Privacy Notice
This Privacy Notice (“Notice”) applies to the processing of personal information by Better Health Inc., dba Berry Street Health and our affiliates (“Berry Street,” “we,” “us,” or “our”), including on our mobile application, our website available at www.berrystreet.co and our other online or offline offerings which link to, or are otherwise subject to, this Privacy Notice (collectively, the “Services”).
We may change this Privacy Notice from time to time. If we make changes, we will notify you by revising the date at the top of this policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website or sending you a notification). We encourage you to review this Privacy Notice regularly to stay informed about our information practices and the choices available to you.
Special Note to Berry Street Patients and Potential Patients: When you visit our website or inquire about or enroll in our Services, we may collect information that identifies you and relates to your past, present, or future physical or mental health, treatment and services received, and payment for such treatment and services. This information may be considered protected health information (“PHI”) protected by the Health Insurance Portability and Accountability Act of 1996 (as amended) and the Health Information Technology for Economic and Clinical Health Act. If you receive care from us, this Notice describes how we collect, use, and share your non-PHI personal information and is separate from and in addition to our HIPAA Notice of Privacy Practices describing how we use and disclose your PHI.
Special Note to Users Interacting with a Berry Street-Engaged Medical Provider: If you interact directly with a Berry Street-engaged medical provider, please note that this Privacy Notice is distinct from and addition to such medical providers’ privacy statements, policies, and notices of privacy practices. Please be sure to carefully review this Privacy Notice and all privacy statements, policies, and notices of privacy practices applicable to you and your personal information.
Disclosure Regarding the Supplemental Consumer Health Data Privacy Notice. For information on our processing of “consumer health data” subject to the Washington My Health My Data Act or Nevada Consumer Health Data Privacy Law, please see Annex B – Supplemental Consumer Health Data Privacy Statement.
Scroll down to read this Privacy Notice in its entirety.
1. PERSONAL INFORMATION WE COLLECT
2. HOW WE USE PERSONAL INFORMATION
3. HOW WE DISCLOSE PERSONAL INFORMATION
4. YOUR PRIVACY CHOICES AND RIGHTS
5. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
6. CHILDREN’S PERSONAL INFORMATION
7. THIRD-PARTY WEBSITES/APPLICATIONS
8. CONTACT US
ANNEX A – SUPPLEMENTAL U.S. PRIVACY NOTICE
ANNEX B – SUPPLEMENTAL CONSUMER HEALTH PRIVACY STATEMENT
1. PERSONAL INFORMATION WE COLLECT
We collect personal information that you provide to us, personal information we collect automatically when you use the Services, and personal information from third-party sources, as described below.
Personal Information You May Provide to Us Directly
We may collect personal information that you provide to us.
Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, phone number, and other information you store with your account.
Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).
Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or our web chat tool.
Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and CV.
B. Personal Information Collected Automatically
We may collect personal information automatically when you use the Services.
Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).
Usage Information. We may collect personal information about your use of the Services, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Services.
Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Services.
Cookies. Cookies are small text files stored in device browsers.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects personal information about use of or engagement with the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.
Biometric Information. If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted, we may collect biometric information such as gait patterns and sleep, health, and/or exercise data to provide you with more comprehensive or additional Services. Your biometric information may be shared with our service providers, business partners, and others involved in providing you with our Services. Where required by law, your biometric information will be stored for no more than three (3) years from your last interaction with our Services.
C. Personal Information Collected from Third Parties
We may collect personal information about you from third parties. For example, if you access the Services using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings.
2. HOW WE USE PERSONAL INFORMATION
We use personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to provide you with marketing materials, as described below.
Provide the Services
We use personal information to fulfill our contract with you and provide the Services, such as:
Managing your information;
Providing access to certain areas, functionalities, and features of the Services;
Answering requests for support;
Communicating with you;
Sharing personal information with third parties as needed to provide the Services;
Processing your financial information and other payment methods for products and Services purchased;
Processing applications if you apply for a job we post on our Services; and
Allowing you to register for events
B. Administrative Purposes
We use personal information for various administrative purposes, such as:
Pursuing our legitimate interests such as direct marketing, research, and development (including marketing research), network and information security, and fraud prevention;
Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
Carrying out analytics;
Measuring interest and engagement in the Services;
Improving, upgrading, or enhancing the Services;
Developing new products and services;
Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws;
Ensuring internal quality control and safety;
Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Notice;
Debugging to identify and repair errors with the Services;
Auditing relating to interactions, transactions, and other compliance activities;
Enforcing our agreements and policies; and
Carrying out activities that are required to comply with our legal obligations.
