Privacy Policy
Introduction
Opya Inc. (hereinafter collectively referred to as “Opya”, “Company,” “we,” “us” or “our”) is committed to protecting your privacy. The following discloses our information-gathering and dissemination practices for our Company’s website at opyacare.com (the “Website”), and the Company’s mobile applications (“Applications”, for both iOS and Android). The Website and Mobile Applications will be collectively referred to as “Digital Platform” in this Digital Platform Privacy Policy (“Policy”) unless otherwise and explicitly stated. Users on our Digital Platform are referred to herein as “you” from time to time. This Policy explains how we collect, use, disclose, and protect your Personal Information collected on our Digital Platform. This Policy describes what categories of personal data we collect, the purposes we use that data for, your choices regarding our use of your personal data, our security measures, and how you can review and correct our data about you. By accessing our Digital Platform, you consent to the data collection and use practices described in this privacy statement.
HIPAA Privacy
This Digital Platform Privacy Policy is distinct from our Notice of Privacy Practices, which is a special notice required by a federal privacy law known as the HIPAA Privacy Rule. The Opya Notice of Privacy Practices describes how we use “individually identifiable health information” collected by Opya, both online and offline, to provide services to you and to administer the various programs that we administer. Our Digital Platform Privacy Policy describes how we use your Personal Information that we collect from you on our Digital Platform. The Opya Notice of Privacy Practices describes how we use your individually identifiable health information that we may collect from you in another manner.
This Digital Platform Privacy Policy makes distinctions between Personal Information contained in a Personal Health Record (“PHR”) that you might choose to maintain through one of our secure web portals and personal information otherwise provided through our general publicly available website. This Digital Platform Privacy Policy is distinct from the Notice of Privacy Practices, which is a special notice that describes how we may use and disclose your protected health information (“PHI”) to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law.
This Privacy Policy distinguishes between Personal Information contained in a Personal Health Record (“PHR”) that you might choose to maintain through on one of our secure web portals and personal information otherwise provided through our general publicly available website. This Website Privacy Policy is distinct from the Notice of Privacy Practices, which is a special notice that describes how we may use and disclose your protected health information (“PHI”) to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law.
Data Collection
Website
Data collected directly from visitors. This Policy applies to the operation of the Website that directly links to this statement when you click on “Privacy Policy” in the website footer. Through the Website, we may collect information that can identify you, such as your name, address, telephone number, e-mail address, and other similar information (“Personal Information” or “Your Information”) when it is voluntarily submitted to us (see discussion below about “IP Addresses” if you have a broadband connection). We will use your Personal Information to respond to requests you may make of us, and from time to time, we may refer to your Personal Information to better understand your needs and how we can improve our Website, products, and services. You are not required to provide this information; however, if you choose not to, we may not be able to provide you the requested service.
Data collected automatically. The Website may use a technology known as web beacons – sometimes called single-pixel gifs – that allow this site to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of our webpages by the computer (called a “webserver”) that hosts our Website . The webserver automatically recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using (e.g., Edge), the type of operating system you are using (e.g., Windows 10), and the domain name and address of your Internet service provider (e.g., AT&T). We may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.
This Website may use a technology called a “cookie”. A cookie is a piece of information that our webserver sends to a browser file on your computer when you access a website. When you come back to our Website, we will detect whether you have one of our cookies on your computer. Our cookies help provide additional functionality to the site and help us analyze site usage more accurately. For instance, our site may set a cookie on your browser that keeps you from needing to remember and then enter a password more than once during a visit to a site.
Website uses Internet Protocol (IP) Addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet. Generally, an IP address changes each time you connect to the Internet. Note, however, that if you have a broadband connection, depending on your individual circumstance, it is possible that your IP Address that we collect, or even perhaps a cookie we use, may contain information that could be deemed identifiable. This is because, with some broadband connections, your IP Address does not change and could be associated with your personal computer. We use your IP address to report aggregate information on use and to help improve the Website.
Any other information transferred by you in connection with your visit to our Website (“Other Information” – that is, information that cannot be used to identify you) may be included in databases owned and maintained by Opya or its agents. Opya retains all rights to these databases and the information contained in them. Other Information we collect may include your IP Address and other information gathered through our weblogs and cookies.
Mobile Apps
Data collected by our Mobile Apps. To use our Mobile Apps, users will need to create an account. Certain Personal Information is required to both create and verify your account such as: user’s full name, user’s email, user’s zip code, user’s child’s full name, user’s child’s date of birth, and user’s child’s therapy services with us. Users may choose to provide additional information as it pertains both to specific features of the Mobile Apps and their child’s specific treatment(s) with us. This information can include: conversations about treatment scheduling, conversations about specific treatment(s), data collected by users as specifically designed and implemented by your treatment team(s), media files which may include pictures and video, service-related documents, and feedback you may provide around our service(s) and/or products.
