This Privacy Policy was last updated on October, 2024
WELLNITE, INC.
At Wellnite, Inc. (“Wellnite”) your privacy is important to us. Our Privacy Policy describes the information we collect, how we collect the information, the reasons we collect information, and how we share or use the information we collect. This Privacy Policy also describes the choices you have with the information we collect, including how you can manage, update, or request to delete information.
Please take a moment to review this Privacy Policy. This policy has been crafted to apply globally in any other country outside of the United States and associated territories (“US Territories”), adhering to the European General Data Protection Regulation (GDPR) guidelines, which are recognized as one of the most comprehensive and stringent privacy standards worldwide.
You may scroll through this Privacy Policy or use the headings below. It is important that you understand this Privacy Policy. By using our Platform, you are agreeing to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, you may Contact Us at any time.
This Privacy Policy is designed to comply with privacy regulations in various jurisdictions, including but not limited to the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the Lei Geral de Proteção de Dados (LGPD) in Brazil, the Protection of Personal Information Act (POPIA) in South Africa, the Privacy Act 2020 in New Zealand, and the Privacy Act 1988 and Australian Privacy Principles (APPs) in Australia. Depending on your country of residence, additional or different terms may apply as outlined in the country-specific sections below. To comply with the European General Data Protection Regulation (GDPR), Wellnite has made certain commitments regarding the processing and protection of personal data for individuals located within the European Economic Area (EEA). These commitments include specific legal bases for processing, enhanced user rights, and measures to ensure data transferred outside the EEA is adequately protected.
TABLE OF CONTENTS
I. Who is Wellnite?I. Who is Wellnite?
Our mission is to make high-quality mental healthcare accessible regardless of zip code or insurance coverage.
Wellnite, Inc. is not a medical group or a healthcare provider. Wellnite, Inc. provides software-as-a-service technologies that allow its users, among other capabilities, to obtain telemedicine consultations provided by independent medical practitioners. These practitioners are responsible for providing you with a Notice of Privacy Practices describing the collection and use of your health information, not Wellnite.
II. Key Terms & Definitions and Our Privacy Policy
It is helpful to start by explaining some of our key terms and definitions used in this Privacy Policy.
Key Term | Definition |
“Personal Information and Personal Data” | For GDPR purposes, any mention of "Personal Information" will be considered as "Personal Data" (which refers to any information relating to an identified or identifiable individual and any information listed here), and both will be used indistinctively for the purpose of this document. Any information relating to an identified or identifiable individual, including but not limited to the information listed in this policy. For instance, this term is used interchangeably across different jurisdictions and includes "personal information" as defined in PIPEDA (Canada), "personal data" as defined in LGPD (Brazil), "personal information" as defined in POPIA (South Africa), "personal information" as defined in the Privacy Act 2020 (New Zealand), and "personal information" as defined in the Privacy Act 1988 (Australia). |
"Sensitive Information" | In addition to health information, this includes information about an individual's racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and biometric information. The exact definition and treatment of sensitive information may vary by jurisdiction. |
our “Platform” | Our Website |
“Privacy Policy” | This privacy policy |
“Products” | Any products available for purchase on our Platform. |
our “Services” | Any services provided through our Platform. |
our “Terms of Use” | Our terms of use located here. |
our “Website(s)” | Our websites: www.wellnite.com and www.wellnite.co |
“Wellnite,” “we,” “us,” or “our” | Wellnite, Inc. |
"Data Controller" | The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. |
"Data Processor" | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
"Processing" | Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
"Special Categories of Personal Data” | Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. |
When does our Privacy Policy apply?
This Privacy Policy describes the types of information we may collect from you when:
When does our Privacy Policy not apply?
This Privacy Policy does not apply to information collected by any other website operated either by us or by a third party, unless the website is listed or links to this Privacy Policy. It also does not apply to any website that we may provide a link to or that is accessible from our Platform.
This Privacy Policy does not apply to information collected from users who log-in to the password-protected and secure portions of our Platform (“Secure Platform”). The Secure Platform allows users who obtain the Services (“Customers”) to perform certain functions or obtain the Services (such as telehealth visits from Providers). All information collected and stored by us or added by Customers into such Secure Platforms is considered Protected Health Information ("PHI") and/or medical information and is governed by applicable state and federal laws that apply to that information. How we use and disclose such PHI is in accordance with the applicable Notice of Privacy Practices provided to you by the providers. We will not use or disclose information collected from the Secure Platform or received from your Provider for advertising, marketing, or other use-based data mining purposes. We will not sell any PHI.