C. Marketing
We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.
California Shine the Light: If you are a California resident, you may annually submit a request to us to find out whether we have shared your personal information with third parties for the third parties’ direct marketing purposes. If you would like to submit such a request, please “Contact Us.”
If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.
D. With Your Consent or Direction
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.
3. HOW WE DISCLOSE PERSONAL INFORMATION
We disclose personal information to third parties for a variety of business purposes, including to provide the Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
Disclosures to Provide the Services
We may disclose any of the personal information we collect to the categories of third parties described below.
Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Services. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features.
Some of the service providers we may use include:Amplitude. For more information about how Amplitude uses your personal information, please visit Amplitude’s Privacy Policy. To learn about how to opt-out of Amplitude’s use of your personal information, please email privacy@amplitude.com.
DataDog. We use DataDog to monitor and analyze our applications and infrastructure. For more information about how DataDog uses your personal information, please visit DataDog’s PrivacyPolicy.
Google Analytics. For more information about how Google uses your personal information, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your personal information, please click here.
Intercom. We use Intercom to analyze how you use our Services and to provide you with customer support. For more information about how Intercom uses your data for customer interaction purposes, please visit Intercom’s Privacy Policy.
Meta. For more information about Meta’s use of your personal information, please visit Meta’s Data Policy. To learn more about how to opt-out of Meta’s use of your information, please click here while logged in to your Meta account.
mouseflow (Session Replay Analytics). We use mouseflow’s session replay analytics services. This allows us to record and replay an individual’s interaction with the Services. For more information about how mouseflow uses your personal information, please visit mouseflow’s Privacy Notice.
Other Users You Share or Interact With. The Services may allow for berrystreet.co users to share personal information or interact with other users of the Services.
Third-Party Services You Share or Interact With. The Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”).
Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services. Once your personal information is shared with our business partner, it will also be subject to our business partner’s privacy policy. We are not responsible for the processing of personal information by our business partners.
Affiliates. We may share your personal information with our corporate affiliates.
Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising”, “personalized advertising”, or “targeted advertising.”
Some of the advertising Technologies we may use include:Meta Connect. For more information about Meta’s use of your personal information, please visit Meta’s Data Policy. To learn more about how to opt-out of Meta’s use of your information, please click here while logged in to your Meta account.
Google. For more information about Google’s use of your personal information, please visit Google’s Data Policy. To learn more about how to opt-out of Google’s use of your information, please click here.
Instagram. For more information about Instagram’s use of your personal information, please visit Instagram’s Data Policy. To learn more about how to opt-out of Instagram’s use of your information, please click here while logged in to your Instagram account
TikTok. For more information about TikTok’s use of your personal information, please visit TikTok’s Data Policy. To learn more about how to opt-out of TikTok’s use of your information, please click here.
B. Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
4. YOUR PRIVACY CHOICES AND RIGHTS
Your Privacy Choices. The privacy choices you may have about your personal information are described below.
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Notice).
Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us, replying “STOP”, or by otherwise contacting us as set forth in “Contact Us” below.
Mobile Devices. We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device. To request deletion of your account, please use the standard deletion functionality available via the Services or contact us using the information set forth in “Contact Us” below.
Do Not Track Signals and Global Privacy Control. Certain web browsers and other programs may transmit “do-not-track” “opt-out” signals, also called a Global Privacy Control (or “GPC”) signal (we refer to these as “GPC Signals”), to websites with which the browser communicates. In most cases you will need to change your web browser’s settings or add an application to your web browser to enable your browser to send a GPC Signal. Our websites will recognize GPC Signals for website users differently, based on the location of the user when they access our websites. For users that access our websites from U.S. states that have laws requiring recognition of GPC Signals, we will recognize and apply the GPC Signal to inactivate all the cookies for that website, except for cookies that are necessary for the website to operate. Additionally, if you are accessing our websites from one of these states, you can determine if your browser GPC Signal has been recognized by clicking on the “Do Not Sell or Share My Personal Information” link in the footer of the website and checking that appropriate cookies have been turned off. For users from states not currently requiring recognition of the GPC Signal, our website servers may recognize and apply the GPC Signal for only advertising and social media cookies but will not apply the GPC Signal to functional or performance cookies. You can always check and adjust your cookie settings by going to the “Do Not Sell or Share My Personal Information” link in the footer of this website.
