Privacy Policy
Effective November 13, 2021
IF YOU ARE A CALIFORNIA RESIDENT, ACCESS THE CALIFORNIA PRIVACY NOTICE HERE.
THIS NOTICE DESCRIBES HOW PERSONAL DATA, INCLUDING MEDICAL INFORMATION, ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Download the Privacy Policy as a PDF file here
WELCOME TO THE REDKANGAROO® PLATFORM AND THE RK360® RECORD!
This Policy applies to the information processed through our public website www.redkangaroo.us (including any subdomains and mobile versions thereof, the “Corporate Site”), and our subscription-based RK360® Cloud Record Platform (the “Service”).
Please take a moment to read this Privacy Policy (the “Policy”) to understand how we collect, use, and share Personal Data of users of our Corporate Site and Service (“you” or “your”), as well as your choices and rights with respect to this information.
WHO WE ARE
The Service and Corporate Site are owned and operated by Prosocial Applications, Inc. d/b/a RedKangaroo (“RedKangaroo”, “us,” “our,” or “we”), a Colorado corporation with an address of 1905 15th St. #4585 Boulder CO 80302-4585. See below for how to contact us.
ACKNOWLEDGMENT
This Policy is incorporated into the Terms of Service governing your use of the Service. Any capitalized terms not defined in this Policy will have the definitions provided in our Terms of Service. Your use of our Corporate Site or Service indicates your acknowledgement of this Policy.
THIRD PARTIES
This Policy does not apply to information processed by third parties, for example, information created and stored by your health care provider, unless and until we receive your information from them. Please review these third parties’ privacy policies to learn more about how they process your Personal Data.
HOW WE PROCESS PERSONAL DATA
Personal Data We Process
We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). Note that certain Personal Data may include data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation (“Special Category Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):
Identity Data:
Personal Data used to identify a person, such as your name, photo/avatar, username, identification documents, and other Personal Data you may provide during account registration or to prove your identity.
Contact Data:
Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or usernames/handles, as well as a name or other salutation.
Financial Data:
Personal Data relating to financial accounts or services, e.g. a credit card or other financial account number, or other relevant information you provide in connection with a financial transaction.
Insurance Data:
Personal Data relating to your health insurance policy and coverage, including your insurance number. This information may be considered Special Category Data.
Device Data:
Pseudonymous Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID, cookie identifiers, session navigation history and similar browsing metadata, and other data generated through applications, browsers, cookies, and similar technologies.
Health Records:
Health care records, and any Personal Data in them, that we receive from health care providers, such as allergy records, vital statistics, lab tests and results, prescription/medication data, and information relating to medical procedures and medical conditions. This information includes Special Category Data.
Health Profile Data:
Personal Data you provide to us about you and your health including, blood type, race, ethnicity, religious affiliation, language, education, diet/digestion, lifestyle, known health conditions and certain medical history, allergies, and medications, and other information relating to your health. This information includes Special Category Data.
User Content:
Information that a user provides in a message, free text field, video/chat, in a file upload, scan or photo, or unstructured format, including any Personal Data or Special Category Data to the extent contained in or revealed by such content.
Processing of Personal Data: RK360® Services
Registration
Data:
An “RK360® Record” is a database account that stores Health Records and other health information of a patient or “Record Owner.” A Record Owner may manage her own RK360® Record as “Record Administrator”; may at any time delegate management to another person as Record Administrator; or, a Record Administrator with guardianship rights may manage the RK360® Record without Record Owner authorization. Record Administrators may grant and control access permissions of “Authorized Users” to RK360® Records. By default, Record Owners and Record Administrators are Authorized Users of RK360® Records.
Please Note:
In certain cases, third parties (such as a Provider or other Distributor of the Service) may initiate registration of an RK360® Record (e.g. as part of a Provider’s own operations) on behalf of a Record Owner who appoints self or other as Record Administrator. The Record Administrator, may, in turn, appoint the initiating Provider or other Distributor of the Service as Authorized Users on the RK360® Record.
When you first register an RK360® Record as a Record Owner or Record Administrator or first access an RK360® Record as an Authorized User, we will request and process Identity Data, Device Data and certain Contact Data, such as a copy of driver’s license, passport or other ID, and email address.
