patient ID, Health Care Provider Name, name and type of scheduled surgical procedure, date of procedure, date of discharge, prescribed medications; (b) in the event you use any of our connected devices, we also collect and store details such as your blood pressure levels, glucose levels, BMI and other vital signs (“Sensitive Personal Information”). This information can be collected from the application or from our Care Team’s direct interactions with you in-person and via phone.

One special category of Sensitive Personal Information are chat messages. Chat messages are generated by you and your Health Care Provider when you use DayToDay Health’s chat functionality. We chose to specifically highlight chat messages in this Privacy Policy, because we use a compliant third-party messaging platform to process and deliver those messages.

Cookie Policy: When you use DayToDay Health through a web browser, our servers may automatically record certain information that your device sends (“Activity Information”). Cookies are required for DayToDay Health to function properly in a web browser.

We may occasionally update this Cookie Policy to reflect changes in our practices and services. When we bring changes to this Cookie Policy, the same shall be updated on DayToDay Health. We, therefore recommend that you check this page from time to time to inform yourself of any changes in this Cookie Policy.

Visitor Analytics: When visiting the DayToDay Health website we collect statistics like pages visited, repeat visits, forms filled/not filled. This information will be also used to automate emails for various signals and uses of the third-party CRM services Hubspot.


When You Visit our Websites
"Personal Information"

HOW WE USE THE INFORMATION

We will use your name and patient ID number to synchronize your user account with your registered account/records of your Health Care Provider.

We use your name to customize messaging in the service.

Your date of birth is collected and will be used to support 2 (Two) factor authentication to verify your identity. We also use your date of birth to ensure that we are complying with laws protecting children in the countries where we offer our app for download. We do not knowingly collect or maintain personally identifiable information from persons under 13 years of age without verifiable parental consent, and no part of our website or mobile app is directed at persons under 13. If you are under 13 years of age, then do not use the website or mobile app. If we learn that we have collected personally identifiable information of persons under 13 years of age without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, please contact us at privacy@daytoday.health.

Your email address and Phone Number will be used to communicate the following:

  1. a one-time registration code and instructions for registering your account;
  2. Care Team phone appointment conversations to discuss any portion of your care plan or the information you have submitted within the application;
  3. any forgotten password(s) to help you access your User Account, upon a request; and
  4. any other communication in relation to the Services made available on DayToDay Health.

Details of your vital signs such as weight, blood pressure, BMI, glucose levels, and others, will be used solely to update your medical records and enable your Health Care Provider to provide you the Services on DayToDay Health.

To improve the quality of DayToDay Health and/or the Services we may ask you to provide us with information regarding your experiences on Day to Day on a periodic basis. Patients do not have to provide this information;

We will use the information that we collect for the following purposes:

  1. To track your usage of the Services;
  2. To improve the quality, features and functionality of the Services;
  3. To improve the security of the Services;
  4. To back up our systems and allow for disaster recovery; and
  5. As may be necessary to enforce the terms of this Policy or your Terms of Use.
  6. To contact you about suitable research opportunities, before considering whether you consent to take part in a specific study.

INFORMATION FOR USERS LOCATED IN THE EUROPEAN UNION OR UNITED KINGDOM

Individuals who reside in the European Union (“EU”) or the United Kingdom (“UK”) have “data subject” rights which may be subject to limitations and/or restrictions. You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email at privacy@daytoday.health.

If you do not live in a country where you are legally entitled to these rights, we will still respect a request from you to exercise any of these rights to the extent that we are able.

LEGAL BASIS FOR PROCESSING PERSONAL DATA
‍

We process personal data based on one or more of the following:

YOUR PRIVACY RIGHTS AND HOW TO CONTACT US 

Users of DayToDay Health are “data subjects” under applicable data protection laws (including the European Union General Data Protection Regulation or “GDPR” and the United Kingdom 2018 Data Protection Act). You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email at privacy@daytoday.health.

This section discusses what those rights are, and what you may request from us. As discussed elsewhere in this Privacy Policy, we are a “data processor” of your Healthcare Provider (who is the “data controller” of your Personal Information and Sensitive Personal Information). As such, we may have a limited ability to respond to your requests directly. However, if we are unable to act on your request ourselves, we will let you know, and promptly forward your request to your Health Care Provider.

Right to access your information – Information that you provide, and information that we derive from what you provide (such as answers to questionnaires or chat messages between you and your Health Care Provider) are generally available for you to view. However, you may also ask us to provide supplementary information about:

  • Information about you stored in our databases that is not visible to you through our app
  • The categories of data that we are processing
  • The purposes of data processing
  • The categories of third-parties who we disclose data to
  • How long we will store data, and the criteria that we use to determine how long data will be stored
  • Your other rights regarding our use of data

We will provide you with the information that you have requested within 30 days of receiving your request. If providing you with any piece of information that you have requested would affect the rights and freedoms of another person, we won’t be able to provide that piece of information. If we can’t provide a complete response to your request for information based on that reason, we will inform you. We will still provide you with all the other information that you have requested that we are able to share.

Right to correct your information – In the event that you provide, or that we collect any inaccurate information about you, we will forward your request to your Health Care Provider. If you have a concern about the accuracy of your information, you also have a right to ask us to temporarily restrict the processing of your Personal Information, while its accuracy is verified. To ask us to restrict processing, you may contact our privacy team at privacy@daytoday.health.

Right to object to certain kinds of data processing - In certain circumstances, such as if you believe your Personal Information has been recorded inaccurately, you may object to us processing your data, either temporarily, or for those purposes. To object to processing, you can contact our privacy team at privacy@daytoday.health. While we evaluate your objection, you may also ask us to temporarily restrict processing of your data. DayToDay Health does not use any personal data that we collect, either from you or from your healthcare provider, for marketing purposes.