Some web browsers incorporate other "do-not-track" (“DNT”) or similar features that signals to websites with which the browser communicates that a visitor does not want to have their online activity tracked. As of the Effective Date, not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we along with many other digital service operators do not respond to all DNT signals. We recognize GPC signals as required under certain state privacy laws, but we do not currently recognize other DNT signals. For more information about the Global Privacy Control, please visit https://globalprivacycontrol.org.Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Services may not work properly.
Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of certain tracking on some mobile applications by following the instructions for Android, iOS, and others.
The online advertising industry also provides mechanisms that may allow you to opt out of receiving targeted ads from organizations that participate in self-regulatory programs. To learn more, visit the Network Advertising Initiative, the Digital Advertising Alliance, and the European Digital Advertising Alliance.
Please note you must separately opt out in each browser and on each device.
Your Privacy Rights. In accordance with applicable law, you may have the right to:Confirm Whether We Are Processing Your Personal Information;
Request Access to or Portability of Your Personal Information;
Request Correction of Your Personal Information;
Request Deletion of Your Personal Information;
Request Restriction of or Object to our Processing of Your Personal Information;
Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws); and
Withdraw Your Consent to our Processing of Your Personal Information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.
If you would like to exercise any of these rights, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.
Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.
To protect your privacy, we will take steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include [asking you to confirm the email address we have associated with you.Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right, and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.
5. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.
6. CHILDREN'S PERSONAL INFORMATION
The Services are not directed to children under 13 years of age (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to the Services in violation of applicable law, you may contact us as described in “Contact Us” below.
7. THIRD-PARTY WEBSITES/APPLICATIONS
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
CONTACT US
If you have any questions about our privacy practices or this Privacy Notice, or to exercise your rights as detailed in this Privacy Notice, please contact our appointed Data Protection Officer at:
Email: hello@berrystreet.co
Postal mail: BERRY STREET HEALTH, INC. 19 West 24th Street, 4th Floor, New York, NY 10010
If you wish to receive a response by email, please be sure to include your name, postal address, and email address. If we do not receive an email address, we will respond by postal mail.
ANNEX A - SUPPLEMENTAL U.S. PRIVACY NOTICE
Effective Date: August 21, 2024
This Supplemental U.S. Privacy Notice supplements our Privacy Notice and only applies to our processing of Personal Information from U.S. consumers residing in a state with a comprehensive privacy law.
NOTICE AT COLLECTION
At or before the time of collection, U.S. consumers residing in a state with a comprehensive privacy law have a right to receive notice of our privacy practices. Such consumers can find this information below.
Personal Information Collected. See the section of this Supplemental U.S. Privacy Notice titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for a list of Personal Information which may be collected.
Uses of Personal Information. See the section of this Supplemental U.S. Privacy Notice titled “Uses of Personal Information” for a list of the purposes for which we use Personal Information.
Is Personal Information "Sold" or "Shared" for "Cross-Context Behavioral Advertising"? See the section of this Supplemental U.S. Privacy Notice titled “Overview of Personal Information Collected, Disclosed, Sold and/or Shared” for more details. See the section of this Supplemental U.S. Privacy Notice titled “‘Sales’ of Personal Information and/or ‘Sharing’ for ‘Cross-Context Behavioral Advertising” for instructions on how to opt-out of these activities.
For How Long is Personal Information Retained? To determine the appropriate retention period for Personal Information, we consider applicable legal requirements, the amount, nature, and sensitivity of the Personal Information, certain risk factors, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means.
Additional Information. For more information on our privacy practices, please review this Supplemental U.S. Privacy Notice and our Privacy Notice. Importantly, the section of our Privacy Notice titled “Your Privacy Rights” includes important details about how you can exercise some of the rights which you have under the CCPA.
CATEGORIES OF SOURCES FROM WHICH PERSONAL INFORMATION IS COLLECTED
We collect Personal Information you provide to us, collected automatically when you use the Services, and from third-party sources.
OVERVIEW OF PERSONAL INFORMATION COLLECTED, DISCLOSED, SOLD, AND/OR SHARED
U.S. consumers residing in a state with a comprehensive privacy law are provided with the right to know what categories of Personal Information Berry Street has collected about them, whether Berry Street disclosed that Personal Information for a business purpose (e.g., to a service provider), whether Berry Street “sold” that Personal Information, and whether Berry Street “shared” that Personal Information for “cross-context behavioral advertising” in the preceding twelve months. U.S. consumers residing in a state with a comprehensive privacy law may find this information below:
CATEGORY OF PERSONAL INFORMATION COLLECTED BY BERRY STREET
Identifiers: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security, or other similar identifiers.
