This document is legally binding, so you should read it in its entirety.
RAE Health is the data controller of the personal data collected from the User through RAE and the App. RAE and the App may be used by adults and by children, (“users”). Where RAE is to be utilized by a minor, we require that a parent registers with the App and RAE on behalf of the minor. Where such minor is under 16 years old, the parent must provide verifiable parental consent to the collection and use of the personal data by RAE.
WHAT KIND OF PERSONAL DATA DOES RAE COLLECTS ABOUT THE USER?
RAE collects the following categories of PHI and PII:
RAE Application, web-based and clinical portal Service Registration. RAE collects the name, date of birth, medical history, drug abuse history, medications, prescribed medication dosing, drug testing schedule, check ins, geographical location, sleep metrics, drug use, primary care provider, clinical treatment history, billing information, treatment contacts, registered locations for check ins, clinical responses and questionnaires, and contact details of the User and any designated caregivers or delegated consents if the user is a minor.
With regard to the designated caregiver/treatment provider, the User declares and warrants to have a signed HIPAA release with RAE's privacy information notice and prior consent to the processing of the user’s personal data by RAE for the provision of the Services prior to provide the user’s personal details to RAE.
Other Information. RAE automatically collects and stores in the RAE clinical portal the following information via the software development kit with the device and the App, whenever the User's device is connected to the APP;
Physiological Information. RAE tracks, in real-time biometric information from the Software Development Kit of the wearable device utilizing RAE’s proprietary algorithm and the sensor information from the device in-use. This information is transmitted, automatically, from the Software Development Kit of the device in use to the App, using Bluetooth®, and then from the App to RAE’s clinical portal via the Users' mobile device’s WiFi connection or other cellular network.
Technical Information. RAE also collects other technical information such as IP address, Device identifier, geolocation information (which are collected exclusively when the Service detect a physiological event or when the user manually pushes to record), the user’s responses or lack of response to the survey questions, if the user check’s in to locations, if the user is utilizing the ability to reach out to a pre assigned contact, if the user utilizes the breathing exercise, the dates and times of access to the App, the phone/device type, as well as the software version, operating system, Bluetooth® and WiFi settings (On/Off).
Clinical information. RAE collects, HIPAA through HI-TECH transmits and stores your responses to the DBT or clinical questions, journaling responses, user engagement activities, and general user data of the RAE application and clinical portal.
Geographical Information. RAE collects, HIPAA through HI-TECH transmits and stores your geographical location when an event is detected and through noted check-ins submitted by you, the end user.
HOW DOES RAE USE THE USER'S PERSONAL DATA?
Covered Healthcare Entities and Covered Healthcare Practitioners are hospitals, clinics, practices or other medical groups or healthcare systems that have contracted with RAE Health to permit use of the Service by their respective Clinicians and Patients; Clinicians are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors to a Clinical Partner) provide healthcare or related services to Patients; and Patients are individual patients of the Clinical Partner who receive medical treatments or other healthcare services from one or more Clinicians, or individuals who are properly authorized representatives of any such patient.
Through their provision of healthcare services to Patients, Clinicians and Clinical Partners will have access to and be responsible for Patient PII and PHI Information as defined by Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules or other applicable laws.
RAE processes the above-mentioned PHI and PII of the user for the provision of healthcare services to the User by the user’s covered healthcare entity, covered healthcare practitioner, Clinicians and Clinical Partners (‘Treatment Professionals”). Treatment Professionals will have access to and be responsible for Patient PII and PHI Information as defined by Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules or other applicable laws.
In addition to the above-mentioned PHI and PII, RAE utilizes the data collected for the following:
the provision of the services available through RAE and the App, including the billing of the relevant fees, gathering activity information;
the provision to the User of customer support and technical assistance, including the delivery of communications relating to the provision of the services through RAE;
the measurement of the service quality and relevant metrics provided through RAE and the App;
the management of complaints and disputes;
the performance of credit recovery procedures and credit assignment to authorized companies, also by means of third parties;
RAE Health can collect data from you. This includes biometric data, answers to health-related questions, journaling responses, user engagement with the RAE Health system and application and geographical location.