We may also process certain Financial Data or Insurance Data if you choose to subscribe to our Service, or otherwise pay or seek payment for our subscription fees. This Financial Data may be processed by us, a service provider on our behalf, or may be completed outside of our Service (e.g. through the Apple App Store).
Uses:
We use the Identity Data and Contact Data as necessary to authenticate Users and to provide you with important information about your RK360 Record. Financial Data provided at registration will be used only as necessary to process transactions at your request, or to store your information for use in future payments. Subject to Your Rights & Choices, we may also use Identity Data and Contact Data in connection with Processing of Personal Data: Corporate Site
RK360® Records
Data:
Our Service allows Authorized Users, consistent with their permissions, to request import of Health Records and other health information into RK360® Records from diverse external sources including the electronic health records of healthcare providers (“Providers”). In connection with such requests, our Service will process any designated Identity Data, Health Profile Data, Health Records, Insurance Data, and User Content.
Please note:
Our Service enables Authorized Users to request from Providers via intermediary technology services such as Apple Health the import of Health Records, which are generated and controlled by Providers or their business associates. Therefore, data we import into RK360® Records may be inaccurate or incomplete depending upon the content of source records, and the quality of intermediary technology services. See Your Rights & Choices for information regarding data accuracy and correction.
Uses:
Our Service generally processes Identity Data, Health Profile Data, Health Records, Insurance Data and User Content as necessary to provide the Service, and in accordance with each Authorized User’s consent, requests, preferences and permissions.
Our Service may collect and process Identity Data, which may include driver’s license, passport, or insurance information, when you provide patient authorizations and medical power of attorney or upload your insurance information to the Service. This Identity Data is stored by our Service, which offers you tools, consistent with your permissions and preferences, for you to disclose this information to third parties. This Identity Data is not processed for any purpose other than for operation of the Service, the disclosures you authorize, and subject to Your Rights & Choices, in connection with Audit Logs and Information Security.
Subject to Your Rights & Choices, and where permitted by law, we may also use Identity Data and Contact Data in connection with Marketing Communications, Product and Service Improvement, and Information Security.
Get in Touch
Data:
Our Service allows Authorized Users, consistent with their permissions and subscription status, to contact our customer support agents. When you contact us, our Service will process Identity Data, Device Data, as well as any User Content you choose to provide.
Uses:
Subject to Your Rights & Choices, our Service will process any Personal Data collected from our communication functionality (via text, chat, email or phone) in order to respond to your request, provide you with relevant information, or if appropriate, and in connection with Marketing Communications, Product and Service Improvement, and Information Security.
Processing of Personal Data: Corporate Site
Contact Us
Data:
Our Service may process Identity Data, Contact Data, and User Content when you contact us through the Corporate Site.
Uses:
Subject to Your Rights & Choices, our Service will process any Personal Data we collect from our “contact us” form to respond to your request, provide you with relevant information, or if appropriate, in connection with Marketing Communications, Product and Service Improvement, and Information Security.
Marketing Communications
Data:
Our Service may process Identity Data and Contact Data in connection with email and social media marketing communications if you register for an RK360® Record, choose to receive marketing communications or interact with our marketing communications.
Uses:
Our Service processes Identity Data and Contact Data as necessary to provide marketing communications you request, and consistent with our legitimate business interests, we may send you certain marketing and promotional communications if you sign up for those communications or register for our Service. See Your Rights & Choices for information about how you can limit or opt out of this processing.
Cookies and Similar Tracking Technologies
Data:
Our Service, and certain third parties, may process Identity Data, Contact Data and Device Data when you interact with cookies and similar technologies on our Corporate Site. Our Service may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.
Subject to Your Rights & Choices, we use this information as follows:
(i) for “essential” or “functional” purposes, such as to enable various features of the Corporate Site such as remembering passwords, or staying logged in during your session; and
(ii) for “analytics” purposes, consistent with our legitimate interests in how the Corporate Site is used or performs, how users engage with and navigate through the Corporate Site, what sites users visit before visiting our Corporate Site, how often they visit our Corporate Site, and other similar information.
Note: Some of these technologies may be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services.
Information about Specific Processing Operations
Audit Logs
In order to help secure our Service, meet our legal obligations, and help track access to and disclosures of your Personal Data, our Service creates logs that record Device Data, and if available, Identity Data when Health Records and other Personal Data are accessed, viewed, disclosed, modified, or deleted. These logs are subject to Your Rights & Choices.
