Effective April 5, 2020:

 

CITREI INC.

PRIVACY POLICY

Last update: April 5, 2020

 

Thank you for reading and reviewing the Citrei Privacy Policy. This Privacy Policy (“Policy”) applies to products and services (collectively known as “Services”) that you may receive from Citrei Inc. (collectively known as “Citrei”, “we”, or “us”) or its related companies (“Company”). It also applies to any of our websites (“Sites”) that post this Policy. Please read and review this policy carefully. Use of Services is voluntary and by accessing or using the services, you acknowledge that: (i) you have read and understand the privacy policy; (ii) you understand that your access to and use of the Services are subject to this Privacy Policy; and (iii) you understand Citrei’s practices regarding collection, use and disclosure of your data as described in this Privacy Policy.

 

The privacy policy does NOT apply to products and services that may be used in conjunction with our Services provided by individuals or entities outside of Citrei. This may include but is not limited to: healthcare systems, health care professionals, laboratories, public health authorities and agencies, and research institutions. We recommend you consult with the privacy policies and terms of service for all groups that you grant access to any personal information to. Citrei will not release any identifying information to other parties at any time without your consent. We value and are committed to protecting the information submitted and gathered by us.

 

This Privacy Policy is inclusive of the following information:

  1. Introduction

  2. Definition of Personal Information

  3. What we collect

  4. What we use

  5. What we share

  6. Your Rights and Choices

  7. Sale of Personal Information

  8. Security of information, data retention, and data deletion

  9. Changes to this Privacy Policy

  10. Contact information

 

INTRODUCTION:

We offer a range of Services in support of our mission to allow a user to control their own medical and health data. Our services include websites that we operate, apps and web platforms, and devices. Devices may be both connected and unconnected type. Some of our services and websites may include supplemental privacy policies, and if so will be applicable in addition to this policy.

 

DEFINITION OF PERSONAL INFORMATION

Personal information can be identifiable and identifying. Identifiable information is associated with you but is not unique to you. Identifying information is unique to you.  Examples of identifiable information include gender, race, and ethnicity. Identifying information includes name, birthday, and social security number. information that alone or in combination is considered identifying or result in contact or location of you is termed “Personally Identifiable Information” or “PII”. 

 

Some Services may be readily available without disclosure or submission of PII. Other services may require PII, such as to create a user profile. Specific health record or testing information is not stored with PII used for account genesis and maintenance. Individual pieces of personal identifying information provided to us is removed or stored in a non-unique but identifiable manner (for example, submission of a birthdate within a health or medical record will be stored as an age or age range). We actively limit and prevent combinations of identifiable information that can be considered identifying in medical or health related storage. 


 

WHAT WE COLLECT

We may collect information about you that is considered non-personal, PI, and personally identifiable.

 

Information You Give Us. We may collect your‎ email address, phone number, username, password, demographic information (such as your gender and occupation). If submitted, we collect user identified location coordinates, user identified location types (designated "pin types"), submitted user barcodes associated with login profiles, user responses acquired from forms or input boxes as well as other information you directly given to us on our Site. Location data is not collected unless consented by the user. Names are never collected. Services will have a login portal that the user may elect utilize and/or link records to. Users may elect to submit records and link them to other records. Citrei does not actively link records and makes clear that a user must recognize risk by linking one or multiple records with others in their user profile. If the user profile becomes at risk those links may become available. At no time are the links stored outside of a user profile with said connections between records.

 

Information We Get From Others. We may get information about you from other sources. We may add this to information we get from this Site.

 

Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our Site, we log pages you viewed on our Sites, how long you spent on a page, access times and information about your use of and actions on our Site. 

 

Cookies and Do Not Track Signals. We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs. Examples of data include the data and time you access Services, your browser type, and the sections within the Services that you access. Most browsers automatically accept cookies, but you may change your browser settings to prevent this. Do Not Track (“DNT”) is a privacy setting that can be selected within web browsers. At this time, we do not respond to these signals, nor do we change the practices described in the Policy in response to DNT settings or signals.