We can summarize and de-identify the data we collect from you, so we can build a better and more helpful product. You own your identifiable personal data, but we own the anonymized or de-identified version of it.
the performance of tests, updates and developments of RAE, the App, Research, and more in general the services provided by RAE, in order to optimize the services provided to the User also by way of machine learning systems and artificial intelligence provided that the process of personal data, albeit limited to the necessary, is essential in order to carry out such tests activities;
the performance of technical assessment, research and due diligence activities by third parties such as acquirers and/or their advisors for a potential merger, sale of assets or transfer of all or a material part of its business, by disclosing and transferring the Client's de-identified personal data to the third party or parties involved in the transaction as part of the transaction; (the purposes of letters from f. to g. above are jointly referred to as "Legitimate Interest Purposes")
ON WHAT LEGAL BASIS DOES RAE PROCESS THE USER PERSONAL DATA?
The processing of the User personal data is necessary with regard to the Contractual Purposes as it is essential:
for the performance of the contract regarding the provision of the requested Services with regard to the cases as per Section 4 letters from a. to g.; and
for the performance of the contract regarding the provisions of the requested Services with regard to the cases as per Section 3.
for the performance of the contract regarding the provisions of the requested Services with regard to the cases as per Section 4 letter f. through j.
in order to comply with provisions as provided by the applicable laws, HIPAA and PHI.
Should the User not provide its personal data with regard to the Contractual Purposes, RAE will not be able to provide the Services to the User.
In addition to the above, with reference to the collection of Special Categories of Data processed for Contractual Purposes RAE will collect the User's consent.
However, if the User does not provide its consent to the processing of Special Categories of Data RAE will not be able to provide the Services.
HOW DOES RAE PROCESS THE USER'S PERSONAL DATA?
RAE uses secure server software (SSL), firewalls, HIPAA compliant end-to-end encryption to protect your PII from unauthorized access, disclosure, alteration, or destruction.
WHO CAN HAVE ACCESS TO THE USERS' PERSONAL DATA?
For the Contractual Purposes, personal data may be transferred to the following categories of recipients (a) Covered Healthcare Entities and Covered Healthcare Practitioners (b) companies of the RAE Health group, (c) persons and authorities whose right to access personal data is recognized by law, regulations or provisions issued by legally empowered authorities. The abovementioned recipients will process personal data as data controllers, data processors or persons in charge of processing, depending on the circumstances. For the Legitimate Interest Purposes, personal data may be transferred to the following categories of recipients located (a) third parties service providers entrusted with processing activities that provide services or assistance with reference to credit recovery procedures and credit assignments, as well as tests, updates and developments of RAE and the App, (b) companies of the RAE Health Group, (c) potential purchaser of RAE Health and the entities resulting from mergers or any other transformation involving RAE Health, (d) The user’s Healthcare provider, (e) the User’s Covered Healthcare entities and providers.
A complete list of the data processor is available upon request through the modalities as per Section 8 below.
DATA RETENTION PERIODS APPLYING TO THE USERS' PERSONAL DATA
PHI and PII of the User will be stored for the period necessary to fulfill the purposes for which the data was collected as outlined in this Privacy Notice. In addition, the following retention periods will apply to the processing of the User PHI and PII for the purposes indicated below:
data collected for Contractual Purposes and for Legitimate Interest Purposes is retained during the provision of the Services plus a period of 10 years after the termination or withdrawal from the contract with RAE, except when the detention of the data is necessary to respond or to file a legal action, upon request of the competent authorities or in compliance with the applicable laws;
WHAT ARE THE USERS' RIGHTS WITH REGARD TO PERSONAL DATA?
The User, at any given time, can exercise the following rights, by sending an email to the following address email@example.com
(a) to obtain from RAE confirmation of the existence of personal data and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;
(b) object in whole or in part, on legitimate grounds, to the processing of the data;
(c) to withdraw the consent to the processing of the data (if and to the extent such a consent is necessary).