Right to your data in a portable format – With agreement from, and at the direction of, your Healthcare Provider, we will give you an extract of your data so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not provide any information that involves disclosing data about any other individual.

Right to erasure - You can contact our privacy team at privacy@daytoday.health to request erasure of any Personal Information that we hold about you. You understand that because your personal data has been collected for health care purposes on behalf of your health care provider, we will likely need to forward any such request to your health care provider for review and approval before we can act on a request to erase data.

Right to lodge a complaint – If you have any concerns about how we are handling your Personal Information, you have a right to file a complaint with the data protection authority, or other relevant regulator, in your country. However, we are dedicated to protecting your personal data and we want to make sure you feel safe when we process it, and if you have any concerns about how we are processing your Personal Information, we would appreciate the opportunity to resolve the issue before you contact the data protection authority. You can contact our privacy team at privacy@daytoday.health.

Right to withdraw your consent – At any point, you may contact us to withdraw your consent for us to collect or process your Personal Information. Because we process your Personal Information on behalf of your Health Care Provider, we will forward any such request to your Health Care Provider for review. Withdrawing your consent will require us to delete your account and suspend your access to our app.

DISCLOSURE OF THE INFORMATION

We do not sell, trade, or rent your Personal Information or your Sensitive Personal Information to any third party, and we only disclose your Personal Information and your Sensitive Personal Information to third parties as described in the section “Third Party Service Providers”. However, we cannot completely ensure that such information will not be disclosed to third parties. For example, we may be legally obliged to disclose information to the government or third parties under certain circumstances, third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications, or an error may occur in the administration of DayToDay Health. In the unlikely event that we need to investigate or resolve possible problems or inquiries, we may, and you authorize us to, disclose any information about you to government officials as permitted by applicable law.

We reserve the right to disclose any Personal Information and/or Sensitive Personal Information as required by applicable law and when we believe, at our sole discretion that disclosure is necessary to protect our rights, protect someone from injury and/or to comply with a judicial proceeding, court order, or legal process served on DayToDay Health, with your written consent, to enforce our privacy policy, in emergency situations, to protect against misuse or unauthorized use of our website, to detect or prevent criminal activity of fraud.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, Personal Information and Sensitive Personal Information will be transferred to the new entity to continue providing DayToDay Health.

INFORMATION RETENTION

Once we receive a request to deactivate your User Account, we will forward that request to your Health Care Provider for processing. Once complete, we will deactivate your User Account. We will destroy your Personal Information and Sensitive Personal Information, if we are able to do so, however, because that information may be a part of your medical record, we may be required by your Health Care Provider to maintain certain information indefinitely for their purposes. Data that was already de-identified and/or aggregated at the time that we received your request will not be deleted, however we will render it impossible to re-identify you as the subject of that data.

We keep database backups of your Personal Information and Sensitive Personal Information for the purposes of recovering from an outage. On deactivation of your User Account, those backup records will be deleted after 7 (Seven) days from the date of deactivation of your User Account.


THIRD PARTY SERVICE PROVIDERS

You acknowledge that your personal information and/or sensitive personal information may be shared with our third party service providers for monitoring your DayToDay Health usage patterns, enabling your chat/text/message communications through DayToDay Health. Some of these third parties may be located outside of your home country. We will ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfers.

We share information with these third parties to the minimum extent necessary for the functioning of our app. Any time we share data, it is done according to the safeguards and practices described in this Privacy Policy.

This table lists the types of activity information we use service providers for, where they process the data that they receive and why they need it:

Activity
‍
Purpose
‍
User Location
‍
Place of Processing
‍
Application or Website Hosting
We work with third-party cloud hosting providers to host our app and our website, and to help us manage our cloud infrastructure in a secure and compliant manner.
Global (other than the UK or EU)
‍
United States
‍
‍
UK or EU
‍
UK & Germany
‍
Chat Functionality
We work with a compliant, third-party chat platform provider to enable DayToDay Health’s chat functionality
Global (other than the UK or EU)
‍
United States
‍
‍
UK or EU
‍
UK & Germany
‍
Phone Functionality
We work with a compliant, third-party phone platform provider (Knowlarity) to enable the ability for our Care Team to have phone conversations with their assigned patients
Global (other than the UK or EU)
‍
India
UK or EU
Visitor Analytics
We work with third-party website analytics (Hubspot) to enable the ability to track pages visited, repeat visits, forms filled/not filled, and the user journey when visiting DayToDay Health websites.
Global (other than the UK or EU)

United States

‍

SECURITY PROCEDURES

We follow cloud and healthcare industry best practices to implement technical safeguards to protect your personal data, consistent with all applicable data protection laws. We review the effectiveness of these safeguards on a regular basis to evaluate our compliance with applicable laws and regulations. We take these precautions in an effort to protect your personal data. However, we do not guarantee that personal data may not be accessed, disclosed, altered, or destroyed as a result of a security breach. By using our app, you understand the risks of providing your personal data.

In the event of a security breach, we commit to complying with all local, state and national laws to notify you and any relevant data protection authorities, to the extent required under applicable laws.


PRIVACY TEAM

The contact details of our privacy team are provided below:

For the purposes of the European Union, North American  and South American 

E-mail Address: privacy@daytoday.health

Postal Address: 131 Dartmouth Street,  3rd Floor, Boston, Massachusetts, 02116

‍

For the purposes of Asia

*DTDHI
E-mail Address: privacy@daytoday.health

Postal Address: Bengaluru, Karnataka – 560025, India

‍

‍

‍

‍