Privacy Policy

Effective Date: 7/10/2020

Last Updated Date: 6/3/2021

This “Privacy Policy” describes the privacy practices of Halcyon Health, Inc. and its affiliates, including Halcyon Care PC (collectively, “Halcyon”, “we”, “us”, or “our”) regarding the personal information we collect in connection with our website at https://www.halcyonhealth.co, the Halcyon mobile application (the “App”), and any other website or mobile application that we own or control and which posts or links to this Privacy Policy (collectively, the “Offerings”). Through our Offerings, we provide services that assist you in obtaining substance use disorder treatment and support, such as coaching and care coordination, and provide tools that allow you to connect with independent third-party health care providers and/or our team members (we refer to these services as “Resources” and together with the Offerings, collectively, the “Service”).

This Privacy Policy applies to your use of the Service, including under an employer benefit plan or a health insurance policy, as applicable. This Privacy Policy does not address how your employer or health insurance plan may use or disclose your personal information. For more information on how these entities handle your personal information, please review their applicable privacy policies or your other agreements with such entities.

This Privacy Policy describes the rights and choices available to individuals with respect to their personal information. We may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information. These supplemental privacy policies will govern how we may process the information in the context of the specific product or service.

Personal Information We Collect

Information you provide to us. Personal information you provide to us through the Service or otherwise may include: * Contact information , such as your first and last name, email and mailing addresses, phone number and company affiliation.

Information we obtain from social media platforms. We may maintain pages for Halcyon on social media platforms, such as Facebook, LinkedIn, Twitter, Google, YouTube, Medium, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Information we obtain from other third parties. We may receive personal information about you from third-party sources. For example, your employer or health insurance plan may share your information with us if you have expressed interest in learning specifically about our products or services, or the types of products or services we offer or if you sign up for the Service through your employer or health insurance plan. We may also receive information from your healthcare provider.

Information Collected by Automated Means We and our service providers may automatically log information about you, your mobile device, and activity occurring on or through the Service, including but not limited, your mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, general location information such as city, state or geographic area; information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and other personal information. Our service providers and business partners may collect this type of information over time and across third-party mobile applications. In our mobile application, we may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from our App. A SDK is third-party computer code that we may incorporate into our mobile applications that may be used for a variety of purposes, including to provide us with analytics regarding the use of our mobile applications, to integrate with social media, or add features or functionality to our App. We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy . We use Aptible as our compliance monitoring and workflow automation platform via Aptible products and services, including Aptible Deploy, Aptible Comply, and Aptible Gridiron platforms. You can learn more about Aptible and read its privacy policy at https://www.aptible.com/legal/privacy

Referrals Users of the Service may have the opportunity to refer friends or other contacts to us. If you are an existing user, you may only submit a referral if you have permission to provide the referral’s contact information to us so that we may contact them.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or supplemental privacy policies for specific products or services: To operate the Service. We use your personal information to: * provide, operate and improve the Service, including sharing information with coaches, care coordination staff, medical providers, and those third parties to whom you request that we share your information, including health care providers;

For research and development. We may aggregate, de-identify or otherwise anonymize your personal information by removing information that makes the data personally identifiable to you, and use this data for a variety of research, development or other business purposes. For example, we may use it to analyze and improve the Service or develop new products and services, to study user demographics, and to share it with third parties.

To comply with law. We may use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions (including any applicable corporate customer agreements) that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, unless it is aggregate, de-identified or otherwise anonymized in a manner so it is not personally identifiable to you, except in the following circumstances or as described in this Privacy Policy:

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service or our business (such as information technology, customer support, hosting, analytics, email delivery, and database management services).

Clients. If we process your personal information in our provision of the Service to your employer or health care plan, we may share de-identified or aggregated information with your employer or health care plan as applicable.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described in the section How We Use Your Personal Information.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users. Access or Update Your Information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account. Privacy settings and location data. We use the privacy settings you choose in your device’s operating system on the Service, including your choices about sharing your precise location data. You may change your location data privacy settings on your device. If you choose not to share your precise location data with us, you may incur a downgraded Service experience. For instance, you will not get recommendations based on your location. Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com . Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our Service. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.

With respect to any Patient Health Information we may obtain, you have certain rights under HIPAA to access your data, to restrict use and disclosure of it, to request communication methods, to request corrections to your data, to receive an accounting of disclosures and to receive notice of any breach.

Other Sites, Mobile Applications and Services

The Service may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security Practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.

Children

We only provide the Service to users who are at least 18 years old. As a general rule, children and adolescents are not allowed to use the Service and we do not collect personal information from them. We define “children and adolescents” as anyone under 18 years old. If we learn that we have collected personal information of a child or adolescent without the consent of the child’s or adolescent’s parent or guardian, we will delete it. We encourage parents with concerns to contact us .

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. We may, and if required by law, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Service. Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to contact@halcyonhealth.co. You may also write to us via postal mail at: Halcyon Health, Inc. Attn: Legal – Privacy 97 Berry St Apt 1 Brooklyn NY 11249

If we are processing your personal information at the direction of your employer or health care plan, we may direct your inquiry to our relevant corporate customer or direct you to contact the relevant entity.