RecoveryOne Privacy Policy
Welcome, and thank you for your interest in Trainer Rx, Inc. d/b/a RecoveryOne (“RecoveryOne”, “we,” or “us”) and our Web site at app.recoveryone.com (the “Site”), as well as all related web sites, networks, embeddable widgets, downloadable software, mobile applications (including tablet applications), and other services provided by us and on which a link to this Privacy Policy (this “Policy”) is displayed (collectively, together with the Site, our “Service”).
This Policy describes the information that we gather from you on the Service, how we use and disclose such information, and the steps we take to protect such information. By using the Service, you consent to the privacy practices described in this Policy.
This Policy is incorporated into and is subject to the RecoveryOne Terms of Use. Capitalized terms used but not defined in this Policy have the meaning given to them in the RecoveryOne Terms of Use.
Questions or Complaints about RecoveryOne or its use, retention and disclosure of Personal Data should be directed to: Director of Compliance & Governance, RecoveryOne, 1670 Riviera Ave. Suite #101, Walnut Creek, CA 94596; tel. 1-877-747-9411; email: privacy@recoveryone.com.
Your Rights with respect to Personal Data are outlined in this Privacy Policy here
The information we collect on the Service:
- User-provided Information. When you use the Service, you may provide and we may collect what is generally called “personally identifiable information (PII)”, or “Personal Data,” which is information that specifically identifies an individual.
- Personal Data. Personal Data is defined as “any information relating to an identified or identifiable natural person (known as a “Data Subject”); any identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal Data shall include protected health information (“PHI”) as described below.
How we use your Protected Health Information:
RecoveryOne is dedicated to maintaining the privacy and integrity of your Personal Data including PHI. Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present or future payment for the provision of health care. In providing the Service, we will receive and create records containing your PHI and may use it to remind you of workout sessions, develop and conduct surveys with you to assist in providing you a better Service, conduct our management and administrative activities, and otherwise as stated in this Privacy Policy. You may also choose to grant access to your account to your health care provider or communicate directly with your health care provider. We may also use your de-identified PHI to run (or authorize third parties to run) statistical research on individual or aggregate health or medical trends. Such research would only use your PHI in an anonymous manner that cannot be tied directly back to you. We are required by law to maintain the privacy and confidentiality of your PHI, and we operate the Service consistent with applicable federal and state laws governing health information privacy and security.
- Examples of Personal Data include name, email address, mailing address, mobile phone number, and credit card or other billing information. Personal Data also includes other information, such as date of birth, geographic area, or preferences, when any such information is linked to information that identifies a specific individual. You may also provide us medical data such as the identity and contact information of your health care provider(s) and part of your medical history and other information that you choose to share with us. You may provide us with Personal Data in various ways on the Service. For example, you provide us with Personal Data when you register for an account, use the Service, post User Content, interact with other users of the Service through communication or messaging features, or send us customer service-related requests.
- “Cookies" Information. When you visit the Service, we may send one or more cookies (a small text file containing a string of alphanumeric characters) or similar code to your Devices. Some of this code may remain on your Devices and may be used by your browser or Devices on subsequent visits to the Service. This allows us to "remember" what you have done on the Service previously and personalize the Service for you. Please look through your browser’s or device’s technical support resources to learn the correct way to remove or disable “cookies“, if desired. Please note that disabling “cookies“ may prevent you from accessing some of the functionality and offerings available via the Service.
- “Automatically Collected" Information. When you use the Service, we may automatically record certain information from your device by using various types of technology, including “clear gifs" or “web beacons.” This “automatically collected" information may include your IP address or other device address or ID, web browser and/or device type, the pages or other content you view or otherwise interact with on the Service, and the dates and times that you visit, access, or use the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users.
- Third-Party Web Beacons and Third-Party Buttons. We may also implement third-party content or advertising on the Service that may use clear gifs or other forms of web beacons, which allow the third-party content provider to read and write cookies to your browser in connection with your viewing of the third-party content on the Service. Additionally, we may implement third-party buttons (such as Facebook “like” or “share” buttons) that may allow third parties to collect information about you through such third-parties’ browser cookies, even when you do not interact with the button. Information collected through web beacons and buttons is collected directly by these third-parties, and RecoveryOne does not participate in that data transmission. Information collected by a third party in this manner is subject to that third party’s own data collection, use, and disclosure policies.
- Analytics. We may work with different companies who offer services that can assist us in better understanding how users of our Services interact with and use our Services. For example, we currently use and may continue to use a product called Google Analytics by permitting Google to use technologies such as web beacons and cookies to collect certain non-personally identifiable information that helps us understand your usage of our Service. We may permit Google and other third-party analytics providers to combine information collected through our Service with information collected from third-party services, and these analytics providers may use this information to help us better understand our users, and these analytics providers may also use this information to help their other customers better understand their users. Additionally, we currently use and may continue to use a version of Google Analytics called Google Analytics for Display Advertisers, which enables Google to collect, use, and disclose information in connection with certain advertising activities. You may opt-out of Google Analytics for Display Advertising and customize Google Display Network ads at https://www.google.com/settings/ads.
