Last Updated September 4, 2017
These Terms of Service (the “Terms”) govern your use of the software application entitled “Orderly” across all platforms on which it is available (the “App” or “Product”) and your use of the website available at www.orderlyhealth.com (the “Site”). The App and Site are provided by Orderly Health, Inc. (“we”, “us”, or “Orderly”).
When you visit our Site, use the App, or register for an account on our Platform (“Account”), you or your designees (which may include without limitation any Medical Service Providers you authorize us to contact) may provide us one or more of the following types of information: personal information (“PII”), insurance information, personal health information (“PHI”), and indirect, non-personally identifiable usage information (“Usage Data”).
If you access our service through a third-party connection or log-in, for example, through Facebook Connect, by linking your account to the Orderly service, that third party may pass certain information about your use of its service to Orderly. This information could include, but is not limited to, the user ID associated with your account, an access token necessary to access that service, any information that you permitted the third party to share with us, and any information you made public in connection with that service.
PII is necessary for several reasons. First, the Platform enables you to manage some forms of coverage and benefits information as well as limited historical medical information, which is provided by you, the user, at your discretion or by your insurance provider as a part of your agreement to use the Orderly Services.
We are able to collect and store the following types of PHI:
We collect the following types of PII:
You may choose not to provide your PII; however creating an Account is a prerequisite for using the full functions of the Platform.
PHI is entitled to special protections under the law, including HIPAA. Orderly makes the Notice of Privacy Practices Concerning Your Personal Health Information available in accordance with the HIPAA Privacy Rule (a federal regulation officially known as the Standards for the Privacy of Individually Identifiable Health Information). The HIPAA Privacy Rule is distinct from Orderly’s Notice of Privacy Practices Concerning Your Personal Health Information, which describes in detail your rights and Orderly’s obligations with respect to individually identifiable PHI that Orderly may receive both online and offline. PHI is health information, including demographic information collected from an individual, and: (a) is created or received by Medical Service Provider; and (b) relates to the past, present or future physical or mental health or condition of an individual, the provision of healthcare to an individual, or the past, present or future payment for the provision of healthcare to an individual, and (i) identifies the individual, or (ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual. Together, this Policy and the Notice of Privacy Practices Concerning Your Personal Health Information describe how Orderly uses your individually identifiable personal information and health information (identified therein as personal health information).
Payment Information. Orderly does not collect, access, view, or process your full credit card or debit card information. Rather the Payment Data we collect is stored with and protected by a third party payment processing company called Stripe, which manages payment data and provides the user with authorization to pay Orderly for Services. Orderly may display hash-truncated payment card numbers (the last four digits) to enable you to identify which payment account was used to pay for Services. We use secure, industry-standard encryption technologies to protect your Payment Data; but we never have access to your un-truncated Payment Data.
Usage Data. In order to maintain and improve our services, we may collect non-personally identifiable Usage Data about how you use the Platform. This information is collected by automated means including by using certain standard web measurement and tracking technologies such as “cookies,” web server logs, or other statistics programs.
Your browser may have an option that allows you to accept cookies, reject cookies, or receive notification when a cookie is sent, but you should note that the use of such restrictive browser settings may limit your use of this Site or the Platform.
You may also be able to disable placement of some (but not all) cookies by setting your browser to decline cookies, though this may worsen your user experience. If you delete your browser cookies, your opt-out cookie will also be deleted. Additionally, if you change computers or web browsers, you will need to opt out again. A useful resource for information about deleting and controlling cookies can be found at AboutCookies.org.
If you enable location data for the mobile device on which you access the App, you are expressly agreeing that we may use your location data to provide our services. You may disable location services at any time in your “settings.”
We do not respond to browser-based "do not track" signals and do not have any third parties on our Site who keep track of your browsing activities over time and across different websites.
Finally, we will de-identify your PHI and PII to make it anonymous and use it in an aggregate form, either alone or in combination with Usage Data to create reports about trends or analyses of treatments, disorders, or conditions, demographic information, and performance information about our Services. This type of information is referred to as “Aggregate Data” and has been de-identified in compliance with the U.S. Department of Health and Human Services’ Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and does not identify you personally. We own all right and interest in the Aggregate Data and reserve the right to share Aggregate Data with third parties, including without limitation for marketing purposes or to publish Aggregate Data in white papers, publications, or reports.
We use the information we collect in a several different ways for a variety of purposes, including:
We may disclose your PII for permitted business purposes with our preferred service providers, business partners and others, consistent with applicable law. However, if your consent is required by law, or we believe that your consent is appropriate in the circumstances, we will obtain your consent before sharing your PII. When we share your PII with business partners, our agreements with these partners will limit the purposes for which your PII can be used. We will not sell or rent your PII to third parties for their own purposes.
We will only disclose your PHI to you via your Account. We are not a business associate of any Medical Service Provider. We only disclose and share your PHI under the circumstances described in our Notice of Privacy Practices Concerning Your Personal Health Information.