CATEGORY OF THIRD PARTIES TO WOM PERSONAL INFORMATION IS DISCLOSED FOR BUSINESS PURPOSES
Service providers
Users of our Services (only as it relates to vendor contact information)
Business partners
Affiliates
Advertising partners
Internet service providers
Data analytics providers
Operating systems and platforms
CATEGORY OF THIRD PARTIES TO WHOM PERSONAL INFORMATION IS SOLD AND/OR SHARED
Business partners
Advertising partners
Other third parties with whom you interact
Internet service providers
Data analytics providers
Operating systems and platforms
Internet or other electronic network activity: Browsing history, search history, information on a consumer's interaction with an internet website, application, or advertisement.
Service providers
Business partners
Affiliates
Advertising partners
Internet service providers
Data analytics providers
Operating systems and platforms
Business partners
Advertising partners
Other third parties with whom you interact
Internet service providers
Data analytics providers
Operating systems and platforms
Personal information that reveals a consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
Service providers
Business partners
Affiliates
Advertising partners
Internet service providers
Data analytics providers
Operating systems and platforms
N/A
Personal information that reveals a consumer's racial or ethnic origin, religious or philosophical beliefs, or union membership
Service providers
Business partners
Affiliates
Advertising partners
Internet service providers
Data analytics providers
Operating systems and platforms
N/A
Personal information collected and analyzed concerning a consumer's health
Service providers
Business partners
Affiliates
Advertising partners
Internet service providers
Data analytics providers
Operating systems and platforms
Business partners
Advertising partners
Other third parties with whom you interact
Internet service providers
Data analytics providers
Operating systems and platforms
Personal information collected and analyzed concerning a consumer's sex life or sexual orientation
Service providers
Business partners
Affiliates
Advertising partners
Internet service providers
Data analytics providers
Operating systems and platforms
N/A
USES OF PERSONAL INFORMATION
We may use and disclose the Personal Information that we collect for the following business and commercial purposes:
Providing the Services as further described in our Privacy Notice;
Processing for administrative purposes as further described in our Privacy Notice;
Processing for marketing purposes as further described in our Privacy Notice;
Processing with your consent or direction as further described in our Privacy Notice;
Processing to carry out automated decision making as further described in our Privacy Notice;
Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
Helping to ensure security and integrity to the extent the use of Personal Information is reasonably necessary and proportionate for these purposes;
Debugging to identify and repair errors that impair existing intended functionality;
Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with Berry Street;
Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar Services;
Providing advertising and marketing services;
Undertaking internal research for technological development and demonstration;
Undertaking activities to verify or maintain the quality or safety of a service or product owned, manufactured, manufactured for, or controlled by Berry Street, and to improve, upgrade, or enhance the service or product that is owned, manufactured, manufactured for, or controlled by Berry Street.
“SALES” OF PERSONAL INFORMATION AND/OR “SHARING” FOR “CROSS-CONTEXT BEHAVIORAL ADVERTISING”
Our Services use advertising and analytics tools provided by third parties that may constitute a “sale” or “sharing” of personal information or “targeted advertising” in certain states. Once you enroll in or become a user of our Services, we do not engage in any sales, sharing, or targeted advertising as defined by these certain state laws. Under these certain state laws, we may “sell” or “share” the following personal information categories to data analytics providers, advertising technology vendors, and social media platforms as described in this Notice: identifiers, internet or other electronic network information, commercial information, and inferences derived from these categories. To opt out of such selling or sharing, please email us at hello@berrystreet.co.
DISCLOSURE REGARDING INDIVIDUALS UNDER THE AGE OF 16
We do not have actual knowledge of any "sale" of Personal Information or "sharing" of Personal Information of minors under 16 years of age for "cross-context behavioral advertising."
DISCLOSURE REGARDING SENSITIVE PERSONAL INFORMATION
Berry Street only uses and discloses sensitive Personal Information for the following purposes:
To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted Personal Information.
To resist malicious, deceptive, fraudulent, or illegal actions directed at Berry Street and to prosecute those responsible for those actions.
To ensure the physical safety of natural persons.
For short-term, transient use.
Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services.
To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by Berry Street, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by Berry Street.
For purposes that do not infer characteristics about individuals.
RIGHT TO LIMIT USE AND DISCLOSURE OF SENSITIVE PERSONAL INFORMATION
U.S. consumers residing in a state with a comprehensive privacy law may have the right to limit certain uses and disclosures of “sensitive Personal Information” by Berry Street. Such consumers may exercise these rights by following contacting us as described in “Contact Us” above.
NON-DISCRIMINATION
U.S. consumers residing in a state with a comprehensive privacy law have the right not to receive discriminatory treatment by us for the exercise of their rights conferred under applicable comprehensive privacy law.
ANNEX B - SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY NOTICE
Effective Date: August 21, 2024
Better Health Inc., dba Berry Street Health and our affiliates (“Berry Street,” “we,” “us,” or “our”), including on our mobile application, our website available at www.berrystreet.co. Our Privacy Notice describes how we handle your personal information generally. This Consumer Health Data Privacy Notice (“Notice”) supplements our Privacy Notice and applies to the collection of “Consumer Health Data” as defined in relevant comprehensive consumer health data privacy laws, including Washington’s My Health My Data Act (“WA MHMDA”) and Nevada’s Consumer Health Data Privacy Law.
In the event of a conflict between any other policy, statement, or notice and this Notice, this Notice will prevail as to Consumer Health Data collected under WA MHMDA, Nevada’s Consumer Health Data Privacy Law, and similar comprehensive consumer health data privacy laws.
For purposes of this Notice, “Consumer Health Data” means personal information that (1) is linked or is reasonably linkable to a consumer and (2) that identifies past, present, or future physical or mental health status. Consumer Health Data includes information about medical conditions, as well as non-medical information such as biometric data, information about use of non-prescription health-related products, and attempts to access reproductive or gender-affirming care. This Notice does not apply to any personal information that does not fall under this definition.
Scroll to read this Notice in its entirety.
Categories and Uses of Consumer Health Data that We Collect
Sources of Consumer Health Data
How We May Share Consumer Health Data
Your Consumer Health Data Privacy Rights
Changes to Our Consumer Health Data Privacy Notice
Nevada Supplemental Consumer Health Data Privacy Notice
Categories and Uses of Consumer Health Data We Collect
We only collect your Consumer Health Data as needed to provide you with the products or services you request or with your explicit consent.
We may collect the following categories of Consumer Health Data:
Individual health condition, treatment, disease, or diagnosis information;
Social, psychological, behavioral, and medical intervention information;
Health-related surgery or procedure information;
Use or purchase of prescribed medication information;
Bodily function, vital sign, symptoms, or measurement of health information;
Diagnosis or diagnostic testing, treatment, or medication information;
Biometric data;
Information about your access to healthcare, including precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies; or
Information processed to associate or identify an individual with the data listed above that is derived or extrapolated from non-health information.
We may process the categories of Consumer Health Data described above to the extent necessary to provide requested products or services, or with your consent, including:
To determine and verify program, product, and service eligibility and coverage;
To enroll you in our programs and provide our products and services to you;
To administer, manage, analyze, and improve our programs, products, and services;
To procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations;
To analyze and better understand your needs, preferences, and interests, as well as those of other consumers;
To conduct internal business analysis and market research;
To monitor, investigate, and enforce compliance with our policies, product/service terms and conditions, and legal and regulatory requirements;
To comply with legal and regulatory obligations; or
For our everyday business purposes.
Sources of Consumer Health Data
We collect Consumer Health Data from the following sources:
Directly from you, if you:
request health-related products and services;
enroll in our biometric access programs;
register to use our health or wellness-related apps;
join our email lists or loyalty programs; or
volunteer the information in connection with surveys or promotions.
Indirectly from you (gathered directly by social media, other websites, or apps) if you:
interact with us by using our apps, accessing our systems, or entering our facilities;
enable certain mobile app functions, such as location tracking;
enable data syncing between our website and your enrolled health-related app;
make your health data publicly available on social media or other websites; or
like, follow, or comment about health-related products on our social media sites.
From our vendors, suppliers, consultants, professional advisers, and other third parties, when:
Business contact information, financial information, and other data is necessary for the purpose of managing and operating our business.
From third parties who provide program enrollment, benefit verification, or product fulfillment services.