Information Security
Subject to Your Rights & Choices, we may also process any Personal Data we possess in order to monitor the use of our Service and Corporate Site for malicious activity, detect systems vulnerabilities, and as otherwise appropriate to maintain the integrity and security of our Service and Corporate Site and the Personal Data we process.
Product and Service Improvement
Subject to Your Rights & Choices, we may process any Identity Data, Contact Data, Financial Data, Device Data, and User Content in order to analyze how users interact with our Service or Corporate Site, in connection with market research, for product and Service improvements, and as necessary to monitor and maintain the integrity and security of our Service, Corporate Site and the data we process.
Research and Public Health
We may also process and disclose your Personal Data for uses related to medical research, public health, product recalls and other medical product liability/safety matters, and for other research and public health/safety grounds, to the extent and under the conditions allowed by applicable law.
Additional Processing
Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
If we process Personal Data in connection with our Service or Corporate Site in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to Your Rights & Choices) unless otherwise stated when you provide it.
Data Sharing
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the following categories of recipients:
Record Administrators and Other Authorized Users
A Record Administrator, whether appointed by the Record Owner or acting as personal representative, guardian or medical power of attorney for the Record Owner, may have access to any Personal Data in the RK360® Record of the Record Owner, including Medical Records and Medical Profile Data. Record Administrators may also disclose that information to third parties or grant access to other subordinate Authorized Users, to the extent such functionality is made available through the Service and the Record Administrator is appropriately authorized.
Providers
Our Service enables the exchange of medical information and other contents of RK360® Records with external sources and recipients of designated information such as healthcare Providers. When Authorized Users, consistent with their permissions, utilize tools in RK360® Records to exchange Personal Data in RK360® Records through the Service, the Service may share any designated information including Health Record Data, Health Profile Data and any Sensitive Personal Data.
Service Providers
In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share any Personal Data with service providers or subprocessors who provide certain services or process data on our behalf.
Treatment, Payment, and Healthcare Operations
To the extent we process personal data subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we may disclose such Health Record Data and Health Profile Data, Contact Data, Identity Data, and Insurance Data where authorized for Treatment, Payment, and Healthcare Operations. These include activities such as disclosing information to Providers, for our Product and Service Improvement, or if necessary, to bill patients or insurance providers.
Affiliates
In order to streamline certain business operations and develop products and services that better meet the interests and needs of our Users, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.
Corporate Events
Any Personal Data may be processed without your consent in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Legal Disclosures
In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, or for other law enforcement and national security reasons, to investigate violations of our Terms of Service, or when the disclosure is in the vital interests of us or any person. Note, these disclosures may be made to governments or other authorities in jurisdictions that do not ensure the same degree of protection of your Personal Data as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties on any lawful grounds we may have.
Other Disclosures
We may disclose any Personal Data without your consent on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, for public health and other matters in the public interest, to medical providers or healthcare organizations, medical examiners, in connection with organ and tissue donor requests, or where otherwise allowed by applicable law.
Your Rights & Choices
Access
You may access the Personal Data that we process to the extent required and permitted by law. Further, our Service offers you tools (e.g. through the account services menu), consistent with your permissions as a User, for securely accessing your personal data, including Health Records, Health Profile Data, data from Audit Logs, and other information about your RK360® Record.
Your Rights
Applicable law may grant you some or all of the following rights in your Personal Data. To the extent applicable law grants you these rights, you may exercise these rights using the methods set forth below, or by contacting us. Please note: we may require that you provide additional Personal Data to exercise these rights, e.g. Identity Data that is necessary to prove you are authorized to make a request.
Rectification
Our Service offers you tools, consistent with your permissions as a User, for correcting any Personal Data that the Service holds about you to the extent required and permitted by law. You may be able to make changes to Personal Data, such as Account Registration Data and Medical Profile Data through the user account settings menu provided through the Service.
Please Note
Our Service stores and displays copies of Health Records that are maintained in Providers’ systems; we do not control and cannot alter the content of your Health Records. Please contact the relevant Provider to exercise your right to correct Health Records. Updated Health Records will be reflected in the Service when updated by the Provider and only if the Service is authorized to receive the updated Health Record.