We may also share your PII with our preferred service providers, consultants or related third parties, in order to provide you with the products and services you request. The service providers to whom we disclose your PII are obliged to use such personal information only to provide services to us, and are not authorized by us to use or disclose your personal information except as necessary to perform services on our behalf, as specifically authorized by us or you, or to comply with legal requirements.
We also may share information where required by law.
Orderly expressly reserves the right to transfer any and all such information including, without limitation, Healthcare Data, Usage Data, PII, and PHI, to a successor in interest of Orderly that acquires rights to that information as a result of merger, acquisition, or the sale of Orderly or the acquisition of all or substantially all of its assets.
Orderly uses good faith physical, managerial and technical safeguards to preserve the integrity and security of User personal information. Orderly attempts to restrict access to PII and PHI to those employees, agents, contractors and representative who need access to perform their job functions, such as customer service personnel and technical staff. Orderly cannot, however, ensure or warrant the security of any information transmitted to Orderly; users do so at their own risk. Unauthorized entry or use, hardware or software failure and other factors may compromise the security of your information at any time. For any additional information about the security measures Orderly uses, please contact Orderly at email@example.com.
This Site is not intended for children. We do not knowingly collect or solicit personal information from or communicate with children under the age of eighteen (18) via the Site. In certain circumstances, you may be a parent or legal guardian of a person under eighteen (18) years of age and provide PII and consent to collect PHI, Healthcare Data, and Usage Data for such person. In all such cases, the parent or legal guardian is required to set up and be the owner of the Account and is solely responsible for monitoring all activity on such Account and for all PII and PHI collected via such Account. The parent or legal guardian may review, edit, or remove any PII or PHI contained in such Account. YOU MAY NOT ESTABLISH AN ACCOUNT IF YOU ARE UNDER THE AGE OF EIGHTEEN (18) YEARS OF AGE EXCEPT AS DESCRIBED IN THIS SECTION.
The servers from which we provide the Platform and Site, and to which all Payment Data,Expense Data, PII, and PHI are sent, are located in the United States. If you are physically located within the European Union, Asia, or any other region with laws or regulations governing personal data collection, use, and disclosure that differ from United States laws, please be advised that you are transferring your Healthcare Data, Usage Data, PII, and PHI to the United States and you consent to such transfer and the application of the laws of the United States and/or the State of Colorado with respect to any dispute arising from or related to such transfer.
WE ADHERE TO AND HAVE CERTIFIED OUR COMPLIANCE WITH THE SAFEHARBOR PRIVACY PRINCIPLES, INCLUDING NOTICE, CHOICE, ONWARD TRANSFER, SECURITY, DATA INTEGRITY, ACCESS, AND ENFORCEMENT, OF THE UNITED STATES/EUROPEAN UNION DATA PROTECTION SAFE HARBOR FRAMEWORK AND THE UNITED STATES/SWITZERLAND DATA PROTECTION SAFE HARBOR FRAMEWORK, BOTH OF WHICH ARE MADE AVAILABLE BY THE U.S. DEPARTMENT OF COMMERCE AT HTTP://WWW.EXPORT.GOV/SAFEHARBOR. OUR CERTIFICATION CAN ALSO BE VIEWED ATHTTP://WWW.EXPORT.GOV/SAFEHARBOR.
If you believe that we have not adhered to this Policy, please contact us by e-mail at firstname.lastname@example.org. We will do our best to address your concerns. If you feel that your complaint has been addressed incompletely, we invite you to let us know for further investigation. If you and we are unable to reach a resolution to the dispute, we and you will settle the dispute exclusively under the pursuant to JAMS Comprehensive Rules or International Rules of JAMS International (for more information, visit www.jamsinternational.com/rules-procedures/safeharbor).
To edit or delete any information contained in your Account, please login and update your profile. To unsubscribe from an email or other messaging, please follow the instructions in any email or messages you receive. Please note that even if you delete information it may remain on our servers.
We offer you choices regarding the collection, use, and sharing of your information. We will periodically send you free newsletters and e-mails that directly promote the use of our site or services and may contain advertisements for third party companies. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information below). Should you decide to opt-out of receiving future mailings, we may share your e-mail address with third parties to ensure that you do not receive further communications from third parties. Despite your indicated e-mail preferences, we may send you emails related to your account or transactions thereunder, or notices of any updates to our Terms or this Policy.
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternatively, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information sharing. We have such a policy in place. You may opt-out of information sharing by emailing us at email@example.com. In addition, if you wish to find out about any rights you may have under California Civil Code section 1798.83, you may notify us in writing at firstname.lastname@example.org.
In addition to this Policy, your access to and use of the App, the Platform, or the Site is subject to our Terms of Service, including the disclaimer that Orderly does not provide medical advice or clinical information except through third party services, and any such advice is to be taken at the user’s own risk.