Updated May 26, 2022
Privacy and security is very important to Within Health so we have developed and shared this Privacy Policy to explain how we use and disclose your information.
First, a note introducing ourselves: Within Health Group, Inc. ("Within Health," "we" or "us") operates this Site (withinhealth.com) for the public. Within Health also provides management, administrative, compliance and other support to affiliated physician practice organizations (each, a “WH-PC”). These physician practice organizations employ and otherwise contract with psychiatrists, psychologists, nurses, dietitians and other health care providers (“Within Health Professionals”) to treat clients of the WH-PCs (“Clients”).
This Privacy Policy explains how we collect, use, disclose and otherwise manage the information we may collect about you through your use of the Within Health websites
including withinhealth.com (the “Site”), the Within Health mobile applications and platforms made available to Clients, WH-PCs and their Within Health Professionals, and other circumstances in which we collect and use your information in connection with our business (collectively, the “Services”). The privacy and security of personal information entrusted to a WH-PC, and its Within Health Professionals is called “Protected Health Information” and has additional protections under the Health Insurance Portability and Accountability Act of 1996 (“ HIPAA”). If you are a Client receiving medical care through the Services, the information we collect is Protected Health Information and is governed by the HIPAA Notice of Privacy Practices of yourWH-PC. You may find the HIPAA Notice of Privacy Practices for your WH-PC at https://withinhealth.com/notice-of-privacy-practices. This Privacy Policy describes how we may use or disclose personal information that is not Protected Health Information.
Information You Provide to Us: We may collect information from you directly through your use of the Site, or in other direct interactions with us such as emails or phone calls. This information may include your name, address, age, email address, telephone and facsimile numbers, financial information, health insurance information, and any other information you provide in the course of interacting with us.
Information We Collect through Automated Data Collection Technologies: We may collect your information using automated data collection technologies as described in the “Additional Information about Our Site” section below.
Information We Obtain from Third Parties: We may obtain your information through third party sources such as lead generation companies, marketing partners, and Service Providers.
We use your information:
Promotional Email OptOut: We may send promotional email communications. If you have opted in or otherwise qualify to receive these forms of communication, and no longer wish to receive promotional communications by email, you may opt out or unsubscribe by following the instructions that are included on each email.
In the course of our business we may disclose your information to third parties in the following circumstances:
Service Providers and Companies That Work With or on Behalf of Within Health: We share your information with Service Providers for operations, technology, payment, marketing, and other purposes. These companies may have access to your information to the extent necessary to perform their respective functions.
Sale of Business: Within Health may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets to a third party as part of a merger, acquisition, bankruptcy proceeding, or other restructuring.
Legal Purposes: We may provide your information if we have a good faith belief that the law requires it, such as in response to a search warrant, subpoena, or other legally valid inquiry, order, or process, or to an investigative body in the case of a breach of an agreement or contravention of law, or as otherwise required by law. We may also disclose information to assist us in collecting a debt, or as necessary to exercise our legal rights or defend claims brought against us.
Visiting the Website: In general, you can visit our websites without telling us who you are or providing us with your business information. However, we collect the IP (Internet protocol) addresses of all visitors to our websites and other related information such as page requests, browser type, operating system, and average time spent on our websites. We use this information to monitor and improve our websites.
Cookies: Our websites may use a technology called “cookies”. A cookie is a tiny element of data that our websites and our third party technology providers can send to your browser, which may then be stored on your hard drive so we can recognize you when you return. If you have registered with our Services, these cookies: (1) may let us know who you are, (2) may be necessary to access your information in order to deliver the Services, and (3) may provide us and our service providers with information that we will use to personalize our Services and marketing activities. You may set your web browser to limit or block the use of cookies. However, should you decide not to accept cookies from our websites, you may limit the functionality we can provide when you visit our Services.
Tracer Tags: Our Services and email communications may also use a technology called “tracer tags”. These may also be referred to as “clear GIFs” or “web beacons”. This technology allows us and our third party technology providers to understand which pages or content you view. These tracer tags are used to help us optimize and tailor our Services for you and other web visitors.
Google Analytics: We use automated technologies and applications, such as Google Analytics, to evaluate usage of our Services. We also may use other analytic means to evaluate our websites and services. We use these tools to help us improve the Services, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services. To learn how Google Analytics collects and processes data, please visit: http://www.google.com/analytics/learn/privacy.html
Software Development Kits: When you download and use our mobile applications, we may use third party services to develop and deliver the software and to monitor your use of the application, including by associating your use and user account with mobile device identifiers and information about your use of third party websites and services, consistent with any applicable mobile platform requirements.
