Who we are
This privacy policy (“Privacy Policy”) sets forth how Impruvon, Inc. (“Impruvon,” “we,” “us” or “our”) collects, uses and protects any information that we may collect from you (the Subscriber, as defined in Impruvon’s Terms and Conditions (“Terms”)) or that you may provide when you use the Equipment, Services or Software (as defined in the Terms).
Consent
By subscribing to and accessing our Services, you agree that you:
- have read and understood this Privacy Policy, which describes how we use your information; and
- you consent to the use, storage and disclosure of your information by us in the manner described in this Privacy Policy.
Information Collected
We collect the following information for the purpose of providing you with the functionality of our app:
- Information provided directly to us when you enroll in our platform via web application, SMS notification system, through the Contact Us page of our Website, or when you email, write or call us (“Personal Information”);
- Personal Health Information (“PHI”) of individuals using our Equipment and applications to ensure adherence to medication dosing schedules, which you input directly into our systems using our Software;
- Non-Personal Information collected automatically as you utilize our Services, including information collected through cookies (or web beacons if applicable).
“Personal Information” means any data, whether used alone or when combined with other identifying information, which can be used to distinguish or trace your identity, such as your name or other personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call related data, inventory of other apps on the device, microphone, camera, location data and other sensitive device or usage data, company name, email, address or telephone number. Unless you or your organization provides it to us voluntarily, we do not collect Personal Information about you in connection with your use of our Services.
“PHI” means personal health information as defined under the Health Insurance Portability and Accountability Act and its implementing regulations.
“Non-Personal Information” means data that cannot be used on its own to trace or identify you. This includes your web browser type, domain name, referring site(s), date/time, and IP address from which you utilized our Services, as well as from your transactions with us and our affiliates or non-affiliated third parties. This “Non-Personal Information” is used to improve the operations, functionality, and appearance of our Services.
Please note that this Privacy Policy is in addition to, and does not limit, any protections afforded to your information pursuant to any separate contracts relating to confidentiality of information provided to us.
Cookies
Cookies are small data files that are stored on your computer by a web server when you utilize our Services. Cookies help us to deliver the best user experience possible. We use cookies for advertising, social media, and analytics purposes.
When you visit our Services, we may use cookies and similar technologies for the following purposes:
- to help us recognize you when you return to our Services (just a number without any Personal Information);
- to avoid requiring registration for access to content on the Services;
- to develop leads for our business development team and our business partners and to provide direct marketing communications to you if you have consented to receive such communications;
- to compile anonymous, aggregated statistics that allow us to understand how users interact with our Services; and
- to help us improve the structure and user experience of our Services.
Data Usage
We use your Personal Information only for the purpose for which it was submitted. For example, if you enroll in our SMS notification system, we will send text message notifications to the provided phone number. We may use Non-Personal Information to help diagnose problems with our server, and to administer our Services, for example, to:
- provide and improve the content and features of our Website and downloadable app for you;
- provide you with information about our Services and Equipment, solely at your election;
- provide you with expiration or renewal notices for your account;
- enforce our rights or carry out our obligations under this Privacy Policy or the Terms;
- notify you of any changes to this Privacy Policy or our Terms.
Personal Health Information
We will not use or disclose PHI other than for the purposes of providing our Services, or as required by law. We agree to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as specified above. We will take appropriate measures to mitigate, to the extent practicable, any harmful effect that is known to us as a result of a use or disclosure of PHI by us in violation of this Privacy Policy or that would otherwise cause a breach of unsecured PHI.
In the event of a breach of security of PHI under our control, we will:
- Report to you any breach of security of PHI of which we become aware within three calendar days of “discovery” within the meaning of the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”). Such notice shall include the identification of each individual whose “unsecured PHI” (as defined in HITECH) has been, or is reasonably believed by Impruvon, to have been, accessed, acquired, or disclosed in connection with such breach. In addition, Impruvon shall provide any additional information reasonably requested by you for purposes of investigating the breach and any other available information that you are required to provide under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Our notification of a breach of unsecured PHI under this Section will comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of the American Recovery and Reinvestment Act of 2009 (“ARRA”), the HIPAA rules, and related guidance issued by the U.S. Secretary of Health and Human Services (“Secretary”) from time to time.
