Welcome to this website or mobile application, a service of 1819 LLC (“we” “us” or “our”). This Privacy Policy explains how we collect and use data when you use this website or mobile application, or any other website, mobile application, or interactive features that link to this Privacy Policy. This Privacy Policy is incorporated into and made a part of the Terms of Use located at https://quilhealth.com/terms-of-use/ .

Privacy Policy Scope

This Privacy Policy describes the information we collect about you, how we use that information, and how we protect your privacy when you use our website(s), mobile application(s) or other interactive feature(s) (each, a “Service, and collectively, “Services”) that links to this Privacy Policy, including, but not limited to:

  • 1819 LLC or Quil-branded websites, including quilhealth.com
  • 1819 LLC or Quil-branded and mobile applications

We are not responsible for the privacy practices of any third-party Service Providers (such as health plans, health care providers, internet service providers or cloud service providers) or other third parties operating websites or applications. The inclusion of a link in any Services to the services provided by another party does not imply that we endorse or otherwise monitor the privacy practices of that linked third-party Service Provider.

Terms used in this Privacy Policy have the meanings set forth in the Definitions section found at the end of the policy.

Categories of Data We Collect When You Use Our Services

  • Non-Personally-Identifiable Information
    • Information that does not identify an individual and may include:
      • Anonymous Mobile App API request, Website HTTP requests, Device IDs, Public Web Browser Agent Data, Tracking Pixels, IP addresses and Cookies
      • Service Usage Data
      • De-identified Data
  • Personal Health Record Data includes information that you, your Employer and/or your Providers provide to the Service. PHR Data includes PII, PHI and may include information such as:
    • Your name and contact information, such as your address, phone number, or email address.
    • Your medical history, conditions, treatments, and medications.
    • Your healthcare claims, health plan account numbers, bills, and insurance information.
    • Your demographic information, such as your age, birth date, gender, ethnicity, and occupation.
    • Wellness information that you enter into the Service such as notes, fitness data, scheduling, height, and weight.
    • Specific Device IDs, IP addresses, Gelocation data and Cookies that are aggregated together and linked to your account.

How We Collect and Use Non-Personally Identifiable Information from Visitors

If you have not registered for a Service account, then we treat you as a Visitor to our websites. When you visit or interact with our Services as a Visitor, we collect data from you through a number of different automated technologies such as Anonymous Website HTTP requests, Public Web Browser Agent Data, Tracking Pixels, IP addresses, and Cookies. We utilize Google Analytics, Firebase and Tag Manager to help collect this information, please see “How Google uses data when you use our partners’ sites or apps” for more details.

We use this information to track traffic on our websites; we do not track specific visitors over time and across third-party websites for targeted advertising; therefore, we do not respond to Do Not Track (DNT) signals.

After you have registered for an account, we no longer treat you as a Visitor but a PHR User of our Services.

How We Collect Personally Identifiable Information Prior to Your Registration.

Before you register for a Service account, we may collect your information in two ways: (1) if you contact us through the Internet and provide us with your contact information (e.g., name, mailing address, email address and other information); (2) We may obtain your contact information and other information from your Employer or a Healthcare Provider with which we partner. In either case, we will use such information for the sole purpose of informing you about our Services and inviting you to register or providing Services to you.

How We Collect Personally Identifiable Information from PHR Users

We collect Personally Identifiable Information when you voluntarily register as a PHR User of our Services. To use the Services, you must complete the registration process, which includes accepting our Terms of Use located at https://quilhealth.com/terms-of-use/ .  As part of the registration process, you may be asked to provide certain information, such as your name, mailing address, cell phone number and email address; you will also have the opportunity to provide additional information to us, such as information regarding your health plan and wellness information. We also may collect Personally Identifiable Information and Non-Personally-Identifiable Information from your Employer or Healthcare Provider(s) with whom we have we established agreements. When you visit or interact with our Services as a PHR User, we collect data from you through a number of different automated technologies such as Mobile App interactions, Website HTTP requests, Public Web Browser Agent Data, Tracking Pixels, IP addresses and Cookies. We consider all of this information PHR Data.

We do De-identify PHR Data, which is the process where personal identifiers are removed from an individual’s dataset and do not allow someone to determine a person’s identity. De-identified Data is no longer considered PII, PHI, or PHR Data; it is considered Non-Personally-Identifiable Information.

