Last updated September 20, 2023
Thank you for choosing to be part of our community at Rlin, LLC, doing business as Brightway Health (“Brightway Health”, “Brightway”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at firstname.lastname@example.org.
When you use our mobile application, as the case may be (the "App") and more generally, use any of our services (the "Services", which include the App), we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.
This privacy notice applies to all information collected through our Services (which, as described above, includes our App), as well as any related services, sales, marketing or events.
Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.
Table of Contents
1. What information do we collect?
Personal information you disclose to us
We collect personal information that your medical provider provides to us when they create an account for you, or that you voluntarily provide to us when you update your account, express an interest in obtaining information about us or our products and Services, when you participate in activities on the App, or otherwise when you contact us.
The personal information that we collect depends on the context of your interactions with us and the App, the choices you make and the products and features you use. The personal information we collect may include the following:
Personal Information. We collect names; phone numbers; email addresses; date of birth; contact preferences; contact or authentication data; profile pictures; passwords; and other similar information.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Google or other social media account. If you choose to register in this way, we will collect the information described in the section called "How do we handle your social logins" below.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
We automatically collect certain information when you visit, use or navigate the App. Unless you log in, this information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about when you use our App and other technical information. This information is primarily needed to maintain the security and operation of our App, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic usage and performance information our servers automatically collect when you access or use our App and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the App (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).
Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access the App. Depending on the device used, this device data may include information such as your IP address (or proxy server), device application identification numbers, location, browser type, hardware model Internet service provider and/or mobile carrier, operating system configuration information.
Location Data. We collect information data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type of settings of the device you use to access the App. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Locations settings on your device. Note however, if you choose to opt out, you may not be able to use certain aspects of the Services.
Information collected through our App
If you use our App, we also collect the following information:
Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's reminders, camera, microphone and other features. If you wish to change our access or permissions, you may do so in the app or your device's settings.
Push Notifications. We may request to send you push notifications regarding your account or certain features of the App. If you wish to opt-out from receiving these types of communications, you may turn them off in the app or in your device's settings.
This information is primarily needed to maintain the security and operation of our App, for troubleshooting and for our internal analytics and reporting purposes.
Information collected from other sources
In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g. Facebook or Twitter), we receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your social media account depends on your social media account's privacy settings.
2. How do we use your information?
We use personal information collected via our App for a variety of business purposes described below. We process your personal information for these purposes for our business interests, to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
To facilitate account creation and login process. If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and login process for the performance of the contract. See the section below headed "How do we handle your social logins" for further information.
To post testimonials. We post testimonials that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and the consent of the testimonial. If you wish to update, or delete your testimonial, please contact us at email@example.com and be sure to include your name, testimonial location, and contact information.
Request feedback. We may use your information to request feedback and to contact you about your use of our App.
To enable user-to-user communications. We may use your information in order to enable user-to-user communications with each user's consent.
To manage user accounts. We may use your information for the purposes of managing our account and keeping it in working order.
To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
To protect our Services. We may use your information as part of our efforts to keep our App safe and secure (for example, for fraud monitoring and prevention).
To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
To deliver and facilitate delivery of services. We may use your information to provide you with a requested service.
To respond to your inquiries or offer support. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.
To send you marketing and promotional communications. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. For example, when expressing an interest in obtaining information about us or our App, subscribing to marketing or otherwise contacting us, we will collect personal information from you. You can opt-out of our marketing emails at any time (see the "What are your privacy rights?" below).
Deliver targeted advertising to you. We may use your information to develop and display personalized content and advertising (and work with third parties who do so) tailored to your interests and/or location and to measure its effectiveness.
For other business purposes. We may use your information for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns or to evaluate and improve our App, products, marketing and your experience. We may use and store this information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information. We will never use identifiable personal information without your consent, and only where allowable under HIPAA.
3. Will your information be shared with anyone?
We may disclose your information in the following circumstances:
Disclosures to Service Providers and Brightway Partners
Brightway, and third party vendors acting on our behalf, may disclose your information to Brightway Partners, third party service providers, or vendors acting on our behalf, for the purpose of providing the Services and related services to you or other users, including, without limitation, determining eligibility, registering you to use the Services, logging you into the Services, providing you with information you have requested through the Services or related services, connecting you with resources and other benefits, filing of medical claims, managing your account, and for Brightway Partners’ administration of benefits. Third party service providers or vendors acting on our behalf are authorized to use your information to provide services to Brightway or as required by law, and they are also permitted to aggregate or de-identify your Information, including Personal Data, such that it does not personally identify you.
Brightway does not disclose Personal Data to third parties for their direct marketing purposes.
Security and Compliance with Law. Your information and the contents of your communications through the Sites and Services may be disclosed to third parties as required by law, such as to comply with a subpoena or similar legal process, or when we reasonably believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, report improper or unlawful activity, or respond to a government request.
Non-Personal and Aggregate Site and Services Use Information. Brightway may compile and share your Information in aggregated form (i.e., in a manner that would not personally identify you) or in de-identified form so that it cannot reasonably be used to identify an individual (“De-Identified Information”). We may disclose such De-Identified Information publicly and to third parties, for example, in public reports about exercise and activity, or to Brightway Partners under agreement with us. Brightway may also disclose De-Identified Information for general research purposes and in research collaborations with third parties, such as universities, hospitals or other laboratories to determine the prevalence of particular conditions among Users or to determine whether a User might be suitable for research or clinical trials. Brightway may also use De-Identified Information for commercial collaborations with private companies for purposes such as product design or enhancement of Services.
