Information We Collect and How We Collect It
We may collect the following information from and about users of our Services:
- Information you provide to us. We may collect information you provide to us directly – for example, when you create a User Account, submit feedback, answer research questions, interact with Overt customer support, or use the Services. This includes contact information, such as name, home and billing address, email address, and telephone number; demographic information such as date of birth, gender, race/ethnicity; payment details like billing address and credit or debit card number (for payment purposes only); identity-verification information; health-related information, such as information about your medical history, medical conditions, treatment options, physician referrals, prescriptions, lab results, lifestyle and personal preferences, health insurance information, or other related health information, such as your physical and emotional characteristics; other information, such as Social Security Number, audio, images, and video of you; log-in credentials (if you create a User Account); and any other information you choose to provide to us about yourself or others. Note: if you choose to allow other apps on your device to share information with our Services, we may collect information from those other apps (for example, photos, health information, and/or audio clips).
- Information about your use of the Services. We may collect information related to your use of and interaction with the Services, such as communications with Providers through the Services, whether you are a current user, product interests, User Materials, and information related to your inquiries or requests.
- Information we collect automatically. When you interact with the Services, we may automatically collect information such as traffic data, logs, referring/exit pages, web page requests, location data, frequency and/or date and time of your activities on the Services, error information, clickstream data, IP address, usage data, and information about your Internet connection, device (such as a mobile device ID), connection speed, operating system, and/or browser. We may also collect information about your online activities over time and across third-party websites or other online services. Some of this data is collected using cookies and similar technologies. To learn more about these technologies and your choices regarding them, please see the section below titled “Your Data Choices”.
- Information we receive from social media services and other sources. We may collect information about you if you use any of the other websites we operate or the other services we provide. We may collect information from public sources, advertisers, partners, and other third parties (such as third-party intermediaries, including Providers and the Pharmacies). We may also collect information about you through a social media or other third-party account, such as Facebook or Google (each, a “Third-Party Account”). For example, if you access the Services or create a User Account through a Third-Party Account, you may allow us to have access to certain information in your Third-Party Account. This may include your name, profile picture, gender, networks, user IDs, list of friends, location, date of birth, email address, photos, videos, people you follow and/or who follow you, and/or your posts or “likes.” Social media sites and other third-party sites, such as Facebook and Google, have their own policies for handling your information. For a description of how these sites may use and disclose your information, including any information you make public, please consult the sites’ privacy policies. We have no control over how any third-party site uses or discloses the personal information it collects about you. We may combine information we receive from social media services and other sources with other information we collect from and about you.
How We Use Your Information
We may use the information we collect in the following ways:
- To provide, maintain, improve, manage and optimize our Services.
- To facilitate the provision of telehealth services to you by the Medical Groups and its Providers, the Labs, the Pharmacies and/or other health care providers, including for purposes of treatment, case management, patient engagement, medication management, and coordination of care, and to ensure that such Medical Groups, Providers, Labs, Pharmacies and/or other health care providers have the services and support necessary for health care operations.
- To communicate with you about the Services, your use of the Services, including by responding to your inquiries and requests and providing customer support or by sending you communications on behalf of your Provider and other health care providers to meet your needs.
- To verify your identity and administer your User Account.
- To process your payments and fulfill your orders.
- To research and analyze the effectiveness and functionality of our Services and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified, unless you give us your consent to be identified.
- To implement security features.
- To provide you with technical support and customer service and troubleshoot any technical issues or errors.
- In accordance with applicable legal requirements, advertise and market our Services and those of our third-party partners to you, including on third-party websites (subject to any opt-out preferences you have communicated to us).
- To personalize the Services, including engaging in analysis and research regarding use of the Services to better understand your interests and needs and measuring the effectiveness of advertising and content we serve to you and others to deliver and customize relevant advertising and content to you.
- To comply in good faith with our policies and any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.
- To protect the safety, rights, property or security of Overt, our users, employees, third parties, members of the public and/or our Services.
- For any other purpose with your consent.
We may aggregate, de-identify and/or anonymize any information collected through the Services so that such information is no longer reasonably capable of being associated with you. We may use aggregated or anonymized information for any purpose, including for research and marketing purposes, and we may also share such information for any purpose with any third parties, at our discretion.
How We Disclose Your Information
We may disclose your personal information under the following circumstances:
- To our employees and other personnel to provide you with the Services, provide customer support, and for similar purposes.
- Among our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries, for business purposes.
- To third party service providers with which we contract to help us deliver our Services and perform certain business and administrative functions, such as customer service, email management, payment processing, analytics, legal services, auditing, hosting the Services, and IT support (“Service Providers”). These Service Providers may also include the Medical Groups and its Providers, and other health care organizations, the Labs, and the Pharmacies.
- To our vendors that provide services to enable us to promote and advertise the Services and the products and/or services offered via the Services, such as ad platforms or ad-retargeting services, as well as to comply with contact removal requests or requirements, such as mailing list removal services, do not call registries, and similar services.
- To the Medical Groups and its Providers, the Pharmacies or the Labs to enable them to provide health care and related services to you via the Services, including (i) to schedule and fulfill appointments, (ii) to enable the sending of messages through our Services, and (iii) for other treatment, payment or health care operations purposes, including pharmacy and laboratory services.