How We Use the Data We Collect

We use Personally Identifiable Information and Non-Personally-Identifiable Information so that we can:

  • Verify your identity and authenticate access to your account.
  • Provide you with our Services.
  • Personalize the wellness management of our Services.
  • Provide you with customer service and technical support for our Services.
  • Evaluate and improve our Services and analyze trends.
  • Notify you of new Service features or new Services that we provide.
  • Notify you of other services or benefits available to you.
  • Take action that helps us to maintain the security of our Services, the privacy of your PHR Data, obey laws, and help prevent fraud and abuse.
  • Update any software that we provide in conjunction with our Services.
  • Take actions to enforce our agreements and policies.

How We Share and Disclose Information With Others

Our policies for sharing and disclosing your data with others depends on whether you have registered with our Services or not.

  • Third-Party Service Providers.

We consider all PHR Data we collect from our Services to be confidential. We use third-party service providers to assist us in delivering our Services to you, including cloud hosting, technical integration, analytics, customer service, and fraud protection services. We may share PHR Data we collect about you with these third parties to the extent necessary for them to provide these services. These companies are acting on our behalf and are required by our Business Associate Agreements, to keep this information confidential and are only authorized to use it for specific purposes.

  • Your Employer

We will share De-Identified Data with your employer. We also may share PHR Data with your Employer as allowable by law.

  • Your Health Plans and Health Care Providers.

We will share De-Identified Data with your health plans or Health Care Providers. We also may share PHR Data with your health plan and/or Health Care Provider(s) as allowable by law and/or  with whom we have established Business Associate Agreements,.

  • Your Authorized Representatives.
    Our Services may give PHR Users the option of designating one or more individuals or organizations to access their PHR Data through the Services. In these cases, we will first request your consent and contact information that we can use to verify the identity of these individuals or organizations. You should only authorize this access to individuals or organizations with whom you have a trusted relationship, as we cannot control these individuals or organizations’ use of your PHR Data or the access credentials that we issue to them with your consent.
  • Legal Authorities.
    We may be required by law or legal process to disclose PHR Data to our lawyers, to third parties in connection with litigation, or to law enforcement personnel. We will disclose your PHR Data in compliance with applicable laws. We may provide this information without your consent and without notice to you when we are required to do so in order to comply with a valid legal process such as a subpoena, court order, or search warrant.
  • Business Transfers.
    If we enter into a merger, acquisition, or sale of all or part of our assets, your PHR Data may be included in the transferred assets.  In such an event, so long as we have the means to contact and are required to do so, we will provide you with notice of such a transaction.
  • We do not sell your PHR Data to Data Brokers, Marketing Groups, Advertising Networks, or Analytics Firms.

Communications with You

Before you register for a Service account, we may use the contact information provided by your Employer or Healthcare Provider to inform you about our Services and inviting you to register. To the extent that your Employer or Healthcare Provider provides us your contact information, or as otherwise allowable by law, Quil may contact you via email or SMS for Service registration. If you do not wish to receive any notifications from us, you may click “Unsubscribe” on any emails and reply back with “STOP” to any SMS messages. You may also contact us by email at privacy@quilhealth.com and request that we STOP text messages or “Unsubscribe” you from emails.  Data rates may apply to SMS messages.

For your convenience, emails and SMS messages may, and in accordance with applicable law, be sent to you in connection with our Services like for appointment reminders, wellness notifications, and more; these messages may contain your PHR Data. Emails and SMS messages that may contain your PHR Data and you understand and accept the risk of using these unsecured communications. We are not responsible for the security and privacy practices of your email provider or cellular carrier. You may choose to change your communication preferences at any time when logged into the Service application and/or website.

What You Can Do With Your Information

If you are a PHR User, you can contact us at privacy@quilhealth.com regarding how your PHR Data is handled, such as data correction, deletion, and export requests. We will respond to your privacy requests within 30 days or such other time period as required by applicable law.

Retention of Your PHR Data

We will retain your PHR Data for as long as your account is active or as needed to provide you with Services, or comply with our legal and contractual obligations, resolve disputes, and enforce our agreements with you.

Security Safeguards

We have implemented technical, administrative, and physical security measures based on generally accepted industry standards that are designed to protect PHR data from unauthorized access, disclosure, use, and modification. We regularly review our security practices to consider appropriate new technology and methods. We enter into agreements with our third-party Service Providers that require them to adhere to privacy and security standards that are no less stringent than our own for the services that we delegate to them.

