Privacy Policy

MENTAL HEALTH SOLUTIONS, INC.

PRIVACY POLICY

Last Modified: October 7, 2021

1. OVERVIEW AND SCOPE

1.1 Overview

This privacy policy (the “Privacy Policy”) and applicable supporting procedures are designed to provide Mental Health Solutions, Inc., d/b/a Nirvana Health, and its affiliates (collectively, “Company”, “us”, “we”) with a documented and formalized process for protecting individuals’ privacy. This Privacy Policy describes our collection of the types of information we may collect from you or that you may provide when you visit the websites https://www.meetnirvana.com/, client.meetnirvana.com, or calculator.meetnirvana.com ("Website" or "Site"), our platforms and portals, as well as all related applications, widgets, software, tools, and other services provided by us and on which a link to this Privacy Policy is displayed (collectively, together with the Website, our "Service"). This Privacy Policy also describes our practices for collecting, using, maintaining, protecting, and disclosing such information. By using our Service, you agree that you accept the Privacy Policy and the policies and practices outlined herein, and that you hereby consent to the collection, use, and disclosure of your personal information (as defined herein) in accordance with this Privacy Policy. This policy may change from time to time. Your continued use of the Service after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Service. You can also choose not to provide us with certain information, but by doing so, you may not be able to take advantage of many of the features and functionality of the Service.

1.2 Scope

This policy and supporting procedures cover the privacy of all data collected by the Company in its interaction with individuals in its business operations. This Privacy Policy applies to information we collect:

• On or through our Service.

• In email, text, and other electronic messages between you and Company.

• Through mobile and desktop applications you download from the Website, which provide dedicated non-browser-based interaction between you and the Website.

• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by Company or any third party; or

• Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

2. INFORMATION WE COLLECT

We collect several types of information from and about users of our Website, including the following information:

• Personal Information/Personally Identifiable Information (“PII”): information by which an individual may be personally identified, such as an individual’s name, postal address, social security number, telephone number, or e-mail address. PII also includes information about an individual’s activities, such as information about his or her activity on the Site or credit history, and demographic information, such as date of birth, gender, address, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual.

Personal information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that the organization collects about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. The organization may use and disclose aggregate information, and other non-personally identifiable information, for various purposes;

• Information that is about an individual but individually doesn’t identify such individual; and/or

• Information about an individual’s internet connection, the equipment used to access our Service, and usage details.

3. PROTECTED HEALTH INFORMATION

"Protected Health Information" (“PHI”) as used in this policy, is individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations (PHI healthcare business uses). PHI is also not limited to digital text. Videos, images, x-rays, MRIs, doctors’ notes, and insurance cards are all examples of PHI.

PHI includes, but is not limited to the following data types:

• Names

• Dates, except year

• Telephone numbers

• Geographic data

• FAX numbers

• Social Security numbers

• Email addresses

• Medical record numbers

• Account numbers

• Health plan beneficiary numbers

• Certificate/license numbers

• Vehicle identifiers and serial numbers including license plates

• Web URLs

• Device identifiers and serial numbers

• Internet protocol addresses

• Full face photos and comparable images

• Biometric identifiers (i.e. retinal scan, fingerprints)

• Any unique identifying number or code

The Company collects only the minimum amount of information necessary to perform an approved function. Any new projects, processes, analysis or research using PHI data requires approval from the Chief Privacy Officer.  

4. COLLECTION OF INFORMATION

4.1 Passive Information Collection

When an individual uses the Service, some information may be automatically collected, such as the user’s IP address, browser type, system type, the content and pages that the user accessed on the Site, "referring URL" (i.e., the page from which the user navigated to the Site), the pages the user navigate to on the Site, and from which the user leaves the Site, as well as the time the user spent on the Site.

This information is collected using technologies such as:

• Standard server logs. These logs are stored to monitor our service uptime.

• Flash Cookies. A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

• Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

This information is then used to administer, operate, and improve the external facing website, client experience, other services and systems, and to provide services and content that are tailored to the user. If any of this information is linked or associated with any PII, the new data set is subject to the same restrictions as PII per this policy.  Otherwise, this information is collected as non-personally identifiable.

Third parties may set cookies on the user’s hard drive or use other means of passively collecting information about the user’s use of their services or content. The organization does not have access to, or control over, these third-party means of passive data collection.

4.2 Collection of Voluntarily Provided Information

The Company may collect personal information in a variety of ways through the organization’s client facing applications. For instance, when the user requests information about the organization’s services or otherwise communicates with us, certain information is collected. This information may include:  name, e-mail address, city, state, country, other demographic information, and the user’s interests and preferences.

Other information you provide to us may include:

• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, creating an account, subscribing to the Service, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.

• Records and copies of your correspondence (including email addresses), if you contact us.

• Your responses to questionnaires or surveys that we might ask you to complete for purposes of the Service or conducting research.

• Your search queries on the Website.

4.3 Information We Collect From Social Media and Third Party Sources

We may collect information from you when you follow or like us on social media sites and platforms, including but not limited to Instagram, Twitter, and Facebook.  Such information collected may include your name, email address, other contact information, and/or comments and content you post.  We also may collect information about you when you submit information through social media platforms or if you sign up for promotions.  

4.4 Third Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Website may be served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information (Section 6.2).

5. USE OF PII

The Company uses PII to provide services and information that the user requests; to enhance, improve, operate, and maintain the Site and Service, our programs, services, website, and other systems; to prevent fraudulent use of our Site and Service; to tailor the user’s experience; to maintain a record of our dealings with the user, and for other administrative purposes.