How We Respond to Do Not Track (DNT) Settings: Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature. At the present time, we do not respond to DNT signals.
Linked Sites. The Site contains links to third-party websites (“External Sites”). These links are provided solely as a convenience to you and not as an endorsement by us of the content on such External Sites. Links to External Sites are not a referral or endorsement of any other entity, item, or service. The content of such External Sites is developed and provided by others. You should contact the site administrator or webmaster of External Sites if you have any concerns regarding such links or any content located on such External Sites. We are not responsible for the content of any linked External Sites and do not make any representations regarding the content or accuracy of any materials on such External Sites. You should take precautions when downloading files from all websites to protect your computer from viruses and other destructive programs. If you decide to access any External Sites, you do so at your own risk.
If you use the Services or provide us your information from outside the United States, your information will be transferred to, stored and processed in the United States and other countries where Within Health or its service providers operate in accordance with this Privacy Policy and applicable laws. Please note that data protection and consumer protection laws of the United States and such other countries may differ from the data protection or consumer protection laws in your country. By using the Services or providing us with your information, you understand that your information will be collected from and processed in the United States and other countries where Within Health or its service providers operate, and acknowledge that your information may be subject to access by law enforcement and other government entities, including courts and tribunals, in accordance with laws applicable in those jurisdictions.
We maintain administrative, technical, and physical safeguards designed to protect against unauthorized access, use, modification, and disclosure of your information in our custody and control. No data, on the Internet or otherwise, can be guaranteed to be 100% secure. While we strive to protect your information from unauthorized access, use, or disclosure, Within Health cannot and does not ensure or warrant the security of your information.
We retain your information as long as reasonably necessary for the purposes described in this Privacy Policy. In determining the criteria by which to retain or dispose of your information, we will consider the type, sensitivity, context, and purpose of collecting the information.
Within Health does not knowingly collect personal information from children under the age of 13 using the Services.
If you are a California resident, your information may be covered by the California Consumer Privacy Act (CCPA). The below disclosures apply to the extent the CCPA applies to your data, subject to any applicable exemptions.
“Personal Information” We Collect: The categories of “personal information,” as defined in the CCPA, that we collect include:
Within Health may obtain, use, and share these data categories as detailed in the “How We Collect Your Information,” “How We Use Your Information,” and “Sharing Your Information” sections of this Privacy Policy, above.
“Sales” of Personal Information: We do not “sell” your personal information as that term is defined in the CCPA.
Your California Privacy Rights: You may have the following rights with respect to your personal information under the CCPA:
(i) Right to Know About Personal Information Collected, Disclosed, or Sold: You may have the right to request that we provide certain information to you about our collection and use of your personal information over the past twelve (12) months. Specifically, you may have the right to request disclosure of:
(ii) Right to Request Deletion of Personal Information: You may also have the right to request that we delete any of your personal information that we collected or maintain about you, subject to certain exceptions.
(iii) Right to NonDiscrimination for the Exercise of a Consumer’s Privacy Rights: We will not unlawfully discriminate against you for exercising any of your applicable privacy rights.
Exercising Your California Privacy Rights: To request to exercise your CCPA rights described above, please submit a verifiable consumer request to us by using the information in the “Contact Us” section below. Only you or your “authorized agent,” as defined in the CCPA, may make a verifiable consumer request related to your personal information.
Your verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. Making a verifiable consumer request does not require you to create an account with us.
Response Timing and Format: We will make our best effort to respond to a verifiable consumer request no later than forty five (45) days after receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. No later than (10) days of receiving the request, we will confirm receipt and provide information about its verification and processing of the request. Within Health will maintain records of consumer requests made pursuant to the CCPA as well as our response to said requests for a period of at least twenty four (24) months.
At times, it may be necessary for us to make changes to this Privacy Policy. We reserve the right to change this Privacy Policy and any of our policies or procedures concerning the treatment of information collected in connection with the Site. Where we make material changes to this Privacy Policy that reflect material changes in how we use your information we may notify you of those changes. You can determine when this Privacy Policy was last revised by referring to the “Updated” legend at the top of this page. Any changes to our Privacy Policy will become effective upon posting of the revised Privacy Policy on the Internet, which will be accessible through the Services. Use of the Services following such changes constitutes your acceptance of the revised Privacy Policy. We encourage you to bookmark this page and to periodically review it to ensure familiarity with the most current version of our Privacy Policy.
Please feel free to contact us at any time if you have any questions or comments about this Privacy Policy.
You can contact us or otherwise communicate your privacy concerns by: