Privacy Policy

This Patient Privacy Notice (this “Privacy Notice”) applies to personal information collected from you when you use Qr8 Health, Inc.’s (“Qr8”) digital assessments and other services, including those made available through the Software (as defined below) (collectively, the “Services”) and does not apply to information obtained or collected in other ways. This Privacy Notice describes how this personal information is processed, used and retained. Qr8 has developed (a) downloadable software applications (each, an “Application”) that contain one or more tests (“Tests”) which are administered through the use of an iPad and/or other devices supported by Qr8 (each, a “Device”) and (b) related firmware and other embedded software (“Firmware”) on Devices (e.g., a stylus). “Software” means any of the foregoing that are identified in the order form between you and Qr8 or otherwise made available by Qr8 to you, and includes, as applicable, any updates, upgrades or other new features, functionality or enhancements thereto made available by Qr8 to you.

What Does This Privacy Notice Cover?

This Privacy Notice covers our collection, use and disclosure of information about identifiable individuals and information which can be used to identify an individual (“Personal Information”). Personal Information does not include “aggregate” information which we aggregate from information (including Personal Information) you provide to us. Personal Information may be collected about our customers and end users of the Services. You can choose not to provide us with certain information.

This Privacy Notice does not apply to the practices of companies that we do not own or control. You understand and agree that Qr8 and its authorized business partners, affiliates, subsidiaries or agents (collectively, “Qr8”, “us” or “we”) may collect, maintain, and process information provided by you, on and through the Services. You represent and warrant that you have permission to share any information you elect to provide Qr8, you consent to such information being shared with third parties, including, if applicable, healthcare providers, and that such information is accurate, current, non-misleading, and consistent and relevant for the purpose for which you are providing information.

The information contained in the Services is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. Qr8 makes no representation and assumes no responsibility for the accuracy of information contained on or available through the Services, and such information is subject to change without notice. You are encouraged to confirm any information obtained from or through the Services with and review all information regarding any medical condition or treatment with your physician. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH THE SERVICES.

Qr8 does not recommend, endorse or make any representation about the efficacy, appropriateness or suitability of any specific Tests, products, procedures, treatments, services, opinions, healthcare providers or other information that may be contained on or available through the Services. Qr8 IS NOT RESPONSIBLE NOR LIABLE FOR ANY ADVICE, COURSE OF TREATMENT, DIAGNOSIS OR ANY OTHER INFORMATION THAT YOU OBTAIN THROUGH USE OF THE SERVICES.

Information We Collect

Qr8 has access to or collects Personal Information that you voluntarily give us when you are using its Services. Qr8 will not sell or provide any Personal Information to third parties for their use in their research or in their direct marketing, advertising, or promotion of their products or services, except as stated herein. 

Qr8 collects Personal Information in the following general ways:

• Qr8 collects Personal Information you knowingly choose to submit to us through the Services, such as your name, date of birth, gender, and email address.
• When you access or use the Services, Qr8 may automatically receive and record information on our server logs from your Device or browser.

Subject Information: Qr8 collects information about individuals who are prescribed the Services or otherwise begin or complete a Test within the Software (“Subjects”). When you use our Applications, we may collect your name, date of birth (age), sex, test score, level of education and other scoring and/or performance metrics which may be relevant to the particular Test you are taking.  Some of the Personal Information received by Qr8 in connection with the Services may be provided by healthcare providers that are subject to laws and regulations, such as rules issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), that govern providers’ use and disclosure of certain individually identifiable health-related Personal Information (“Protected Health Information”). When we receive Protected Health Information, we may do so as a “business associate” of the healthcare provider under an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the healthcare provider itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. When we act as a Business Associate, we may be subject to certain laws and regulations, including certain HIPAA rules, that govern our use and disclosure of Protected Health Information and that may be more restrictive than otherwise provided in this Privacy Notice. For more information about our HIPAA-compliant activities, please contact [email protected] or [email protected].

Information Automatically Collected When You Use Our Services: When you interact with the Services, we receive and store certain information about your Device or Hardware, which may include Personal Information. We may use such information and pool it with other information to track, for example, the total number of users of our Services, device type, application versions, Device operating system versions, and crash logs.

How Qr8 Uses Personal Information

Generally, Qr8 uses including Personal Information to deliver the Services to healthcare providers and Subjects, to improve the delivery of our Services and related products and services, to conduct our business, to develop analytics and aggregated data that allow us to improve our Services and related products and services, or to correspond with you. Specifically, Qr8 uses Personal Information to:

• Authenticate access to your Account and provide access to the Services;
• Provide, operate, maintain and improve the Services;
• Send technical notices, updates, security alerts and support and administrative messages;
• Respond to comments, questions, and requests and provide customer service and support;
• Investigate and prevent fraudulent transactions, unauthorized access to the Services, and other illegal activities;
• Personalize and improve the Services, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customize your experience on the Services;
• Enable you to communicate, collaborate, and share files with users you designate; and
• For other purposes about which we will notify you about and seek your consent.
  