- Integrated Services. You may be given the option to access or register for the Service through the use of your username and passwords for certain services provided by third-parties (each, an “Integrated Service”), such as through the use of your Facebook credentials through Facebook Connect, or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand and change the information sent to us through each Integrated Service. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.
- Information from Other Sources. We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
How we use the information we collect. We use information we collect on the Service in a variety of ways in providing the Service and operating our business, including the following:
- We use the information that we collect on the Service to operate, maintain, enhance and provide all features of the Service, to provide services and information that you request, to respond to comments and questions and otherwise to provide support to users, and to process and deliver entries and rewards in connection with promotions that may be offered from time to time on the Service.
- We use the information that we collect on the Service to understand and analyze the usage trends and preferences of our users, to improve the Service, and to develop new products, services, features, and functionality.
- RecoveryOne will not contact you to ask unnecessary or irrelevant questions or to provide irrelevant information. RecoveryOne may use your email address or other information we collect on the Service (i) to contact you for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to your User Content posted on the Service or (ii) to send communications, including updates on promotions and events, relating to products and services offered by us and by third parties we work with. Generally, after you have consented to the use of your Personal Data as provided herein, you have the ability to opt-out of receiving any promotional communications as described below under “Your Choices” at any time. RecoveryOne will only retain your Personal Data during the term of your Agreement to use the Service and as required by law.
This Privacy Policy describes how we protect your privacy as a general user of the Service, not as a patient receiving care through the Service from your health care provider. You understand that all information shared with your health care provider is subject to your consent and to your health care provider’s professional and legal duties of confidentiality and responsibility, which we do not control. If you are receiving care through the Service from a health care provider, you have other rights with respect to the access, use and disclosure of PHI. For a more complete description of a patient’s rights under HIPAA, please refer to your health care provider’s Notice of Privacy Practices, which provides important information to you about how your PHI may be used and disclosed.
When we disclose information. Except as described in this Policy, we will not disclose your information that we collect on the Service to third parties without your consent. When we disclose your Personal Data, we will disclose the amount necessary for the purpose of the disclosure. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
- Any information that you voluntarily choose to include in a publicly accessible area of the Service, such as a public profile page, will be available to anyone who has access to that content, including other users.
- We work with third party service providers to provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to or process your information as part of providing those services for us. Generally, we limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information.
- We may make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
- We may disclose your information if required to do so by law or in good-faith believe that such action is necessary to comply with state and federal laws (such as U.S. copyright law), in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
- We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
- Information about our users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- RecoveryOne will not sell Personal Data or otherwise disclose it to third parties for profit.
Your Rights as a Data Subject
At any point while RecoveryOne is in possession of or processing your Personal Data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances, you can ask for the Personally Identifiable Information we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organization.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to opt out of automated processing or profiling.
Complaints and Recourse
In the event that you wish to make complaint about how your personal data is being processed by RecoveryOne, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and RecoveryOne’s Director of Compliance & Governance.
The Contact Information: Director of Compliance & Governance, RecoveryOne, 1670 Riviera Ave. Suite #101, Walnut Creek, CA 94596; tel. 1-877-747-9411; email: privacy@recoveryone.com.
Your Choices
You may, of course, decline to share certain Personal Data with us, in which case we may not be able to provide to you some of the features and functionality of the Service. If you wish to update, correct, or de-identify your account information or any other Personal Data we hold, you may contact us at privacy@recoveryone.com. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
If you receive commercial email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us, and any other promotional communications that we may send to you from time to time, by sending your request to us by email at privacy@recoveryone.com or by writing to us at the address given at the end of this policy. We may allow you to view and modify settings relating to the nature and frequency of promotional communications that you receive from us in user account functionality on the Service.
Please be aware that if you opt-out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may receive promotional communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding the Service.
Third-Party Services
The Service may contain features or links to Web sites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
Children’s Privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 13, and we do not knowingly collect Personal Data from children under the age of 13. Children aged 13 to 16 may use RecoveryOne only with the consent of a legally responsible parent or guardian. If you are under 13 years of age, then please do not use or access the Service at any time or in any manner. If we learn that personally identifiable information has been collected on the Service from persons under 13 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 13 years of age has obtained an account on the Service, then you may alert us at privacy@recoveryone.com and request that we delete that child’s personally identifiable information from our systems.
Data Security
We use certain physical, managerial, and technical safeguards consistent with the HIPAA and HITRUST guidelines, that are designed to improve the integrity and security of your personally identifiable information. We cannot, however, ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
If we learn of a security systems breach, then we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Service if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing. To receive a free, written notice of a security breach you should notify us at privacy@recoveryone.com.
Privacy Settings
Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. We are not responsible for circumvention of any privacy settings or security measures on the Service. Additionally, we cannot control the actions of other users with whom you may choose to share your information. Further, even after information posted on the Service is removed, caching and archiving services may have saved that information, and other users or third parties may have copied or stored the information available on the Service. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons.
Changes and Updates to this Policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.
Our Contact Information
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at privacy@recoveryone.com.
RecoveryOne
1670 Riviera Avenue, Suite 101
Walnut Creek, CA 94596
August 2023