 

WHAT WE USE

We use your PI to respond to comments, questions, and to provide customer service. PI is used to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages and to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity. We use your PI to provide and deliver products and services customers request. We de-identify health data and use it for trend and prediction modeling. 

 

WHAT WE SHARE

We may share personal information in multiple ways. We may share personal information for legal, protection, and safety purposes. This includes sharing personal information to: comply with laws; respond to lawful requests and legal processes; protect the rights and property of Citrei Inc. (including our agents, customers, and others by enforcing our agreements, policies, and terms of use). Furthermore, we may share personal information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person. We may also share personal information with those who need it to do work for us. We do NOT share specific personally identifying health records or personal identifying medical records.

 

We may share personal information with your consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies. We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding. We may also share aggregated and/or anonymized data with others for their own uses.

 

YOUR RIGHTS AND CHOICES:

You the consumer have the right to request that Citrei Inc. disclose certain information to you about the collection and use of your personal information in the past year. These requests can be made up to two times per twelve month period. You can request on behalf of yourself or a person you are authorized by the secretary of state of your state. Requests must provide sufficient information to identify yourself so we can verify who you are, and that you have the authority to make such a request. Furthermore, you must rescribe in sufficient detail your request so that we can understand, evaluate, and respond within 45 days of our receipt of your request. Requests can be made using the provided contact provided below in the “Contact Information” section. Upon receipt of such a request, we will disclose to you the following:

 

  • The categories of personal information collected about you

  • The categories or sources of personal information we collected about you

  • The purpose of collecting or selling that personal information

  • The specific pieces of personal information that we collected about you (data portability request)

  • If we sold or disclosed your personal information

 

Example Categories include: identifiers, commercial information, usage information, geolocation information, biometric information, and inferences gathered from profiling (e.g. cookies). We also collect personal information from other sources including information from routine credit card checks, social network information completed when using a social network login to access our services.Other sources include joint marketing partners and information from publicly available databases.

 

SALE OF PERSONAL INFORMATION:

In the past 12 months, Citrei Inc. has not sold any personal information

 

SECURITY OF INFORMATION, DATA RETENTION, AND DATA DELETION

We work to prevent unauthorized and unlawful use, alteration, and disclosure or destruction of the information we hold. We have multiple safeguards against loss of data and we regularly and proactively review and update our security practices. Even so, we can not absolutely guarantee the security of information disclosed online and thus do not insure or warrant the security of any information submitted to us using an online portal. Please refer to separate Privacy Policies regarding Services that include local data storage or alternative data capabilities, when available.

 

Login and user credentials are stored separately from health and medical data. You have the right to request data deletion and we may provide tools for you to directly manage information directly related to medical or health records. You may submit a deletion request through our contact information listed below. Deletion process time generally takes about two months from request to verify desire for removal and to remove all copies of data. Notably, delays in processing can contribute to up to six months for deletion from time of request. 

 

 Health and medical data is stored without PII and linked to unique identifiers. As such that data is de-identified and not PII. Users may request that the identifiers that have been associated with their account be randomized after deletion of their services. That can also be accomplished by utilizing the contact information listed below. Some information may be stored for extended periods of time for limited reasons or purposes. The specific reasons that information will be retained include for purposes including: security, fraud and abuse prevention; financial record keeping; ensuring continuity of Services, communications with Citrei, and complying with legal and regulatory requirements.

 

Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.

 

CHANGES TO THIS PRIVACY POLICY. 

We may change this privacy policy. If we make any changes, we will change the Last Updated date above.

 

CONTACT INFORMATION. 

We welcome your comments or questions about this privacy policy. You may also contact us at our address: Citrei Inc: PO Box 10188, OMB 80821, Newark, New Jersey 07101. Toll free telephone: 888-597-0984. Email: info@citrei.com

©2020 by Citrei Inc,