Effective April 5, 2020:
Last update: April 5, 2020
Definition of Personal Information
What we collect
What we use
What we share
Your Rights and Choices
Sale of Personal Information
Security of information, data retention, and data deletion
We offer a range of Services in support of our mission to allow a user to control their own medical and health data. Our services include websites that we operate, apps and web platforms, and devices. Devices may be both connected and unconnected type. Some of our services and websites may include supplemental privacy policies, and if so will be applicable in addition to this policy.
DEFINITION OF PERSONAL INFORMATION
Personal information can be identifiable and identifying. Identifiable information is associated with you but is not unique to you. Identifying information is unique to you. Examples of identifiable information include gender, race, and ethnicity. Identifying information includes name, birthday, and social security number. information that alone or in combination is considered identifying or result in contact or location of you is termed “Personally Identifiable Information” or “PII”.
Some Services may be readily available without disclosure or submission of PII. Other services may require PII, such as to create a user profile. Specific health record or testing information is not stored with PII used for account genesis and maintenance. Individual pieces of personal identifying information provided to us is removed or stored in a non-unique but identifiable manner (for example, submission of a birthdate within a health or medical record will be stored as an age or age range). We actively limit and prevent combinations of identifiable information that can be considered identifying in medical or health related storage.
WHAT WE COLLECT
We may collect information about you that is considered non-personal, PI, and personally identifiable.
Information You Give Us. We may collect your email address, phone number, username, password, demographic information (such as your gender and occupation). If submitted, we collect user identified location coordinates, user identified location types (designated "pin types"), submitted user barcodes associated with login profiles, user responses acquired from forms or input boxes as well as other information you directly given to us on our Site. Location data is not collected unless consented by the user. Names are never collected. Services will have a login portal that the user may elect utilize and/or link records to. Users may elect to submit records and link them to other records. Citrei does not actively link records and makes clear that a user must recognize risk by linking one or multiple records with others in their user profile. If the user profile becomes at risk those links may become available. At no time are the links stored outside of a user profile with said connections between records.
Information We Get From Others. We may get information about you from other sources. We may add this to information we get from this Site.
Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our Site, we log pages you viewed on our Sites, how long you spent on a page, access times and information about your use of and actions on our Site.
Cookies and Do Not Track Signals. We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs. Examples of data include the data and time you access Services, your browser type, and the sections within the Services that you access. Most browsers automatically accept cookies, but you may change your browser settings to prevent this. Do Not Track (“DNT”) is a privacy setting that can be selected within web browsers. At this time, we do not respond to these signals, nor do we change the practices described in the Policy in response to DNT settings or signals.
WHAT WE USE
We use your PI to respond to comments, questions, and to provide customer service. PI is used to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages and to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity. We use your PI to provide and deliver products and services customers request. We de-identify health data and use it for trend and prediction modeling.
WHAT WE SHARE
We may share personal information with your consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies. We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding. We may also share aggregated and/or anonymized data with others for their own uses.
YOUR RIGHTS AND CHOICES:
You the consumer have the right to request that Citrei Inc. disclose certain information to you about the collection and use of your personal information in the past year. These requests can be made up to two times per twelve month period. You can request on behalf of yourself or a person you are authorized by the secretary of state of your state. Requests must provide sufficient information to identify yourself so we can verify who you are, and that you have the authority to make such a request. Furthermore, you must rescribe in sufficient detail your request so that we can understand, evaluate, and respond within 45 days of our receipt of your request. Requests can be made using the provided contact provided below in the “Contact Information” section. Upon receipt of such a request, we will disclose to you the following:
The categories of personal information collected about you
The categories or sources of personal information we collected about you
The purpose of collecting or selling that personal information
The specific pieces of personal information that we collected about you (data portability request)
If we sold or disclosed your personal information
Example Categories include: identifiers, commercial information, usage information, geolocation information, biometric information, and inferences gathered from profiling (e.g. cookies). We also collect personal information from other sources including information from routine credit card checks, social network information completed when using a social network login to access our services.Other sources include joint marketing partners and information from publicly available databases.
SALE OF PERSONAL INFORMATION:
In the past 12 months, Citrei Inc. has not sold any personal information
SECURITY OF INFORMATION, DATA RETENTION, AND DATA DELETION
We work to prevent unauthorized and unlawful use, alteration, and disclosure or destruction of the information we hold. We have multiple safeguards against loss of data and we regularly and proactively review and update our security practices. Even so, we can not absolutely guarantee the security of information disclosed online and thus do not insure or warrant the security of any information submitted to us using an online portal. Please refer to separate Privacy Policies regarding Services that include local data storage or alternative data capabilities, when available.
Login and user credentials are stored separately from health and medical data. You have the right to request data deletion and we may provide tools for you to directly manage information directly related to medical or health records. You may submit a deletion request through our contact information listed below. Deletion process time generally takes about two months from request to verify desire for removal and to remove all copies of data. Notably, delays in processing can contribute to up to six months for deletion from time of request.
Health and medical data is stored without PII and linked to unique identifiers. As such that data is de-identified and not PII. Users may request that the identifiers that have been associated with their account be randomized after deletion of their services. That can also be accomplished by utilizing the contact information listed below. Some information may be stored for extended periods of time for limited reasons or purposes. The specific reasons that information will be retained include for purposes including: security, fraud and abuse prevention; financial record keeping; ensuring continuity of Services, communications with Citrei, and complying with legal and regulatory requirements.
Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.