The organization may also use PII to contact the user regarding our products and services. The user must be provided the opportunity to “Opt Out” to these marketing services as described in the Choices About How We Use and Disclose Your Information section below (Section 6.2).

Some of the personal information received by the Company in connection with the Service may be provided by or to health care providers (the “Providers”) that may be subject to laws and regulations that govern providers’ use and disclosure of certain individually identifiable health-related PHI, such as rules issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). The Company is not a “covered entity” within the meaning of HIPAA, and depending on certain circumstances, the Providers may or may not be acting as a “covered entity” under HIPAA in connection with the Services and the Company may or may not be acting as a “business associate” in connection with the Service. When we receive PHI as a “business associate” of a Provider, we may be subject to certain laws and regulations, including certain HIPAA rules, that govern our use and disclosure of PHI and that may be more restrictive than otherwise provided in this Privacy Policy.  Accordingly, when we receive PHI as a “business associate” of a Provider, we do so pursuant to a “Business Associate Agreement”, or BAA, that, among other things, prohibits us from using or disclosing the PHI in ways that are not permissible by the health care provider itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the PHI.  

Please note though that information that has been de-identified in accordance with HIPAA does not constitute PHI. For more information about our HIPAA-compliant activities, please contact help@meetnirvana.com.

The Providers may have have adopted a Notice of Privacy Practices that describe their collection and use of your Protected Health Information.  If you do not agree to be bound by those terms, you are not authorized to access or use the Website and will be unable to obtain the Services.  In addition, by accessing and using the Website or the Service, you agree that even if HIPAA does apply to the Company and/or the Providers, that any information you transmit to the Company and/or through the Website or otherwise in connection with the Service that is not intended and used solely for diagnosis and treatment by Providers, is not considered PHI and will only be subject to this Privacy Policy and other applicable laws that govern the privacy and security of such information, and that HIPAA does not govern such information.  

5.1 Disclosure of Personal Information

The Company will not disclose users’ personal information to third parties without the user’s consent, other than as described in this policy. Personal information may be shared with third-party service providers (e.g., data storage and processing facilities) that assist the organization in completion of approved workflows compliant with this policy. Any personal Information shared with third parties is limited to only the minimum necessary for the third parties to perform the required functions.

We may disclose aggregated, de-identified information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this Privacy Policy:

• To our subsidiaries and affiliates to deliver the Service to you.

• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

• With healthcare providers to provide health care services to you as part of the Service, with whom you communicate with through or about the Service, or for other treatment, payment, or health care operations purposes at your request.

• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our Website users is among the assets transferred.

• To third parties to market their products or services to you if you have not opted out of these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them. For more information, see Choices About How We Use and Disclose Your Information (section 6.2).

• To fulfill the purpose for which you provide it.

• For any other purpose disclosed by us when you provide the information.

• With your consent.

We may also disclose your personal information:

• To enforce or apply our terms of use and other agreements, including for billing and collection purposes.

• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

• In de-identified form, whether or not aggregated with other data, at our discretion.

• As may be required by law, to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other end users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce our contracts or user agreement, including investigation of potential violations hereof; and (iii) detect, prevent, or otherwise address fraud, security or technical issues. We may disclose Personal Information if we believe it is necessary to investigate potential violations of our Terms of Use, or to enforce those Terms of Use. The above may include exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Notwithstanding the general terms of this policy, the collection, use, and disclosure of Personal Information may be made outside of the terms herein to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders.

5.2 Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

• Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties' products or services, you can opt out by sending us an email stating your request to info@meetnirvana.com. If you receive a commercial email from the Company, you may unsubscribe at any time by following the instructions contained within the email. This opt out does not apply to information provided the Company as a result of a product purchase, warranty registration, product service experience, or other transactions.

• Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers' target-audience preferences, you can opt out by sending us an email stating your request info@meetnirvana.com

If the user wishes to opt out of any services that utilize PHI, a written request (either electronic or physical) needs to be received, documented, and processed in a reasonable timeframe.

California residents may have additional personal information rights and choices. Please see Your California Privacy Rights (Section 9) for more information.

6. CHILDREN

Our Service is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. Information is not knowingly collected for individuals under the age of 13. Any information collected for individuals under the age of 16 is required to have parental consent. If you are under 16, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16 please contact us at:

info@meetnirvana.com

California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your California Privacy Rights (Section 9) for more information.

7. SECURITY

The Company protects the Personal Information it collects with reasonable and appropriate physical, electronic, and procedural safeguards. The organization follows HIPAA requirements and uses reasonable security measures that are designed to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

8. INFORMATION RETENTION

We may keep personal information for as long as necessary for the identified purposes or as required by law.  Such retention period may extend beyond the termination of our relationship with you.  Unless set forth to the contrary in our Terms of Use or another agreement with you governing the Service, if you cease using such Service, we may retain or destroy, at our discretion, all Personal Information and non-personally identifiable information we collect through your use of such Service except to the extent otherwise prohibited by law. Any personal information we retain will remain subject to the terms of this Privacy Policy.

9. CHANGES TO OUR PRIVACY POLICY

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

10. CONTACT INFORMATION

To ask questions or comment about this privacy policy and our privacy practices, contact us at info@meetnirvana.com

11. POLICY ADMINISTRATION

11.1 Monitoring and Enforcement

The Company periodically monitors adherence to this Policy to help ensure compliance with applicable laws, requirements, and contractual agreements that apply to Client & Consumer Data. The Company may also establish enforcement mechanisms, including disciplinary actions, to help ensure compliance with this Policy.

‍