Our Privacy Policy and Terms of Use.
This Privacy Policy is incorporated into our Terms of Use, which also apply when you use our Platform.
III. Personal Information
What is Personal Information or Personal Data?
Information from and about you that may be able to personally identify you. We treat any information that may identify you as personal information. For example, your name and e-mail address are personal information.
What types of Personal Information do we collect?
We collect and process special categories of personal data, including health-related information. We only process this data with your explicit consent or where necessary for the provision of our services. We may collect and use the following personal information (hereinafter, collectively referred to as “Personal Information”):
Categories of Personal Information | Specific Types of Personal Information Collected |
Personal Identifiers | A real name, birth date, e-mail address, shipping address, or Patient ID. |
Information that identifies, relates to, describes, or is capable of being associated with a particular individual | A real name, home address, billing address, shipping address, phone number, driver’s license number, state ID number, passport number, IP address, email address, date of birth, banking or financial account number, credit/debit card number, medical information, or insurance policy number. |
Characteristics of protected classifications under California or federal law. | Age, medical conditions, physical/mental disability, Sex/Sex Life (including gender, gender identity, gender expression, pregnancy or child birth, or related medical conditions), and sexual orientation. |
Biometric information | Photos, video, and voice |
Internet or other electronic network activity information | IP address and Advertising ID |
Geolocation data | State of residence |
Health Information
Some Personal Information we collect may constitute PHI under HIPAA. As set forth above, your Provider will provide you with a Notice of Privacy Practices describing their collection and use of your health information, not Wellnite. We will only collect and use PHI for the purposes of providing the Services and we only collect the minimum amount necessary to fully perform and provide the Services on our Platform. We may combine your PHI with Personal Information that we have either obtained from you or through a third-party, such as your Provider, health insurer, employee benefits program, or other health care providers. PHI will not be used for any other purpose, including marketing, without your consent
How do we collect your Personal Information?
We collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned. When collecting sensitive information, we will obtain explicit consent unless otherwise permitted by law.
We ensure that all data collection methods are lawful and transparent under GDPR and all the jurisdictions we operate. We will always inform you about the purposes of data collection and obtain your consent where required. For instance, for users in Brazil, we will provide clear information about the processing of personal data and obtain consent when required by the LGPD. For users in South Africa, we will collect personal information directly from the data subject unless an exception under POPIA applies. For users in New Zealand and Australia, we will take reasonable steps to ensure that the individual is aware of the collection of personal information, the purpose of collection, and their rights regarding the information.
We collect most of this Personal Information directly from you. For example, when we speak to you by phone, text message, and e-mail. Additionally, we will collect information from you when you visit our Website or App and fill out forms or purchase our Services. We may also collect Personal Information in the following ways:
We will also collect information automatically as you navigate through our Platform. We use the following technologies to automatically collect data:
How do we use your Personal Information?
Under GDPR, we process your personal data based on one or more of the following legal bases:
In addition to the GDPR legal bases for processing, we adhere to legal basis in all the jurisdictions we operate. We will clearly communicate the specific legal bases for each processing activity when requested.
We may use your Personal Information for the following purposes:
When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms under GDPR.
We may share Personal Information with third parties in certain circumstances or for certain purposes, including:
Under GDPR, you have the following additional rights:
In addition to the GDPR legal bases for sharing your information, we adhere to legal basis in all the jurisdictions we operate. We will clearly communicate the specific legal bases for each processing activity when requested.
To exercise these rights, please contact our Data Protection Officer at privacy@wellnite.com.
This section of our Privacy Policy provides details and explains how to exercise your choices. We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Information for our advertising to you, and other targeted advertising. We do not control the collection and use of your information collected by third parties. These third parties may aggregate the information they collect with information from their other customers for their own purposes. You can opt out of third parties collecting your Personal Information for targeted advertising purposes in the United States by visiting the National Advertising Initiative's (NAI) opt-out page and the Digital Advertising Alliance's (DAA) opt-out page.