Data collected automatically. When you use our Mobile Apps, certain information is automatically collected by us. This information is either necessary to provide and improve the user experience, or received in aggregate about the use of our Mobile Apps as gathered and provided by third-party providers (Apple Store, Google Play Store, Google Analytics) associated with your mobile device’s operation system. This information may include your device’s operating system and application access dates and usage duration. We do not receive or collect this information unique to you or your use of our Mobile Apps.
Data collected by requested access to your mobile device. Certain features of our Mobile Apps request access to either your mobile device’s camera, photos, or both. This access is not required by our Mobile Apps, and thus optional to the user. You may grant or remove access at any time. However, access to your mobile device’s camera and/or photos is necessary for certain features of our Mobile Apps to function properly.
Data not intended for collection. While our Mobile Apps are intended to collect information pertaining to our clients, which includes children, it is not for use by children or minors under the age of 18. If you discover that your child has used our Mobile Apps to provide us with their personal information without your consent, please email us at
Data collected automatically. This site may use a technology known as web beacons – sometimes called single-pixel gifs – that allow this site to collect web log information. A web beacon is a graphic on a web page or in an e-mail message designed to track pages viewed or messages opened. Web log information is gathered when you visit one of our websites by the computer that hosts our website (called a “webserver”). The webserver automatically recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using (e.g., Internet Explorer), the type of operating system you are using (e.g., Windows 10), and the domain name and address of your Internet service provider (e.g., AOL). We may also include web beacons in promotional e-mail messages in order to determine whether messages have been opened.
This website may use a technology called a “cookie”. A cookie is a piece of information that our webserver sends to your computer (actually to your browser file) when you access a website. Then when you come back our site will detect whether you have one of our cookies on your computer. Our cookies help provide additional functionality to the site and help us analyze site usage more accurately. For instance, our site may set a cookie on your browser that keeps you from needing to remember and then enter a password more than once during a visit to a site.
This website uses Internet Protocol (IP) Addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet. Generally, an IP address changes each time you connect to the Internet (it is a “dynamic” address). Note, however, that if you have a broadband connection, depending on your individual circumstance, it is possible that your IP Address that we collect, or even perhaps a cookie we use, may contain information that could be deemed identifiable. This is because with some broadband connections your IP Address doesn’t change (it is “static”) and could be associated with your personal computer. We use your IP address to report aggregate information on use and to help improve the website.
Any other information transferred by you in connection with your visit to this site (“Other Information” – that is, information that cannot be used to identify you) may be included in databases owned and maintained by Opya or its agents. Opya retains all rights to these databases and the information contained in them. Other Information we collect may include your IP Address and other information gathered through our weblogs and cookies.
Our Use of Personal Data
We will use Personal Information only for the purposes set forth below.
Services and Transactions. We use your Personal Information to deliver treatment services or execute transactions you request, such as answering customer service requests, providing information about our products and services, and processing orders. We may also enhance or merge your Personal Information with data obtained from third parties for the same purposes.
Marketing Communications. With your permission, we may use Your Information to inform you of products or services available from the Company. When collecting information that might be used to contact you about our products and services, we give you the opportunity to opt-out from receiving such communications. Moreover, each email communication we send includes an unsubscribe link allowing you to stop delivery of that type of communication. If you elect to unsubscribe, we will, within 10 business days, remove you from the relevant email list.
Employment Applications. In connection with a job application or inquiry, you may provide us with data about yourself, including your educational background, resume, and other information, including your ethnicity, sex, veteran status or other identifying information, where required or permitted by law. We may use your Personal Information for the purpose of employment consideration. We will keep the information for future consideration unless you direct us not to do so.
Website Improvement. We may use data about you to improve our Website (including our security measures) and related products or services.
Disclosure of Personal Information
Except as described below, Personal Information that you provide to us via our Digital Platform will not be shared outside of Opya, or its business partners who have agreed to maintain the confidentiality of your Personal Information, without your consent.
Sharing Data with our Contractors. We may share Your Information with agents, contractors, or partners of Opya in connection with services that these individuals or entities perform for, or with, Opya. These agents, contractors, or partners are restricted from using this data in any way other than to provide services for Opya, or services for the collaboration in which they and Opya are engaged (for example, some of our products may be developed and marketed through joint agreements with other companies). We may, for example, provide your information to agents, contractors, or partners for hosting our databases, for data processing services, or so that they can send you information that you requested.