DATA PROTECTION OFFICER
The Data Protection Officer appointed by RAE pursuant to Section 37 of the Privacy Regulation can be contacted at the following email address: firstname.lastname@example.org
This privacy information notice might be subsequently updated or integrated. Changes will be notified in advance and in any case User will be able to review the updated version of the privacy information notice on the website www.RaeHealth.com.
License Terms and Conditions RAE Health grants you a limited, non-exclusive license to use the Application in accordance with the terms of this Agreement. You agree not to reproduce, copy, modify, decompile, disassemble, reverse engineer or create derivative works of any portion of the Application, and you may not transfer or distribute it in any form, for any purpose. RAE Health reserves the right to modify the Application, or to discontinue offering the Application all together at any time and for any reason, including without limitation, if any third-party supplier ceases to supply content or services, or if RAE Health’s contract with such supplier terminates. In the event RAE Health shall discontinue offering the Application, this Agreement and your rights under it shall terminate immediately. The Disclaimers of Warranty and Liability contained in this Agreement shall survive such termination.
Restrictions. You are prohibited from selling, renting or leasing the Application to any other person or third party. You acknowledge that the Application should be used only for general information purposes and you should not rely on the Application for any life or death situation.
No Warranty. This Application is provided to you “as is,” and you agree to use it at your own risk. RAE Health makes no guarantees, representations or warranties of any kind, express or implied, arising by law or otherwise, including but not limited to, content, quality, accuracy, completeness, effectiveness, reliability, merchantability, usefulness, use or results to be obtained from the Application, or that the Application will be uninterrupted or error-free.
Disclaimer of Warranty. RAE HEALTH DISCLAIM ANY WARRANTIES, EXPRESS OR IMPLIED, OF QUALITY, PERFORMANCE, MERCHANTABILITY, OR NONINFRINGEMENT. NO ORAL OR WRITTEN ADVICE OR INFORMATION PROVIDED BY RAE HEALTH SHALL CREATE A WARRANTY, AND YOU ARE NOT ENTITLED TO RELY ON ANY SUCH ADVICE OR INFORMATION. THIS DISCLAIMER OF WARRANTIES IS AN ESSENTIAL CONDITION OF THIS AGREEMENT. Some States, Territories and Countries do not allow certain warranty exclusions, so to that extent the above exclusion may not apply to you.
Disclaimer of Liability. RAE HEALTH SHALL NOT BE LIABLE TO YOU: IN RESPECT OF ANY CLAIM, DEMAND OR ACTION, IRRESPECTIVE OF THE NATURE OF THE CAUSE OF THE CLAIM, DEMAND OR ACTION ALLEGING ANY LOSS, INJURY OR DAMAGES, DIRECT OR INDIRECT, WHICH MAY RESULT FROM THE USE OR POSSESSION OF THE APPLICATION; OR FOR ANY LOSS OF PROFIT, REVENUE, CONTRACTS OR SAVINGS, OR ANY OTHER DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF YOUR USE OF OR INABILITY TO USE THE APPLICATION, ANY DEFECT IN THE APPLICATION, OR THE BREACH OF THESE TERMS OR CONDITIONS, WHETHER IN AN ACTION IN CONTRACT OR TORT OR BASED ON A WARRANTY, EVEN IF RAE HEALTH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. RAE HEALTH’S AND ITS AFFILIATES’ TOTAL AGGREGATE LIABILITY WITH RESPECT TO ITS OBLIGATIONS UNDER THIS AGREEMENT OR OTHERWISE WITH RESPECT TO THE APPLICATION SHALL NOT EXCEED $1.00. Some States, Territories and Countries do not allow certain liability exclusions or damages limitations, so to that extent the above may not apply to you.
Export Control. You agree not to export from anywhere any part of the Application provided to you or any direct product thereof except in compliance with, and with all licenses and approvals required under, applicable export laws, rules and regulations.
Indemnity. You agree to indemnify, defend and hold RAE Health and its affiliates free and harmless from and against any liability, loss, injury (including injuries resulting in death), demand, action, cost, expense, or claim of any kind or character, including but not limited to attorney’s fees, arising out of or in connection with any use or possession by you of the Application.