PRIVACY POLICY
Date of Last Revision: December 1, 2022
This Privacy Policy is meant to help You the website user (“You,” or “Your”) understand what data We collect, why We collect it, and what We do with it. Please take the time to read it carefully.
This website (the “Site”) is owned and operated by Arose, LLC, a Colorado limited liability company with its principal office at 6547 N. Academy Blvd., #1276, Colorado Springs, CO 80918 (“Arose,” “Our,” “Us,” or “We”). Arose is responsible for the processing of Your collected personal information and data. By interacting with Arose through the use of Our Site, mobile applications, products, offerings, or “Services,” as that term is defined in Our TOU (“TOU”), You consent to the use of information that is collected or submitted as described in this Privacy Policy and Our TOU. We incorporate Our TOU into this Privacy Policy by reference. We may change or add to this Privacy Policy and the TOU, so We encourage You to review them periodically. All capitalized terms used in this Privacy Policy but not defined within it have the meanings assigned to them in Our TOU.
The use of this Site and OUR Services is in no way intended to, nor does it create a MENTAL HEALTH or other professional relationship between You and AROSE. Any such PROFESSIONAL/patient relationship will be subject to Your individual patient agreement, IF APPLICABLE. Nothing on THE site is or should be considered MENTAL HEALTH or other professional advice, It is also not, and should not be considered to be, a substitute for medical or mental health advice, diagnosis, or treatment. Always seek the advice of Your medical or mental health professional or personal physician if You have any questions regarding a mental health or medical condition or concern.
IN CASE OF AN EMERGENCY, SEEK IMMEDIATE MEDICAL ATTENTION OR CARE BY IMMEDIATELY GOING TO AN EMERGENCY ROOM OR BY CALLING 911.
INFORMATION YOU PROVIDE US
We collect a number of different types of information You provide to Us through the use of Our Site and Services. For example, We collect information related to:
Registration and administration of Your account.
Processing Your orders and requests for treatment.
Your questions, communications, or feedback, submitted via request forms or email.
Your participation in research and surveys.
Your customer support and technical assistance requests.
Anything You upload or post to the Site or Services.
The type of information We collect from You will depend on the manner in which You use Our Site and Our Services, and the amount and scope of information You choose to provide to Us. We generally collect the following types of information directly from You:
Your name, address, telephone number, date of birth, and email address.
Health-related information or information related to facilitate the provision of mental health or professional services such as social security information, government-issued license or ID card information, information about Your medical and mental health conditions, life history, diagnoses, treatment options, physician and professional referrals, and other related health information, such as Your physical and emotional history and characteristics.
Log-in credentials, if You create an account.
Billing information, such as credit or debit card number, verification number, expiration date, home address or postal code, and identity verification information, collected by Our payment processors and electronic health record (“EHR”) providers.
Information about purchases or other transactions with Us.
Information about Your customer service and maintenance interactions with Us.
Demographic information such as Your gender, ethnicity, and age.
Any other information You choose to directly provide to Us in connection with Your use of Our Site or Services.
By voluntarily providing Us with Your information, You are consenting to Our use of it in accordance with this Privacy Policy and Our TOU.
Information We Collect Through Automated Means
We and Our service providers (third-party companies that work with Us and on Our behalf), may use a variety of technologies, including cookies and other online tracking tools, to assist in collecting information from You, including as follows:
Location and Web Information: We may collect and use information when You use Our Site, such as general geolocation data (IP address, city/state, postal code), browser type and language, Wi-Fi access points, and cell tower positioning, software and hardware attributes, files You download, clicks, domain names, landing pages, viewed pages, the date/time You use Our Site and Services, and similar information. When You use Our apps, We automatically collect information about the mobile device or computer used to access the app in addition to the information listed above.
Precise Location Information: We will ask Your permission before collecting Your precise GPS location information. In such instances, We will use this information to provide customized services, content, promotional offers, and other information that may be of interest to You. If You no longer wish for Us and Our service providers to collect and use GPS location information, You may disable the location features on Your device. Please see Your device manufacturer settings.