  

In order for us to properly collect your Personal Information, in particular your Protected Health Information, from your physicians and healthcare providers, we may need your express authorization to do so.  If you tap “Agree & Continue”, you are authorizing Qr8 to contact your health care team and gain HIPAA-secure access to your medical records for treatment, payment, and health care operations purposes. We will only use those records and the information contained in them for the purposes set forth herein. Additionally, if you tap “Agree & Continue”, Qr8 will use the personal information it collects about you to validate your Test results, in other words, to compare your Test results to the results of other people who have also used the Application(s).  Qr8 may also use your Personal Information to improve the performance of its Software or to develop similar, related or wholly new software applications.  Qr8 may also disclose your information as required by law and to representatives of government organizations or independent review boards responsible for overseeing the safety of medical products and therapies and the conduct of medical research. 

When you use the Application, we may collect, for example, your name, date of birth (age), sex, test score, level of education and other scoring and/or performance metrics which may be relevant to the particular Test you are taking. 

How We Share Personal Information

Your Consent to Share: By providing any Personal Information to us, you fully understand and unambiguously consent to the transfer of such Personal Information and the collection and processing of such Personal Information to third parties, including healthcare providers or other third parties as described in the End User License Agreement. We may share aggregated data to conduct our business, improve the delivery of our Services, to develop analytics, and to enable us and our licensors and integration partners to improve and promote our products and services, including the Services. We will not sell or rent your Personal Information to anyone other than as described in this Privacy Notice.

Service Providers and Business Partners: We may from time to time employ third parties to perform tasks on our behalf and we may need to share Account information and other Personal Information with them to provide certain services. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. We currently engage third-party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, database management, and general improvement of the Services, and businesses who engage our Services (to the extent provided for above).

Protected Health Information: Some of the Personal Information received by Qr8 in connection with the Services may be provided by healthcare providers that are subject to laws and regulations, such as rules issued under HIPAA. If we need to share this information with third-party service providers, we enter into agreements that require the third party to comply with the restrictions on use and sharing as required under HIPAA.

Business Transfers: If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through corporate merger or some other change of control, Personal Information and other information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.

With Your Consent: If we need to use or disclose any Personal Information including Protected Health Information in a way not identified in this Privacy Notice, we will notify you and/or obtain consent as required under applicable privacy laws.

As Required by Law: We may disclose Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other end users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce our contracts, including investigation of potential violations hereof; and (iii) detect, prevent, or otherwise address fraud, security or technical issues. We may disclose Personal Information if we believe it is necessary to investigate potential violations of our End User License Agreement or to enforce that End User License Agreement. The above may include exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Notwithstanding the general terms of this Privacy Notice, the collection, use, and disclosure of Personal Information may be made outside of the terms herein to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders.

How We Retain Personal Information

We will keep Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. Unless otherwise set forth in the applicable End User License Agreement or a separate agreement with you governing the applicable Services (if any), if you cease using such Service, we may retain or destroy, at our discretion, all Personal Information and non-personally identifiable information we collect through your use of such Service. All retained Personal Information will remain subject to the terms of this Privacy Notice.

Your Rights

You have the right to access the Personal Information, including Protected Health Information, we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant information available to you, such as where that information also pertains to another user of the Services. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep Protected Health Information accurate and up to date, and we will provide mechanisms to update, correct, delete or add to Protected Health Information as appropriate. As appropriate, this amended Protected Health Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Protected Health Information about you enables us to give you the best possible service. Note that the terms of any Business Associate Agreement in effect with healthcare providers will dictate the manner in which we update, correct, or remove Personal Health Information. In the event there is a conflict between this Privacy Notice and the Business Associate Agreement, the Business Associate Agreement will control.

Security

Qr8 takes very seriously the security and privacy of the Personal Information that it collects pursuant to this Privacy Notice. Accordingly, we implement reasonable and appropriate security measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations, including HIPAA. Wherever Qr8 collects personal information, your information is encrypted and securely transmitted to Qr8. Please understand, however, that no security system is impenetrable.  We cannot guarantee the security of our databases or the databases of the third parties with which we may share your information (as permitted herein), nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet.  In particular, email sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

Changes to This Privacy Notice

We may amend this Privacy Notice from time to time. If we decide to change our Privacy Notice, we will post those changes and update the Privacy Notice modification date at the top of this page. Use of Personal Information we collect is subject to the Privacy Notice in effect at the time such information is collected, used or disclosed. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our website, through the interface of the applicable Services or sending you an email prior to the change becoming effective. You are bound by any changes to the Privacy Notice when you use the Services after such changes have been first posted.

Contact Information

For more information on how we collect and process your Personal Information  please contact [email protected] or [email protected].

Filing a Complaint

If you believe that your rights have been violated, you may file a complaint with us by emailing [email protected] or [email protected]. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.