Health Insurance Companies or other payors, when:
Information is necessary for the purpose of providing our products and services;
Information is necessary to determine program eligibility; or
Information is necessary to comply with legal and regulatory obligations.
Your authorized legal representative, family members, or caregivers.
How We May Share Consumer Health Data
We only share or disclose your Consumer Health Data as needed to provide you with the products or services that you request, or with your explicit consent. We may share or disclose any or all the above categories of Consumer Health Data to the following entities, who shall use the data only as permitted for the purposes set forth above, and within the bounds of our contracts with them:
These general categories of third parties:
Business Collaborators
Product co-promotion partners
Product co-development partners
Marketing and Advertising Agencies
Social Media Companies and Platforms
Service Providers (including those hosting or analyzing data on our behalf, those assisting with fraud prevention, those assisting in program administration, those assisting in incident management and reporting, those administering our call center and websites, and those who assist with our information technology and security programs)
Emergency Personnel,
Health insurance companies, health plans, and/or other payors,
Authorized/legal representatives, family members, and caregivers,
Third parties (including those with whom Company has joint marketing and similar arrangements, those who provide marketing and data analytics services, those who provide program enrollment or product fulfillment, payment, and authorization, other third parties as necessary to complete transactions and provide products/services, or where required by law),
Company lawyers, auditors, and consultants, or
Legal and regulatory bodies.
In addition, we may share or disclose Consumer Health Data as permitted or required by law, such as (i) to an acquiring organization if we are involved in a sale or a transfer of our business, (ii) as needed to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, (iii) in situations that may involve violations of our terms of use or other rules, (iv) to protect our rights and the rights and safety of others, (v) as needed to support external auditing, compliance and corporate governance functions, (vi) as needed to preserve the integrity or security of our systems, or (vii) to investigate, report, or prosecute those responsible for any action that is illegal under applicable state or Federal law.
Your Consumer Health Data Privacy Rights
Subject to certain legal limitations and exceptions, you have the following rights with respect to any Consumer Health Data we may collect about you:
The right to confirm whether we are collecting, sharing, or selling your Consumer Health Data and to access such data, including to receive a list of affiliates or specific third parties with whom we have shared or sold your information, along with contact information such as an active email address for each third party;
The right to review and request corrections to your Consumer Health Data;
The right to withdraw consent from our collection or sharing of your Consumer Health Data; and
The right to request that we delete your Consumer Health Data.
You may submit a request pursuant to any of these rights by contacting us as described in “Contact Us.”
We will not discriminate against you for exercising any of your rights. We will make reasonable efforts to respond promptly to your requests in accordance with applicable laws. Please allow 45 days for a response. We may, after receiving your request, require additional information from you to authenticate your request and verify your identity. Please be aware that we may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
If we deny your request, you have the right to appeal that denial by contacting us support@berrystreet.co. We will process and respond to your appeal within the time permitted by applicable law. If you are a Washington resident and your appeal is unsuccessful, you may file a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.
Changes to Our Consumer Health Data Privacy Notice
We may update this Consumer Health Data Privacy Notice from time to time. When we do update it, for your convenience, we will make the updated statement available on this page. Our intention is to use Consumer Health Data in accordance with the Consumer Health Data Privacy Notice in place at the time the Consumer Health Data was collected.
Nevada Supplemental Consumer Health Data Privacy Notice
This Supplement applies to Nevada consumers for purposes of providing additional disclosures required by Nevada's Consumer Health Data Privacy Law. We collect, use, process, and share Consumer Health Data for the purposes and manners described above in our Consumer Health Data Privacy Notice.
Third Party Collection of Consumer Health Data on Company Websites. We limit third party collection of Consumer Health Data over time and across different Internet websites or online services when Nevada consumers use our websites or online services. We do this by disabling certain cookies or by ensuring that entities whose cookies, web beacons, pixels, and other online trackers we use on our websites and online services are our service providers or processors under applicable U.S. state privacy or consumer health data privacy laws. Nonetheless, please note that other third parties may still be able to process Consumer Health Data from you over time and across different websites depending on your browser, browser settings and add-ons, and associated permissions you have set on your device. This collection of Consumer Health Data by those third parties is unrelated to the Company processing of Consumer Health Data from you, and we encourage you to review your browser settings and review those third parties’ privacy notices for more information about their Consumer Health Data practices.
Review and Revision of Consumer Health Data. If you would like to review and/or revise your Consumer Health Data, you may submit a request to us via any of the methods listed in this Notice.