Our Use of Cookies and Similar Online Tools. We may use cookies, server logs, tags, tracking pixels, and other similar tracking technologies to receive and store certain types of information whenever You interact with Us or third-parties that use Our Services, as described in this Privacy Policy. Examples of information generally provided by these search technologies include but are not limited to: pages You visit, ads You click on, type of browser, device, or hardware You use, purchase information, IP location, and search terms.
A web server log is a file where website activity is stored.
A cookie is a small text file that is placed on Your computer or mobile device when You visit a site, that enables us to: (i) recognize Your computer/device; (ii) store Your preferences and settings; (iii) understand the parts of the Services You have visited and used; (iv), enhance Your user experience by delivering and measuring the effectiveness of content and advertising tailored to Your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads or email that are designed to: (1) collect usage information like ad impressions or clicks and email open rates; (2) measure popularity of the Services and associated advertising; and (3) access user cookies.
Your browser can help You manage these tracking technologies. You can choose to have Your computer warn You each time a cookie is being sent, or You can choose to turn off or block all cookies. These options are generally available through the settings menu on each browser and device You use. Each browser is a little different, so look at Your browser “Help” menu to learn the correct way to modify the use of these technologies (e.g., Internet Explorer; Chrome; Firefox; Safari). Please note, if You turn them off, You may not have access to many features of Our Site and Services.
ONLINE ANALYTICS
Analytics, Generally: We may use third-party web analytics services that use cookies and similar online tools to help Us analyze how users use Our Site and to enhance Your experience when You use the Services. We do not sell, give, or trade the statistics stored by tracking technologies to any third-parties for data-mining or marketing purposes. To learn more about Google Analytics’ use of this data, please visit:
https://marketingplatform.google.com/about/analytics/
To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page.
Online Advertising and Marketing Partners: We may utilize and integrate third-party advertising services and technologies. (e.g., ad networks and ad servers such as Facebook, Google Ad Words, and others) that use cookies and other technologies to deliver relevant content and advertising for Us, as well as on other websites You visit and other applications You use. The ads may be based on various factors such as the content of the page You are visiting, information You enter such as Your searches, demographic data, and other information We collect from You. These ads may be based on Your current activity or Your activity over time and across other websites and online services. Please see the following for more information about tailoring browser advertising and how You can generally control cookies related to it:
Network Advertising Initiative’s Consumer Opt-Out link
Digital Advertising Alliance’s Consumer Opt-Out link
We neither have access to, nor does this Privacy Policy relate to, the use of cookies or other tracking technologies that may be placed on the device You use to access the Site or Services by non-affiliated third-party advertising network services. We are not responsible for any choices You make using these mechanisms or the continued availability or accuracy of these mechanisms. Please note that if You exercise the opt out choices above, You may still see advertising when You use the Services, but it will not be tailored to You based on Your online behavior over time. For a current list of the third-party company services We utilize that may or may not collect Your browsing activities, please contact Our Data Protection Officer, as detailed below.
Notice Concerning Do Not Track. “Do Not Track” (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing You with meaningful choices about the information collected on Our Site for third-party purposes. We therefore provide a variety of opt-out mechanisms listed above. However, We do not currently recognize or respond to browser-initiated DNT signals. Please visit the Future of Privacy Forum’s website for more information on DNT.
HOW WE USE INFORMATION WE COLLECT
We use Your information for the following business purposes in the context of the Services:
· Perform, manage, and improve the Services, and develop new services.
· Facilitate the provision of healthcare services to You, and ensure the healthcare providers have the services and support necessary for healthcare operations.
· Internal auditing and research to better understand and improve the Services.
· Communicate with You about the Services, including facilitating communication with healthcare providers utilizing the Services.
· General marketing services, including communications, analysis, and research.
· Security (e.g., protecting against and detecting security breaches, fraud and malicious activity, and taking action against wrongdoers).
· Technical support and customer service.
· Verifying identity and administering Your account, including processing payments.