Children

Our Services that link to this Privacy Policy are not directed toward children under 13 years of age, and we do not knowingly collect or use information from children under 13 through services linked to this privacy policy. Any information submitted to services regarding a minor under the age of 13 must be submitted by the minor’s legal guardian.

Users Outside of the United States

Our Services that link to this Privacy Policy are only intended to be utilized by users located within the United States. If you are not located within the United States, please do not utilize our services.

Ways in Which You Can Further Protect PHR Data

  • Never share your username and password information with anyone.
  • Do not reuse passwords between your Quil service account and other accounts you own.
  • Immediately change your password if you believe any unauthorized access to your Quil service account has occurred.
  • Log out of your service account when you’ve completed the actions for which you logged in.
  • Install appropriate security products, such as firewalls, anti-virus and anti-spyware software, and wireless network security products on the computers from which you access your service account.
  • Make sure that you read and understand the privacy policies of your Employer or Health Care Provider(s).
  • If you choose to opt-in to using communication convenience features that may send PHR Data to you via email and/or SMS, be sure to protect your email account and phone with robust passwords and multi-factor authentication.

Notification in the Event of Improper Disclosure of PHR Data

In the event that identifiable data is improperly disclosed, Quil will contact affected individuals via reasonable means such as email in accordance with applicable state and federal laws.

Notice to California Residents

Quil uses the data you provide as set forth above. As stated previously, we do not sell your information. If you are a resident of California and would like to make a formal request for data inventory/export/removal, please contact us using the contact information set forth in this Privacy Policy.  If you are a California resident, you may have certain additional rights. Visit the California Legislative Website for more information regarding your rights under the California Consumer Privacy Act of 2018. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for direct marketing purposes. California Business and Professions Code Section 22581 permits registered users who are minors to request and obtain deletion of certain posted content.

Changes to this Privacy Policy

We reserve the right to change this Privacy Policy. When we change it, we will make a copy of it available to you by posting it on our website and including a link to it in our mobile applications. If we make material changes to this Privacy Policy that will result in a new use, disclosure, or permission of access to your personal data that we previously collected and stored, we will obtain any consent to the extent required by law. You understand and agree that if you use this website or mobile application after the effective date of the updated Privacy Policy, we consider your use as acceptance of it.

Privacy Policy Questions and Exercising Your Data Privacy Rights

If you have any questions regarding this Privacy Policy or requests about the use, disclosure, inventory, export, removal or handling of your information, you may contact us at 1-215-259-8663 or privacy@quilhealth.com or via mail to:
Quil, 1900 Market Street, Suite 601, Philadelphia, PA 19103

Privacy Policy Effective Date: 10/29/2018

Privacy Policy Last Updated Date:  3/13/2020

Acceptance Of Terms

By using any of Quil websites or applications, you signify your acceptance of our Privacy Policy. If you do not agree to this policy, please do not use our websites or applications. Your continued use of the sites and applications following the posting of changes to these terms will mean that you accept those changes.

Definitions:

  • Authorized Representative
    • An Authorized Representative is someone you authorize to access your PHR Data on your behalf.
  • Business Associate Agreement
    • A Business Associate Agreement (BAA) is a HIPAA required contract between a covered entity, such as a Healthcare Provider, and business associate, such as a company that maintains, stores and/or transmits PHI on behalf of that covered entity.
  • Cookie
    • A cookie is an element of data that we can send to your web browser to track your usage patterns as you visit browse the internet.
  • De-identified Data
    • De-identified data is data in which personal identifiers are removed.
  • Device ID
    •  A unique alpha-numeric device identifier.
  • Employer
    • Collectively the entity that employs you, or other organization with which you are affiliated through which you have access to Quil’s services.
  • Healthcare Provider
    • A healthcare provider, healthcare practice, or hospital that you authorize to provide information to your Quil service account.
  • Non-Personally-Identifiable Information
    • Information that does not identify an individual.
  • PHR
    • “PHR” means Personal Health Record.
  • PHR Data
  • Visitor / Non-PHR User
    • An individual who has not registered themselves within the Service (Quil Health Platform).
  • Service Providers
    • A service provider is an entity that is hired to perform certain functions for and operate under the direction and control of Quil.

Last Updated: March 19, 2020

Copyright © 2020 1819, LLC. All rights reserved.