Each type of web browser provides ways to restrict and delete cookies. Browser manufacturers provide resources to help you with managing cookies. Please see below for more information.
For other browsers, please consult the documentation that your browser manufacturer provides.
If you do not wish to have your e-mail address used by Wellnite to promote our own Products and Services, you can opt out at any time by clicking the unsubscribe link at the bottom of any e-mail or other marketing communications you receive from us or logging onto your Account Preferences page. This opt-out does not apply to information provided to Wellnite as a result of a product purchase, or your use of our Platform and/or the Services. You may have other options concerning marketing and communication preferences through our Platform.
You may also see certain ads on other websites because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based, and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons. The networks use this information to show you advertisements that may be tailored to your interests.
How do I access and correct my Personal Information?
For GDPR compliance, we will respond to your requests to access, correct, or delete your personal data within 30 days. In certain circumstances, we may need to extend this period to 60 days, in which case we will notify you. These timeframes may vary by jurisdiction, for instance:
In certain circumstances, we may need to extend these periods, in which case we will notify you.
You can review and change your Personal Information by logging into our Services and visiting either your “Dashboard”, “Account” or “Profile” sections of our Platform. You may also Contact Us to inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
Personal Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider:
In some circumstances, you can ask us to delete your data. See 'Your Rights' section for further information.
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
IV. Who may use the Services?
This Privacy Policy applies to all personal uses of our Platform globally and you should not use the Platform and/or the Services if you do not agree to the Privacy Policy and Terms of Use. If you are located in the United States, your information is stored in the United States. By using or downloading the Platform, you agree that your Personal Information, including any information about your health that you provide directly to us or that we collect through your use of the Platform and/or the Services, may be transferred to and stored in the United States.
If you are located in the EEA, we will ensure that any transfer of your personal data outside the EEA is done in accordance with GDPR requirements, including the use of Standard Contractual Clauses or other approved transfer mechanisms.
V. Children’s Privacy
Wellnite understands the importance of protecting children’s privacy in the interactive online world. Our Platform is not designed for, or intentionally targeted at, children.
No one under the age of legal digital consent in their country or jurisdiction should submit any Personal Information on the Platform without parental consent, and if we learn that we have collected or received Personal Information from a child under the age of legal digital consent without parental consent, we will delete that information. It is not our policy to intentionally collect or maintain information about anyone under the age of legal digital consent.
The age of legal digital consent varies by country:
If you are the parent or guardian of a child under the age of legal digital consent whom you believe might have provided us with their Personal Information, you may Contact Us to request the Personal Information be deleted.
VI. Does Wellnite respond to Do Not Track signals?
Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our Platform is not currently set up to respond to those signals.
VII. Data Security
We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet. Where you have been given or you have chosen a password, it is your responsibility to keep this password confidential.
The sharing and disclosing of information via the Internet is not completely secure. We strive to use best practices and industry-standard security measures and tools to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Platform, in your operating system, or mobile device.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with GDPR and all other jurisdictions requirements, for example, but not limited to; PIPEDA (Canada), LGPD (Brazil), POPIA (South Africa), Privacy Act 2020 (New Zealand), and the Privacy Act 1988 (Australia), we have implemented appropriate security safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. These measures are regularly reviewed and updated.
VIII. Changes to our Privacy Policy
We may update our Privacy Policy periodically to reflect changes in our privacy practices, laws, and best practices. We will post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on our Website’s homepage. If we make material changes to our practices with regards to the Personal Information we collect from you, we will notify you by e-mail to the e-mail address specified in your account and/or through a notice on the Platform. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically accessing the Platform and reviewing this Privacy Policy to check for any changes.
When we make material changes to this Privacy Policy, we will seek renewed consent from users in accordance with GDPR and all other jurisdictional requirements.
IX. Contact Us
Data Protection Officer contact information:
Att: Paulo Gonzalez
privacy@wellnite.com
You have the right to make a complaint to the privacy regulatory authority in your jurisdiction if you believe we have violated your privacy rights or applicable privacy laws.
If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on the Platform.
How to Contact Us:
Wellnite, Inc.
Data Privacy E-mail: privacy@wellnite.com