· Debugging (identifying and fixing technical errors).
· Legal compliance.
· Testing or improvement of the Services.
· Establishing, exercising, or defending Our legal rights where necessary for Our legitimate interests or the legitimate interests of others.
If We intend to use any of Your information in any manner that is not consistent with this Privacy Policy, You will be informed of such anticipated use prior to or at the time at which the information is collected. We retain Your information for no longer than is necessary to fulfil the purposes described in this Privacy Policy, unless otherwise required by law. The length of time for which We retain information depends on the purposes for which We collected and use it, or as required to comply with applicable laws. To the extent We maintain any mental health information, medical information, or PHI, all such information is maintained in accord with applicable state and federal laws, rules, regulations, and ethical guidelines.
PROTECTED HEALTH INFORMATION
All mental health, medical, or protected health information (PHI) information We collect remains subject to applicable state and federal laws, rules, regulations, and ethical guidelines, including but not limited to HIPAA and HITECH. We abide by all such applicable laws.
Aggregated/De-Identified Data
We may aggregate or de-identify any information collected through the Services so that such information can no longer be linked to You or Your device. We may use this aggregated/de-identified information for any purpose, including for research and marketing purposes, and may also share such data with any third-parties, including advertisers, promotional partners, and sponsors.
Our Disclosure of Your Personal Data and Other Information
We do not sell Your information. We consider this information to be a vital part of Our relationship with You. There are, however, certain circumstances in which We may share Your Personal Data with certain third-parties without further notice to You, as discussed above and set forth below:
Business Transfers: As We develop Our business, We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, acquisition, dissolution, liquidation, or similar event, Personal Data may be part of the transferred or affected assets. We reserve the right to transfer all Personal Data in Our possession to a successor entity in the event of a merger, acquisition, bankruptcy, or other sale of all or a portion of Our assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personal Data will be subject to this Privacy Policy, or to a new privacy policy upon notice to You and where You do not affirmatively opt-out. Personal Data submitted or collected after a transfer may be subject to a new privacy policy of the successor entity.
Related Companies: We may also share Your Personal Data with any affiliate companies for purposes consistent with this Privacy Policy, as discussed in this Privacy Policy.
Healthcare Providers and Services. Depending on Your relationship with Us, We may share Your information with healthcare providers to: (i) schedule and fulfill appointments and facilitate or coordinate healthcare services; (ii) allow patient messaging through Our Services or EHR portal; and (iii) facilitate other treatment, payment, or healthcare operations purposes, including pharmacy services, upon Your request.
Agents, Consultants, and Related Third-Parties: Arose, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases, analytics, and processing payments. When We employ another entity to perform a function of this nature, We only provide them with the information that they need to perform their specific function.
Legal Requirements: Arose may disclose Your Personal Data if required to do so by law or in the good faith belief that such action is necessary to: (i) comply with any applicable law, legal process, judgment, order, or enforceable governmental request; (ii) protect and defend the rights or property of Arose, including the enforcement of applicable TOU, including investigation of potential violations; (iii) act in urgent circumstances to protect the personal safety of users of Our Services or the public, including the detection, prevention, or to otherwise address fraud, security, or technical issues; or, (iv) protect against legal liability.
Consent. We may also disclose Your information in other ways You direct Us to and when We have Your consent.
Aggregate/De-Identified Information. We reserve the right to create Aggregate/De-Identified Data from the information We collect through the Services and Our sharing of such Aggregate/De-Identified Data is in Our discretion.
Your Choices
Your Choices, Generally. You may instruct Us not to use Your contact information to contact You by email, mail, or phone regarding products, services, promotions and special events that might appeal to Your interests by contacting Us using the information below. In commercial email messages, You can also opt out by following the instructions located at the bottom of each email. Please note, regardless of Your request, We may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, You may not opt out of certain operational emails, such as those reflecting Our relationship or transactions with You.