Erasure
Our Service offers you tools, consistent with your permissions as a User, for deletion of Health Records, Health Profile Data, account registration data and contents of RK360® Records. You may not, however, delete the Audit Logs that document User activities on the Service and in RK360® Records. We will explain how to use these tools but cannot utilize these tools on your behalf.
Please Note
We store and display copies of Health Records that are maintained in Providers’ systems if they are shared with us; we do not control and cannot delete Health Records stored in Providers’ systems. Please contact the relevant Provider to exercise your right to delete your primary Health Records.
Data Portability
To the extent required by applicable law, our Service will enable you to export and send to yourself, to Providers or to other third parties, copies of certain Personal Data in your RK360® Record in a common portable format of our choice. Before you delete Data, our Service will remind you to export a copy of your Data to a destination storage location you control. To export data, you may use the data sharing functionality that our Service offers and you may employ as destinations your personal email or fax, or the email or fax of the appropriate third party. We will explain how to use these tools but cannot utilize these tools on your behalf.
Complaints
You have the right to contact or file a complaint with us, as well as regulators or supervisory authorities, about our processing of Personal Data. To file a complaint with us, simply contact us. To file a complaint with governmental bodies, please contact your local data protection or consumer protection authority. In the US, you may be able to file a complaint with the Federal Trade Commission, or if appropriate, the Department of Health and Human Services, in each case, by submitting a complaint through their online complaint processes. We will not retaliate against your for filing a complaint.
California Rights
Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year (if any). Please contact us to make this request.
HIPAA
To the extent required by applicable law, we will provide you with an accounting of the disclosures of your Health Data or Health Profile Data (if any). To do so, please contact us.
Your Choices
It is possible for you to use portions of our Corporate Site without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process, however, please note that we may not be required to agree to a requested restriction to the extent permitted by law:
Data Collection and Sharing
You may generally control how Personal Data is shared with us, and how we share your Personal Data. You can control what Personal Data we collect by modifying your permissions with your Providers, or modifying your authorizations to share data with third parties. Additionally, you may change your authorization for our Service to receive continuous updates of your Health Records through the account settings menu. You may also limit sharing of any Health Records and Health Profile Data, as well as any other Personal Data (including data shared with third parties and subordinate Users) through the account settings menu. Note, only Account Administrators may directly limit the rights and permissions of subordinate Users. You may contact us for guidance about how to employ the account settings menu.
Direct Marketing
You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You have the choice to opt-out of or withdraw your consent to direct marketing communications you receive. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.
Consent
If you consent to any other processing of your Personal Data, you may withdraw your consent at any time. Please note, as the primary function of the Service is to collect, aggregate, store and share copies of your Health Records and Health Profile Data, your sole means of revoking consent may be to delete data from the Service, or delete your account.
Cookies and Similar Tech
If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt out of certain third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Service, the Google Privacy Policy, or Google Analytics Opt-out. Please note, at this time, our Service does not respond to your browser’s do-not-track request.
Security
We are required by law to maintain the privacy of your Health Records and Health Profile Data, and we implement reasonable and appropriate security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Further, certain methods of sharing your Health Records you may choose to use may present risks to the confidentiality of Sensitive Personal Data. We do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure, nor will we be liable for any unauthorized disclosures that occur following your choice to share Personal Data with Authorized Users or recipients you designate, such as Providers. We will notify you if there is a breach of the security of unsecured Personal Data we may process, where such notice is required by law.
Data Retention
Our Service keeps the Medical Records and Profile Data of Authorized Users until those Users employ the tools the Service offers, consistent with their permissions, to delete that data at which point we retain only Audit Logs of User activity in accordance with Your Rights & Choices. Otherwise, our Service retains Personal Data for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. To the extent our Service retains any Personal Data, we will review retention periods periodically, and may pseudonymize or anonymize data held for longer periods, if appropriate.
Minors
Our Service and Corporate Site are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals unless we receive the consent of the minor’s parent or guardian. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Service or Corporate Site if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.
International Transfers
We operate in and use Internet service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the specific mechanism used to ensure adequate protection of Personal Data subject to EU Law.
Information for Users in the EEA
Controller
Prosocial Applications, Inc. is the data controller for Personal Data collected under this Policy.
