Ada Health, Inc. Privacy Policy
Last modified: 29 July 2022
Ada Health, Inc. (“Ada”), its subsidiaries and affiliates are committed to processing, using, transferring, and managing personal information in accordance with applicable privacy laws and this Policy. This Policy details how Ada collects, uses, transfers, and shares your personal information.
This Policy applies to the personal information we obtain when you interact with Ada using our websites, apps, and other online services or apply for a job with us or otherwise connect with us (collectively, the “Services”).
In this Policy, "we", "us" and "our" refers to Ada, and "you" refers to any individual about whom we collect personal information.
1. Information we collect
We ask for personal information so you can use our Services, sign in to your account, receive customer support and test results, and communicate with us about our Services, promotions, and activities. We collect the following information when you engage with us.
When you create an account, we collect the following information:
- Name and contact information
- Date of birth
- Postal address
- Username and password that you may select in connection with establishing an account on our Services
- Health and symptom information which you provide to us
- Details of the products and Services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and Services and to respond to your inquiries
- Any additional information relating to you that you provide to us directly through our Services or by other means such as over the phone, via email, or in person
- Information you provide to us via voluntary feedback or engagement surveys
- Any additional personal information you provide to us, or authorize us to collect, as part of your interaction with Ada
When you use our Services:
- Information about your physical condition (e.g. height, weight, age)
- Information about risk factors concerning your health (smoking, diabetes, pregnancy status, etc.)
- Information about your health that you provide, e.g. description of your symptoms, allergies, medication, medical history, etc.
- Information about your health that we generate based on your input, e.g. test results, likely causes for your symptoms, etc.
When you buy Services through Ada or our partners, affiliates, and subsidiaries:
- Billing information (e.g., credit card details)
- Shipping information such as your postal address
- Health and symptom information which you provide to us
- Purchase history
When you use our Websites or Apps:
- IP address
- Information on your interaction with our apps, web sites and advertisements such as pages you visit
When you interact with us:
- Any additional information relating to you that you provide to us, through our Services or otherwise
- Information you provide to us via voluntary feedback or surveys
2. Information collected by automated means
When you interact with our online services, we obtain certain information by automated means, such as cookies, web server logs, web beacons, and other technologies. A 'cookie' is a small text file that websites send to a visitor’s computer or other Internet-connected devices to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.
We use these automated technologies to collect information about your equipment, devices, internet connection, browsing actions, and usage patterns. The information we obtain in this manner may include your IP address, host name of the accessing device, your access provider, identifiers associated with your devices, types of devices connected to our services, web browser characteristics, browsing history, device characteristics, language preferences, referring/exit pages, clickstream data, and dates and times of visits to our Services. We may also obtain information about how you interact with our services, such as features and pages you visit, search queries, and download errors.
These technologies help us (1) remember your information so you will not have to re-enter it; (2) track and understand how you use and interact with our products and services; (3) tailor the products and services around your preferences; (4) measure the usability of our products and services and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services. Most web browsers are initially set up to accept cookies. You have the option of disabling or refusing cookies at any time in your browser preferences. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device. However, note that some parts of our Sites will not function properly or may be considerably slower if you refuse cookies. For example, without cookies, you will not be able to set personalized preferences, and/or may have difficulty completing transactions.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please note that not all tracking will stop even if you delete cookies. For information about Do Not Track, please visit: www.allaboutdnt.org
For more information about how we use cookies, please visit our cookie policy here.
3. How we use your personal information
Ada collects personal information reasonably necessary to carry out our business, to assess and manage our users’ needs, and provide our Services to you. We may also collect information to fulfill administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing user relationships.
The purposes for which Ada usually collects and uses personal information may include:
- To fulfill obligations under any contract you may have with us;
- To deliver the Services and/or products you requested;
- To manage our relationship with you, with your consent;
- To provide information and marketing about products, Services, and/or special offers to users;
- To obtain opinions or comments about products and/or Services from users;
- To record statistical data for marketing analysis from users;
- To improve our Services, as well as for training and quality purposes;
- Responding to requests, questions, complaints, and other general inquiries;
- Researching, developing and expanding our Services;
- At your direction and with your consent;
- For quality control and administration and assisting us to develop new and improved products and Services;
- To recruit interns, staff, and employees;
- To comply with any requirement of any applicable statute, regulation, rule, and/or good practice;
- To prevent or detect abuse of our services or any of our rights (and attempts to do so), and to enforce or apply our Policy and/or any other agreement, and to protect our (or others') property or rights.
We do not sell your personal information or transfer personal information to third parties to use for their own benefit; however, we allow certain companies to place tracking technologies like cookies on our Services. Those companies receive information about your interaction with our Services that is associated with your browser or device and may use that data to serve you relevant ads on our Services or others. Except for this kind of sharing, we do not sell any of your information. For more information please see the section of our policy titled, “Information Collected by Automated Means.”
4. Sharing personal information
We may share your personal information for the purposes as follows:
- Within our company and with our affiliates.
- With service providers that perform Services on our behalf, including for the purposes of operating our website, assisting us to perform business functions, managing and updating member lists and records, analyzing data, handling billing and payments, and facilitating customer service.
- With business partners including laboratories, insurance companies, hospitals or other care providers, your pharmacy, who are associated with delivery of Services to you. This will always be made transparent to you and never happen without your knowledge.
- With professional services such as legal advisors, accountants, and consultants.
- With other parties with your consent and at your direction.
We reserve the right to disclose your personal information as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, us or others.
We may use and disclose your personal information for other purposes explained at the time of collection (such as in a specific privacy collection statement or notice) or otherwise as set out in this Policy.
We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices.