Privacy Information for California Residents. If You are a California resident, California law requires Us to provide You with some additional information regarding how We collect, use, and share Your “personal information” (as defined in and governed under the California Consumer Privacy Act (“CCPA”) and the California Privacy Regulation Act (“CPRA”)).
a. Categories of personal information We collect. Throughout this Policy, We discuss in detail the specific pieces of personal information We collect from and about Our users. Under the CCPA and CPRA, We are also required to provide You with the “categories” of personal information We collect. The categories We collect are: identifiers (such as name, age or date of birth, postal address, email address, passwords, screen names, and account names); commercial information (such as transaction data); financial data (such as credit card information); internet or other network or device activity (e.g., IP address or app usage); general and precise geolocation information; inference data about You (e.g., the products and services You might be interested in based on other products and services You use); legally protected classifications (e.g., gender); PHI, sexual orientation, religious, and medical and mental health history (only in the context of a professional relationship and subject to applicable federal and state laws and professional ethical guidelines); and other information that identifies or can be reasonably associated with You.
b. How We use and share these categories of personal information. We use and share the categories of personal information We collect from and about You consistent with the various business purposes We discuss throughout this Policy. Please note the CCPA and CRPA set forth certain obligations for businesses that “sell” personal information to third-parties. We do not engage in such activity and have not engaged in such activity in the past twelve months.
c. Your California Privacy Rights. If You are a California resident, state law allows You to make certain requests about Your personal information. Specifically, You may request Us to:
· Inform You about the categories of personal information We collect or disclose about You; the categories of sources of such information; the business or commercial purpose for collecting Your personal information; and the categories of third-parties with whom We share or disclose personal information.
· Provide access to or a copy of certain information We hold about You.
· Delete certain information We have about You.
· Request that We not share or sell Your Personal Data.
· Correct Your inaccurate Personal Data.
· Request We limit Our use of Your sensitive personal information, including precise geolocation, race, ethnicity, religion, genetic data, private communications, sexual orientation, and specified health information. To be clear, We do not collect much of this information, as described above.
Please note that certain information may be exempt from such requests under California law. For example, We need certain information in order to provide the Services to You. We also will take reasonable steps to verify Your identity before responding to a request. If You are a California resident and You would like to exercise any of Your data rights under California law, please contact Us at drrozycki@arose-etherapy.com. Please include Your full name, email address, and residential address associated with Your use of Our Services, along with the rights You would like to exercise, so that We can process Your request in an efficient manner.
d. Right to Non-Discrimination. The CCPA further provides You with the right to not be discriminated against (as provided for in applicable law) for exercising Your rights. In regard to and as a result of Your exercise of this right, We may not then:
· deny You goods or services that We would not otherwise;
· charge You different prices for services, whether through denying benefits or imposing penalties;
· provide You with a different level or quality of services; and
· threaten You with any of the above.
e. Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from Us regarding the manner in which We share certain categories of personal information (as defined in the Shine the Light law) with third-parties for their direct marketing purposes. We do not share Your personal information with third-parties for their own direct marketing purposes.
f. Retention of Personal Data. We retain Your Personal Data for as long as necessary to fulfil the purposes described in this Privacy Policy, unless otherwise required by law. For example, We keep Your account profile information for as long as You keep Your Site account, but We may keep other information longer to comply with legal obligations. We do not retain Personal Data for any length of time longer than reasonably necessary for the purposes detailed in this Privacy Policy.
Privacy Information for Nevada Residents. Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity. If You are a Nevada resident who has purchased Services from us, however, You may submit a request to opt out of any potential future sales under Nevada law by emailing Us at drrozycki@arose-etherapy.com. Please include Your full name, email address, and residential address associated with Your use of Our Services, along with the rights You would like to exercise, so that We can process Your request in an efficient manner. Please note We will take reasonable steps to verify Your identity and the authenticity of the request. Once verified, We will maintain Your request in the event Our practices change.
Exclusions
This Privacy Policy only applies to Personal Data Arose collects through its Services, Site, and apps. This Privacy Policy does not apply to any unsolicited information You provide. All unsolicited information is deemed to be non-confidential, and Arose is free to reproduce, use, disclose, and distribute such information to others without royalty, limitation, or attribution.