Legal bases for processing
The legal bases of our processing of your Personal Data is described in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at legal@redkangaroo.us.
Processing purpose
Use:
RK360® Service
Contacting Us
Disclosure:
Service Providers
Legal Basis:
Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service. This may include processing that is necessary to provide the Service.
The following processing activities constitute our legitimate interests. We balance any potential impact on you when we process your Personal Data for our legitimate interests. You may object to this processing as described in the Rights of EU Users section below.
For example, our legitimate interests include:
Processing purpose
Use:
Marketing Communications
Disclosure:
Service Providers
Legal Basis:
Direct Marketing
Processing purpose
Use:
Marketing Communications
Disclosure:
Service Providers
Legal Basis:
Determining the effectiveness of marketing campaigns
Processing purpose
Use:
Audit Logs
Information Security
Product and Service Improvement
Disclosure:
Service Providers
Treatment, Payment, and Healthcare Operations
Affiliates
Corporate Events
Legal Basis:
To create, provide, support, maintain, and improve our products and Service, or to improve the efficiency of our Service, and operate our business
Processing purpose
Use:
Audit Logs
Information Security
Product and Service Improvement
Disclosure:
Service Providers
Legal Disclosures
Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.
Legal Basis:
To secure our platform and network, investigate suspicious activity or violations of our terms or policies; and to protect the safety of Personal Data, including to prevent exploitation or other harms to which Users may be particularly vulnerable.
Processing purpose
Use:
Our Service
Disclosure:
Medical Power of Attorney
Providers
Marketers
Legal Basis:
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime by contacting us at legal@redkangaroo.us
Processing purpose:
All Personal Data
Legal Basis:
Note, we may process and disclose Personal Data where it is in the vital interests of a data subject, to comply with a legal obligation to which we are subject, in the public interest, for public health purposes and medical or scientific research, or other appropriate legal ground which may apply under applicable law.
Rights of EU Users
Right to Object: Where we process data based on our legitimate interests, you can object to that processing to the extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise or defense of a legal claim.
Right to Restrict: You may have the restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.
UPDATES TO THIS POLICY
We are required to comply with the effective version of this Policy. We may change this Policy from time to time, and when we do so, the changes will apply to all Personal Data we maintain, to the extent allowed by applicable law. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Service following notice of any changes indicates acceptance of any changes. You may download and print a paper copy of this notice from the Corporate Site.
Contact Us
Feel free to contact us with questions or concerns using the appropriate address below.
By Postal Mail:
Prosocial Applications
1905 15th St. #4585
Boulder CO 80302-4585
United States
Attn: Legal Department
By email:
CALIFORNIA PRIVACY POLICY
Effective February 7, 2021
This Privacy Policy for California Residents (this “California Notice”) is a supplemental notice and is expressly made part of the RedKangaroo® Privacy Policy. This California Notice is solely for California resident consumers and applies to all products, websites, applications, and services (collectively, the “Services”) offered by RedKangaroo®, including our affiliated entities (“RedKangaroo®,” “we,” “us,” or “our”). This California Notice contains information about the Personal Information we collect about California consumers and is provided in compliance with the California Consumer Privacy Act of 2018 (the “CCPA”). As used in this California Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular individual or household.
Personal Information We May Collect
The CCPA requires certain disclosures to California residents with respect to the types of Personal Information we collect from users of our Services, the sources of such Personal Information, and third parties we may share the information with. Through the use of our Services, we collect the following information:
- Contact information such as name, address, telephone number, email address(es), healthcare providers including doctors and pharmacies, health insurance providers, family members, and representatives.
- Transaction information such as customer account information, purchase history, marketing and ad campaign data and history, history related to downloads and purchases, customer service records, and visitor logs.
- Internet or network activity information such as browsing history, passwords, geolocation information inferred from your IP address, and viewing data.
- Biometric information.
- Other information that could be reasonably associated with you.
Personal Information does not include publicly available information from government records, consumer information, information that is excluded from the scope of the CCPA, personal information covered by sector-specific privacy laws, including the Fair Credit Reporting Act, the Gramm-Leach-Biley Act or California Financial Information Privacy Act, and the Driver’s Privacy Protection Act of 1994.