5. Data retention
We retain personal data for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. When we no longer need the personal information we collect, we either anonymize the information upon your request or delete the information, unless we are legally required to retain it.
6. Your marketing choices
You can opt-out of our use and disclosure of your personal information for marketing purposes and customer satisfaction surveys, and/or withdraw your prior consent for same, by the methods provided below. Upon requesting an opt-out, your consent will be withdrawn; however, please note that it often takes some time to process these requests. Therefore, it is possible that you may receive communications scheduled prior to our receipt of your withdrawal of consent.
You may reply to a promotional or marketing e-mail that you have received from us with the word "Unsubscribe" in the subject line or you can email us directly at [email protected]. You may also unsubscribe from receiving marketing or other commercial emails by following the instructions included in the email. (If you use more than one e-mail address, then send your opt-out e-mail from each of your e-mail addresses.) Another way to unsubscribe is to delete your account in the app but this is irreversible, and you will lose access to your account and records. We may also provide additional methods for you to opt-out of having your personal information used or disclosed for promotional and marketing purposes.
Please note, even if you opt-out of receiving marketing or commercial communications, we retain the right to send you non-marketing communications such as correspondence about your existing business relationship with us, information about tests and results, payment receipts, or notifying you of updates to this Policy or Terms & Conditions.
7. California residents
If you reside in California, you may have certain additional rights regarding your “personal information” as defined under the California Consumer Privacy Act of 2018 (CCPA) or otherwise. This section of our Policy supplements the information provided elsewhere in this Policy and in our Cookie Policy.
Ada may collect the following CCPA categories of personal information from you based on the Services you use:
Category | Examples | Collected and Processed by Us |
|---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | Yes |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | No |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes |
G. Geolocation data. | Physical location or movements. | No |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | No |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | No |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | No |
We did not during the preceding 12 months, do not currently, and will not in the future sell your personal information to third parties (and will never do it without providing a right to opt out). Except as disclosed in this section for California residents, we do not transfer your personal information to third parties.
We will transfer your personal data to our parent company Ada Health GmbH in Germany as a third party processors in connection with delivering the Services, based on a data protection agreement. Ada Health GmbH in turn may also transfer your personal data to further third party processors in connection with delivering the Services, but only with those third-party processors with whom we have a data protection agreement in place. A full list of our third-party processors can be found here. We may also share your personal information by disclosing it to a third party for a business purpose, and for any other purpose with your consent. Examples of such third parties include partner laboratories, telehealth providers and pharmacies. We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
Personal Information Category | Category(ies) of Third-Party Recipients | Business Purpose |
|---|---|---|
A: Identifiers. | Customers, service providers, affiliates and business | To provide our Services to you and to process your orders and results. |
B: California Customer Records personal information categories. | Customers, service providers, affiliates and business partners | To provide our Services to you and to process your orders and results |
C: Protected classification characteristics under California or federal law. | Customers, service providers, affiliates and business partners | To provide our Services to you and to process your orders and results |
D: Commercial information. | Service providers and affiliates. | To provide our Services to you and to process your orders and results |
E: Biometric information. | None | N/A |
F: Internet or other similar network activity. | Service providers and affiliates. | To provide our Services to you. |
G: Geolocation data. | None | N/A |
H: Sensory data. | None | N/A |
I: Professional or employment-related information. | None | N/A |
J: Non-public education information. | None | N/A |
K: Inferences drawn from other personal information. | None | N/A |
CCPA provides California consumers the following rights (which does not interfere with GDPR):
Right to request disclosure of any personal information we collected (Article (1798.100) (a) CCPA). This means in particular that you have the right to request disclosure of the categories of personal information we collected from you, together with the categories of sources from which it was collected, the purpose of the collection, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information that have been collected (Article 1798.110 (a) CCPA).
Right to request deletion of any personal information that we collected from you (Article (1798.105) CCPA). This means that after we have verified your request to delete your personal information, we shall delete it from our records and direct any service providers to delete your personal information from their records, except when Article 1798.105 (d) CCPA is applicable (e.g. in case the personal information is necessary to provide the Services, to detect security incidents, to identify and repair errors that impair existing intended functionality of the Services, to engage statistical research in the public interest, or to comply with a legal obligation).
You can exercise your rights by contact us via email at [email protected]. Please select the subject line “Exercising My Data & Privacy Rights”. In addition, you can exercise any rights under CCPA or request further information regarding your rights by calling us through our hotline.
8. Location and international use of personal information
Ada is a United States company subject to United States law. We will treat your personal information in accordance with the applicable federal and state laws of the United States and this Policy. If you are located outside the United States, please do not use the Services.
We have affiliates, service providers, and other commercial interests across the globe. We may transfer your personal information to countries other than the United States for the purposes described in this Policy. For example, we typically transfer and process all personal information in the EU, specifically Germany.
9. How we protect information
We maintain administrative, technical and physical safeguards designed to protect personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Despite such efforts, however, please note that no organization can fully eliminate risks or guarantee the security of personal information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of personal information or other data arising in connection with the theft of the information or other malicious actions.
10. Links to third-party websites
Our Services may contain links or references to third party websites. These websites are outside of our control, and the privacy policies of these sites may differ from our own. Please be aware that we have no control over these third-party websites and this Policy does not apply to such websites. We encourage you to check the terms of use and privacy policies of such websites before disclosing any personal information via such websites.
11. Updates to this Policy
Ada may amend this Policy from time to time, with or without notice to you. We recommend that you visit our Services regularly to keep up to date with any changes. We also try to let you know about major changes to this Policy (for example by putting a notice up on our website).
12. Contact us
The contact details for Ada are as follows:
E: [email protected]
Postal: Ada Health, Inc., 745 5th Avenue 5th Floor New York City, NY 10151. USA