- If we sell, transfer, or otherwise share some or all of our assets with a third party in the event of a merger, sale, divestiture, restructuring, reorganization, dissolution, or other similar transaction, or in the event of bankruptcy, if your information is among the assets transferred. We may also share your information in diligence leading up to a potential corporate transaction.
- Where we have your consent or you have otherwise directed us to do so. For example, if you request us to share your information with a third party, you have consented to this disclosure.
Your Data Choices
Cookies and similar technologies. When you interact with the Services, we (and third parties acting on our behalf) may automatically collect certain information about your browser, device, and use of the Services through cookies, pixel tags, web beacons, local storage, and other similar technologies. Cookies are small text files stored on your browser or device, which allow us to provide certain features of the Services, personalize your user experience, and advertise our Services to you. You can find more information about cookies at www.allaboutcookies.org.
Mobile devices often include settings to help you manage how your device collects and shares information for advertising purposes. For more information on how to manage those devices settings, please visit the Network Advertising Initiative’s mobile choice page at www.networkadvertising.org/mobile-choice.
“Do Not Track” signals. “Do-not-track” (“DNT”) is a setting offered by some web browsers. DNT signals are not yet uniform, so we, like many other website operators, do not currently recognize or respond to DNT signals.
Location information. You can choose whether or not to allow our Services to collect real-time information about your device’s location through the device’s privacy settings. If you do not authorize us to collect location information, some parts of our Services may be inaccessible or not function properly.
Social media and other Third-Party Accounts. To control the information you share with us when you follow us, like our posts, or otherwise interact with us on social media, you can adjust your social media account settings related to how your information is shared. If you access the Services or create a User Account through a Third-Party Account, please consult the settings in the applicable Third-Party Account to control how the provider of the Third-Party Account shares information with us.
Push notifications: If your device is configured to receive push notifications, we may send you push notifications. If you no longer wish to receive these types of communications, you may turn them off through your device settings.
Other choices. You can review and change certain of your information by logging onto our Services and visiting your User Account. Depending on your jurisdiction of residence, you may have certain rights to access, delete, or correct your information. Your rights will be subject to applicable exceptions, and we will need to verify your identity before processing your request. If you would like to submit a request relating to your data, please email us at email@example.com.
Please note that if you delete your User Account, medical providers, including Providers, and other affiliates may still have the right to retain information under applicable law, regulations, or their own retention policy. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Protected Health Information
When you set up a User Account with Overt, you are creating a direct customer relationship with Overt that enables you to access and/or utilize the Services. As part of that relationship, you provide information to Overt, including but not limited to, your name, email address, shipping address, phone number and certain transactional information that are not “protected health information” or “medical information.”
However, in using certain components of the Services, some of the information we collect may constitute “protected health information” (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA”).
We keep your information for the time necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and your choices, after which time we may delete and/or aggregate it. We may also retain and use this information as necessary to comply with our legal obligations, as necessary for our legitimate business interests, to resolve disputes, and to enforce our agreements.
We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us. However, transmitting information via the Internet is not completely secure, so although we take steps to protect your information, we cannot guarantee complete security. You share information with us at your own risk.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Our Services are not directed to children under the age of eighteen (18) without parental consent. We do not knowingly collect information for individuals under the age of 18 (including, for children under the age of 13, “personal information” as defined in the U.S. Children’s Online Privacy Protection Act) without the verifiable consent of that child’s parent or guardian. If we learn that we have received any information for an individual under the age of 18, we process and delete that information as required by applicable law. If you are aware of a child providing personal information to us without parental consent, please contact us using the information below.
Categories of Personal Information Overt Collects
- Identifiers such as name, phone number, mailing address, email address, and User Account information (such as username and password), IP address, online identifiers, and device identifiers;
- Financial information such as payment card number, and insurance information such as insurance policy number, if you use insurance to purchase a Service or product;
- Health and medical information, such as your medical history and information we derive from health symptoms and health information;
- Protected characteristics such as your age, gender, religion, race and ethnicity;
- Commercial information such as purchase history;
- Internet or other electronic network activity information such as information about domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete, search terms, and uploads or downloads;
- Professional or employment-related information such as the name and address of the company you work for, in connection with insurance requests;
- Audio and visual information, such as audio, video, and images of you;
- Geolocation information such as your precise or approximate location; and
- Other personal information, such as date of birth and any other personal information you share with us.
Using and Sharing Personal Information
We may use any of the categories of personal information for the purposes stated in Section 3 above with the third parties listed below, to provide you with the Services, and to other parties with your consent. We share your personal information with the following affiliated and non-affiliated parties, for any of the purposes in Section 3 above:
- Our affiliates.
- Service Providers (as defined above and in the CCPA) that provide us with services to support our operations, such as customer service, email management, analytics, and IT providers.
- A third party, including another company, during the negotiations for and if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part).
- Government authorities and law enforcement, if we are required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Other third parties, for purposes of fulfilling our legal obligations under applicable law, regulation, court order, or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property, or safety of you, us, or another party; enforcing any agreements with you; responding to claims; and resolving disputes.
- With your consent, or as otherwise directed by you.
The CCPA sets forth certain obligations for businesses that “sell” (as defined in the CCPA) personal information to third parties. Based on our understanding of the definition of “sell,” we do not “sell” your personal information and have not done so in the prior 12 months from the effective date of this Policy.