Uses and Disclosures Permitted by Law, Including for Health Care Operations, Public Health, and Research. To the extent not prohibited by law or precluded by Brightway’s agreements with the applicable Brightway Partner, Brightway, and any third party vendors acting on Brightway’s behalf, may use and disclose your Personal Data: (a) as required or permitted by law, including, where applicable, HIPAA, which may include disclosures to the applicable Brightway Partner; (b) for Research purposes; (c) for purposes of Health Care Operations of the applicable Brightway Partner; and (d) for Public Health, as each is defined and in accordance with HIPAA.
4. The technologies we use for automatic data collection
We and our partners use various technologies to collect and store information when you visit one of our services, such as information about your browser or device. The technologies that we may use for automatic data collection may include:
2. Web Beacons. Pages of our Sites or Services or our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count Users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
3. Website Logging Tools. Clickstream data is information collected via website logging tools by our computers when you request web pages from the Sites. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how visitors arrive at the Sites, what type of content is popular, what type of visitors in the aggregate are interested in particular kinds of content on the Sites.
4. Mobile Device Identifiers and SDKs. A mobile SDK is the mobile app version of a web beacon (see “Web Beacons” above). The SDK is a bit of computer code that app developers can include in their apps to enable ads to be shown, data to be collected, and related services or analytics to be performed.
5. How do we handle your social logins?
Our App offers you the ability to register and login using your third-party social media account details (like your Google login). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile iInformation we receive may vary depending on the social media provider concerned, but will often include your name, email address, profile picture as well as other information you choose to make public on such social media platform.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant App. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.
6. How long do we keep your information?
We may retain your Personal Data for a period of time consistent with the original purpose for collection. For example, we keep your Personal Data for no longer than reasonably necessary for your use of our programs and Services and for a reasonable period afterward. We may retain your Personal Data even after your business relationship with us ends, if reasonably necessary to comply with our legal obligations (including law enforcement requests), comply with HIPAA, meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions, in copies made for backup and business continuity purposes, or to fulfill your request to “unsubscribe” from further messages from us. We will retain De-Identified information after your account has been closed. Our servers are located in the United States of America.
Our Sites and Services are not designed to be used by or intended to attract children under the age of 13. Individuals who we actually know are under the age of 13 will not be permitted to use our Services and we will not collect their personal information. We do not share the personal information of consumers we know to be less than 16 years of age, unless we receive affirmative authorization (the “Right to Opt In”) from the minor who is between 13 and 16 years of age. If you are a parent or guardian and you are aware that your child who is under the age of 13 has provided us with identifiable personal data, please contact us. If we become aware that we have inadvertently collected data from children under the age of 13 without verification of parental consent, we will timely remove that information from Our servers to the extent permissible by law.
8. Your rights with respect to personal data
You may have certain rights relating to your Personal Data, subject to local data protection law. We aim to provide you with choices about how we use your Personal Data. Subject to applicable law, you may obtain a copy of the Personal Data that we maintain about you. In addition, if you believe that Personal Data we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “How to Contact Us” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
Your choices and accessing, updating, or deleting your personal data
Privacy Rights Specific to California Residents
Under the California Consumer Privacy Act, California residents have specific rights regarding their Personal Data. This section describes Californians’ rights and explains how California residents can exercise those rights.
Below we further outline specific rights which California residents may have under the California Consumer Privacy Act.
Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection, use and disclosure of your Personal Data over the past twelve (12) months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
Right to Data Portability. You have the right to a “portable” copy of your Personal Data that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Data stored on our servers or information technology environment to another service provider’s servers or information technology environment.
Right to Delete Your Data. You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies.
Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.
Exercising Your Rights
If you are a California resident who chooses to exercise your rights, you can submit a request via email at: firstname.lastname@example.org. You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.
Our Response to Your Request
Upon receiving your request, we will confirm receipt of your request by sending you an email. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the Information. In some instances, such as a request to delete Personal Data, we may first separately confirm that you would like for us to in fact delete your Personal Data before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with Brightway, we will deliver our written response to that account. If you do not have an account with Brightway, we will deliver our written response by mail or electronically, at your option.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
Please note that even though you may request the deletion of your Personal Data, we may be required (by law or otherwise, such as to prevent fraud, resolve disputes, or troubleshoot problems) to retain this information.
Changing or Deleting Your Information
You may update or correct information about yourself by making changes to your profile by emailing us at email@example.com. If you completely delete all such information, then your account may become deactivated. We may retain an archived copy of your records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements or for other legitimate business purposes.
We may contact you to request that you update your Information on a regular basis to ensure its integrity for the purposes of ongoing data management.
9. Our opt-in / opt-out policy
We currently provide the following opt-out opportunities:
At any time, you can follow a link provided in offers, newsletters or other email messages (except for e-commerce confirmation or service notice emails) received from us or a Brightway Partner to unsubscribe from communications.
10. Third party links
11. How we protect personal data
Brightway maintains administrative, technical and physical safeguards designed to protect users’ information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These safeguards vary based on the sensitivity of the Information that we collect, process and store and the current state of technology. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We also maintain procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current.
12. Direct marketing and “Do Not Track” signals
Brightway does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser may include controls to block and delete cookies, web beacons and similar technologies, to allow you to opt out of data collection through those technologies.
California residents are entitled to contact us to request information about whether we have disclosed Personal Data to third parties for the third parties’ direct marketing purposes. Brightway does not disclose Personal Data to third parties for their direct marketing purposes. California users may request further information about our compliance with this law by emailing us at firstname.lastname@example.org.
13. Changes to the terms of this policy
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
14. How you can contact us about this policy
If you have questions or comments about this notice, you may email us at email@example.com or by post to:
P.O. Box #35
Kings Park, NY 11754