I. Collection and Use of Personal Information.
II. What personal information we collect.
III. How we use Your personal information.
IV. Collection and Use of Non-Personal Information.
We also collect data in a form that does not identify any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
V. Cookies and Other Technologies.
We gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data. We use this information to administer the site, to learn about user behavior on the site, to improve our product and services, and to gather demographic information about our user base as a whole. OneCare may use this information in our marketing and advertising services.
In some cases we use a “click-through URL” linked to content on the OneCare’s website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our marketing communications.
VI. Disclosure to Third Parties.
At times OneCare may make certain personal information available to strategic partners that work with OneCare to provide products and services, or that help OneCare’s market to customers. Personal information will only be shared by OneCare to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.
VII. Protection of Personal Information.
OneCare takes the security of Your personal information very seriously. When Your personal data is stored by OneCare, we use computer systems with limited access housed in facilities using physical security measures. When You use some OneCare products and services that by their nature are public facing, such as when You post on a OneCare forum, the personal information and content You share is visible to other users and can be read, collected, or used by them. You are responsible for the personal information You choose to share or submit in these instances. For example, if You list Your name and e-mail address in a forum posting, that information is public. Please take care when using these features.
VIII. Retention of Personal Information.
IX. Access to Personal Information.
You can help ensure that Your contact information and preferences are accurate, complete, and up to date by logging in to Your OneCare account. For other personal information we hold, we will provide You with access (including a copy) upon Your request. We may decline to process requests that are frivolous, vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law. Access, correction, or deletion requests can be made by contacting firstname.lastname@example.org
X. Children & Education.
We understand the importance of taking extra precautions to protect the privacy and safety of children using OneCare’s products and services. Children under the age of 18, are not permitted to create their own OneCare IDs; instead, a parent must obtain the account and provide the parent’s information to OneCare. If we learn that we have collected the personal information of a child under 18 we will delete the information as soon as possible.
XI. Third Party Sites and Services.
OneCare websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties. Information collected by third parties is governed by their privacy practices. We encourage You to learn about the privacy practices of those third parties.
XII. Your Rights Under the GDPR.
If You are a citizen or a resident of a country in the European Union, the GDPR grants You the following rights:
a. Access to Your Personal Data. You have the right to receive a copy of Your personal data that is subject to processing by OneCare. Ordinary requests will be granted without charge to You within one calendar month of when You make the request. In cases of excessive, unreasonable, or repeated requests OneCare may charge You a reasonable fee and may require additional time to grant Your request. Also, OneCare may use reasonable means to confirm Your identity before granting any request for data so as to prevent granting fraudulent requests. To request a copy of Your personal data, please contact us by e-mail at email@example.com
b. To have Your Data Corrected. If Your personal data is erroneous or outdated, You have the right to have it corrected. To do so, please contact OneCare via e-mail at firstname.lastname@example.org , or simply log in to Your account to correct it.
c. To be Forgotten. You have the right to be forgotten by OneCare. You may exercise this right by e-mailing us at email@example.com We will comply with Your request, at no charge to You, within one calendar month by deleting Your account, along with all of Your personally-identifiable data that is subject to any OneCare’s processing. Naturally, after we grant Your request You will not have access to any OneCare’s products or services unless and until You open a new OneCare account. OneCare may use reasonable means to confirm Your identity before granting any request for data so as to prevent the granting of fraudulent requests.
d. To Restrict Processing of Your Data. You can request that Your data not be processed via OneCare’s partners. You can make that request by e-mailing us at firstname.lastname@example.org and, if you wish, you can even specify which third parties to restrict from processing Your data. We will respond to Your request, at no charge to You, within thirty (30) days from when You make Your request. Please be advised that some of our partners, e.g., Stripe, are essential to OneCare’s services, so that if You block processing by them, OneCare’s services may be unavailable to You.
e. Portability. You have the right to receive a copy of Your personal data that is subject to processing by OneCare in a portable format, or to have it transferred directly from OneCare to another party. Ordinary requests will be granted without charge to You within one calendar month of when You make the request. OneCare may use reasonable means to confirm Your identity before granting any request to transfer data to You or another party so as to prevent granting fraudulent requests. To request a copy of Your personal data in a portable format, or to request a direct transfer of Your data, please contact us by e-mail at email@example.com
XIII. Your Responsibility Under GDPR. If You are a OneCare User, then that probably means You are a business owner, using the OneCare software and health and wellbeing services for Your Customers and / or Employees. With respect to the Customer and / or Employee data that You provide to OneCare, OneCare is a data processor and will comply with its obligations under the GDPR; but with respect to Your Customers and / or Employees, You are probably a data controller, and if any of Your Customers and / or Employees is a citizen or a resident of a country in the European Union, then You must ensure that You comply with Your obligations as a data controller under the GDPR; namely, You must ensure that You afford Your Customers and / or Employees the rights identified in section (a) above. OneCare sells software and health and wellbeing services; it does not provide legal advice or legal services, nor does it sell a “done-for-you” GDPR compliance package. Please consult legal counsel of Your own choosing for advice on what You need to do to comply with GDPR.
XIV. Our Companywide Commitment to Your Privacy. To make sure Your personal information is secure, we communicate our privacy and security guidelines to OneCare’s employees and strictly enforce privacy safeguards within the company. OneCare uses GDPR-compliant Data Processing Addendum (DPA) provided by AWS Amazon. GDPR introduces adherence to a “code of conduct” as a mechanism for demonstrating sufficient guarantees of requirements that the GDPR places on data processors. In this context, OneCare uses AWS Amazon’s compliance with the CISPE Code of Conduct. The CISPE Code of Conduct provides customers with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use services of AWS Amazon.