Security Matters. Opya reserves the right to share your Personal Information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state, or company security is at issue, Opya reserves the right to share our entire database of visitors and customers with appropriate governmental authorities.
Business Sale. We may also provide your Personal Information to a third party in connection with the sale, assignment, or other transfer of the business of the Digital Platform to which the information relates, in which case we will require any such buyer to agree to treat Your Information in accordance with this Privacy Policy.
Information You Make Public Through Use of Our Services and User Privacy Settings. Our Digital Platform may contain certain features that give you an opportunity to interact with Opya and others. These may include chats, forums, message boards, and personal community profiles. When you use these features, you should be aware that any information you submit, including your name, location and email address, may be publicly available to anyone, including other users, search engines, advertisers, third party application developers, and anyone else with access to our Online Services. We are not responsible for any information you choose to submit and make public through these interactive features.
Security
Areas of our Digital Platform that collect Your Information use industry standard secure socket layer encryption (SSL); however, to take advantage of this, your browser must support encryption protection. Additionally, we take the security of your information very seriously, and enforce additional security efforts via physical, electronic, and managerial procedures. We cannot guarantee the security of PII (Personally Identifiable Information) transmitted to us. We highly recommend that you take all precautions to protect your PII while you are on the internet.
Reviewing Personal Data
In some cases, you can review and correct your Personal Information provided through our Digital Platform by going to the page on which you provided the data, or the About section of our Mobile Apps.
International Transfers of Personal Data
Personal data collected on our Digital Platform may be stored and processed in the United States or another country where our service providers are located. By choosing to use our Digital Platform and to provide data to it, you consent to any such transfer of information.
We offer our Services only to individuals located in the United States, and we do not advertise our Services outside the United States. If you are located outside the United States and choose to provide your Personal Information to us, please note that we may transfer your Personal Information to the United States or another country where our service providers are located, and such countries may not provide the same data protection. Those who choose to access and use the Services from outside the United States do so on their own initiative, at their own risk, with this understanding.
Links to other Websites
As a convenience to our visitors, our Digital Platform may contain links to a number of sites that we believe may offer useful information.
Children
We are committed to protecting the privacy of children in connection with the use of our Services. Our Digital Platform is not intended for use by individuals under the age of 18. We do not knowingly collect Personally Identifiable Information (“PII”) from any individual under the age of 18.
Our Mobile Apps collect limited PII regarding your child for verification purposes. However, it is not for use by children or minors under the age of 18. If you become aware that your child has provided us with personal information without your consent, please contact us at [email protected].
California Privacy Rights
With respect to the California Consumer Privacy Act of 2018 (“CCPA”), you have certain rights in relation to the Personal Information you share with us.
The right to access. You have the right to know and request access to details around the Personal Information that we collect about you. These details include our use of your Personal Information, the categories of third parties with whom your Personal Information is shared, the categories of Personal Information we have collected about you, the categories of sources from which we collect your Personal Information, and the specific pieces of your Personal Information that we collect. These rights are subject to certain exceptions. For example, we cannot share specific pieces of Personal Information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of that Personal Information, your account, or the security of our systems of networks.
The right to opt-out of the sale of your Personal Information. We do not sell your Personal Information and would not without your consent.
The right to delete. You have the right to request the deletion of your Personal Information. However, exemptions to this right exist if the Personal Information pertains to HIPAA as outlined under California Civil Codes 1798.145(c)(1)(A) and 1798.145(c)(1)(B). Under these codes, information is exempt if it pertains to treatment, payment, or healthcare operations; and if it is properly stored within the guidelines of HIPAA regulations.
The right to non-discrimination for excercising your rights. We will not discriminate against you for exercising your legal rights. This extends to the level of quality of services and goods, associated fees or charges, and the denial of any services and goods.
If you wish to exercise your rights as outlined above, please see the section below, “Questions about your privacy practices”, for contact information.
Questions about our Privacy Practices
If you have questions regarding this Policy or would like to be removed from our email marketing list, please contact us by email – [email protected], or by mail at:
Opya, Inc. Attn. Privacy Policy Matters, 400 Concar Dr. Suite 04-134, San Mateo, CA 94402
You can also make a request to review and correct your Personal Information collected via our websites or submit any inquiries or concerns you may have regarding your Personal Information. We may take steps to verify your identity before providing you access to personal data.
Changes to this Privacy Statement
We may modify this Policy from time to time. We encourage you to read this Policy periodically to ensure you have up-to-date knowledge of our privacy practices. The date of change will be shown next to “Last Updated” at the top of this page. By continuing to access or use the Services after changes to this Policy become effective, you accept the revised Policy. If any changes are unacceptable to you, you may stop using our Services at any time.