- In the event of our use or disclosure of unsecured PHI in violation of HIPAA, HITEC, or ARRA, we bear the burden of demonstrating that notice as required under this was made, including evidence demonstrating the necessity of any delay, or that the use or disclosure did not constitute a breach of unsecured PHI.
- We agree, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any of its subcontractors that create, receive, maintain, or transmit PHI on behalf of Impruvon agree to the same restrictions, conditions, and requirements that apply to the us with respect to such information.
- We agree to make PHI available in a designated record set to you as necessary to satisfy your obligations under 45 C.F.R. § 164.524, and to comply with any individual’s request to restrict disclosure of his or her PHI in accordance with 45 C.F.R. § 164.522, except where such use, disclosure, or request is required or permitted under applicable law.
- We will charge fees for providing individuals access to their PHI in accordance with 45 C.F.R. § 164.524(c)(4).
- We agree that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. § 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a “limited data set” as defined in 45 C.F.R. § 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure.
- We agree to make any amendments to PHI in a designated record set as directed or agreed to by the you pursuant to 45 C.F.R. § 164.526, or to take other measures as necessary to satisfy your obligations under 45 C.F.R. § 164.526.
- We agree to maintain and make available the information required to provide an accounting of disclosures to the you or the individual owner of PHI, as the case may be, as necessary to satisfy your obligations under 45 C.F.R. § 164.528.
- We agree to make our internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and breach of any unsecured PHI received from you, or created or received by us on your behalf, available to you (or the Secretary) for the purpose of determining compliance with 45 C.F.R. Parts 160-164 (the “Privacy Rule”).
- To the extent we carry out one or more of your obligations under Subpart E of 45 C.F.R. Part 164, we agree to comply with the requirements of Subpart E that apply to you.
We agree to account for the following disclosures:
- Disclosures of PHI and breaches of unsecured PHI and any information relating to the disclosure of PHI and breach of unsecured PHI in a manner as would be required for you to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and breaches of unsecured PHI.
- Information collected in accordance with this Section, to permit you to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and breaches of unsecured PHI.
- Any disclosure of PHI used or maintained as an electronic health record in a manner consistent with 45 C.F.R. § 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of such records by us made on your behalf only during the three years prior to the date on which the accounting is requested.
We shall comply with the HIPAA Security Rule according to the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Part 160 and Subparts A and C of Part 164, as amended by ARRA and the HITECH Act.
Data Retention
We will retain your Personal Information only for as long as necessary to fulfill the purpose of collection. We may retain your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will establish and maintain commercially reasonable safeguards against the destruction, loss or alteration of Personal Information in our possession that are no less rigorous than those in effect for our operations.
We may also retain Non-Personal Information for internal analysis purposes. Non-Personal Information will be disposed of and/or destroyed in accordance with industry best practices when no longer needed.
Links to Third Party Sites
The Services include links to other Third Party web sites including access to content, products and services of such affiliated and non-affiliated entities. If you choose to use these provided links, you may be taken to a Third Party’s website. This Privacy Policy does not bind any Third Party and we urge you to familiarize yourself with the individual privacy policy and other terms for each linked site prior to submitting your information to such sites.
Disclosure of Information to Third-Parties
We may share Non-Personal Information with our affiliates or third parties who have agreed to provide at least the same protections as this Privacy Policy. We make every reasonable effort to preserve user privacy, including anonymizing user data. We reserve the right to disclose Personal Information when required or permitted by law and we have a good-faith belief that such action is necessary to comply with an appropriate law enforcement investigation, current judicial proceeding, court order, or legal process served on us.
Chat Service
Our platform includes a live chat service that enables you to communicate with us as well as other users of our platform. You hereby acknowledge that any content that you post when using the chat service will be visible to those other users with whom you are communicating, and we are not responsible for maintaining your privacy with respect to those messages.
Effect of Changes
We will alert you to material changes to this Privacy Policy via the conspicuous posting of the new or modified Privacy Policy on any websites or apps utilized for our Services or by email (if you have provided one). Any modifications will be effective as of the Last Updated Date. You should review the Privacy Policy periodically for updates, including prior to the disclosure of any Personal Information.
Last Updated September 1, 2023