Furthermore, personal information does not include, and this California Notice does not apply to, information covered by the Health Information Portability and Accountability Act of 1996 (“HIPAA”) collected and/or stored in our provision of Services to healthcare providers and billing companies. This California Notice does not apply to personal information we collect from employees, owners, directors, officers, or contractors of businesses in the course of our provision or receipt of business-related services. It also does not apply to personal information we collect from employees from or job applicants in their capacity as employees or job applicants.
Use of Personal Information
RedKangaroo® does not sell the Personal Information of California consumers, however, we may use or disclose the Personal Information we collect for one or more of the following business and/or commercial related purposes:
- Providing our Services.
- For supervision, administration, and monitoring of our Services.
- Improving our Services or developing new services.
- To measure and improve the quality and effectiveness of our Services.
- To provide support to you.
- To protect against security incidents and fraudulent or illegal activity.
- To respond to your inquiries.
- To personalize your experience using our Services.
- To advance our commercial and economic interests such as third-party advertising.
- Targeted offers and ads through our Services and third-party websites.
In addition, RedKangaroo® may use Personal Information about you for other purposes that are disclosed to you at the time we collect the information and/or your consent. RedKangaroo® may combine your Personal Information and other information collected about your use of the Services, and also supplement with information from external sources for the purposes described in this California Notice. For example, information that RedKangaroo® collects about you may be combined by RedKangaroo® with other information available to RedKangaroo® through third parties for research and measurement purposes, including measuring the effectiveness of content, advertising or programs. This information from other sources may include age, gender, demographic, geographic, personal interests, product purchase activity or other information. We may report aggregate information, which is not able to be identified back to an individual user of the Website, to our current or prospective advertisers and other business partners.
Disclosure of Personal Information
RedKangaroo® may disclose your Personal Information to a third party for business and/or commercial purposes. We may share your Personal Information when we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not to use it for any purpose except for performing the contract.
We share the minimum necessary personal information with service providers that provide audit, legal, operational, technical or other services for us such as monitoring website activity, reporting and analytics, marketing and advertising, and data aggregators.
Knowing Your Rights
The CCPA provides California consumers with specific rights regarding their Personal Information. In addition to the rights outlined in our Privacy Policy and subject to certain restrictions, California residents may also have the right to request that we disclose what Personal Information we collect about you, delete any Personal Information that we collected from or maintain about you, and opt-out of the sale of Personal Information about you, if applicable.
You have the right to request that RedKangaroo® notifies you of the Personal Information about you that we have collected and used. You may also request the specific pieces of Personal Information that we have collected about you. However, we may withhold some information where the risk to you, your Personal Information, or our business is too great to disclose the information. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information we collected about you.
- The categories of sources for the Personal Information we collected about you.
- Our business or commercial purpose for collecting or selling that Personal Information.
- The categories of third parties with whom we shared that Personal Information.
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing: (i) sales, identifying the Personal Information categories that each category or recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive your request and verify who you are, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- To comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
How to Exercise Your Access and Deletion Rights
California residents may exercise their California privacy rights by submitting a request in writing to RedKangaroo® via the contact information listed in the Contact Us section.
For security purposes, we may request additional information from you to verify your identity when you request to exercise your California privacy rights. This information will be used solely to verify your identity in connection with your request and will not be retained. Only you, or a person registered with the California Secretary of State that you authorize on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
Once you submit a request to (i) access the categories of Personal Information we have about you or (ii) obtain a copy of specific pieces of Personal Information we have about you, we will verify your identity by matching the information provided in your request with information we may have in our system. Upon successfully verifying your identity, we will provide you with your requested information in a secure, password-protected format. If we are unable to verify your identity, we will notify you. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Non-Discrimination
RedKangaroo® will not discriminate against you for exercising any of your CCPA rights.
Other California Privacy Rights
In addition to the rights described above, California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website and Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to legal@redkangaroo.us.
Updates to this California Notice
We will update this California Notice from time to time. When we make changes to this California Notice, we will change the “Last Updated” date at the beginning of this California Notice. All changes shall be effective from the date of publication unless otherwise provided in the notification. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.
The Cookies Policy
The Cookies Policy is available in the Cookies and Similar Tracking Technologies section.
Connecting Patients to Providers through Personalized Health Information