Children Under the Ages of 16 or 13
Arose does not knowingly collect Personal Data from children under the age of 16 without permission, and does not knowingly collect any Personal Data from persons under 13. If You are under the age of 16, please do not submit any Personal Data through the Site, Our apps, or the Services without first providing Us permission. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce Our Privacy Policy by instructing their children never to provide Personal Data on the Site without their permission. If You are a minor under the age of 16, or a parent or legal guardian and have reason to believe a child under the age of 16 has provided Us Personal Data without consent, or a child under 13 has provided any Personal Data to Arose through the Site or the Services, please contact Us at the information below and We will endeavor to delete that information from Our databases.
Links to Other Websites; Third-Party Privacy Policy Applicability
We may include links on the Site or in Our Services to third-party websites and resources on the Internet. We do not independently review, control, are not responsible for, do not endorse, and are not liable for any content, event, advertising, products, goods, services, or other materials on or available from such other websites and resources. The websites We may link to are owned and controlled by other organizations or parties and the content on them was created by and belongs to other persons or entities. The privacy and security policies of any such third-party websites may differ from this Privacy Policy or Our TOU. The policies and procedures described in this Privacy Policy do not apply to those other third-party sites. The links from the Site and Our Services do not imply that Our endorses or has reviewed those third-party sites. You should contact and review those sites directly for information on their privacy policies.
Protection and Security of your information
We take a variety of organizational, technical, and reasonable steps to protect Your information from accidental or intentional loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No Internet or email transmission, however, is ever fully secure or error-free. You should never send confidential, proprietary, medical, mental health, PHI, or otherwise protected information via the Site unless You are using one of Our affiliated confidential communication and information services like an EHR portal. Any information You transmit outside of a confidential service may be non-confidential. You acknowledge and accept that We cannot guarantee the security of Your information transmitted to, through, or on Our Services or via the Internet and that any such transmission is at Your own risk.
If We believe the security of Your information in Our care may have been compromised, We will attempt to promptly notify You within 72 hours, or in accord with legal requirements as applicable. If We have Your email address, We may notify You by email using the most recent email address You have provided Us.
Where We have given You (or where You have chosen) a password that enables You to access the Services, You are responsible for keeping that password confidential. Do not share Your password with anyone. The information You share in public areas may be viewed by any user of the Services.
Terms and Conditions
Your access to and use of the Site and the Services is subject to Our TOU at all times.
Changes to Our Privacy Policy
Our Site, Services, and business may change from time-to-time. It may therefore be necessary for Arose to make changes to this Privacy Policy. We reserve the right to update or modify this Privacy Policy at any time and from time-to-time without prior notice. Please review this policy periodically and especially before You provide any Personal Data. This Privacy Policy was last updated on the date indicated at the top of it. Your continued use of Our Site and Services after any changes or revisions to this Privacy Policy indicates Your agreement with the terms of such revised Privacy Policy.
Information Accessibility; Contacting Arose
We welcome questions, comments, and concerns about Our Privacy Policy and privacy practices. To keep Your Personal Data accurate, current, and complete, please contact Us as specified below. We will take reasonable steps to update, correct, modify, or delete Personal Data in Our possession that You have previously submitted via Our Site or Services, or to resolve any additional privacy issue You identify. We aim to maintain Our Services in a manner that protects information from accidental or malicious destruction. Because of this, after You delete information from Our Site or Services, We may not immediately delete residual copies from Our active servers and may not remove information from Our backup systems.
To communicate with Our Data Protection Officer, please email drrozycki@arose-etherapy.com with the subject line, “attn: DATA PROTECTION OFFICER.”
Please also feel free to contact Us if You have any questions about this Privacy Policy or the information practices of Our Site and Services. You may contact Us at the following information:
Attn: Privacy Department
Arose, LLC
6547 N. Academy Blvd., #1276
Colorado Springs, CO 80918
561-570-2112