Ada Health, Inc. Privacy Policy
Last modified: 25 July 2024
Ada Health, Inc. (“Ada”), its parent company, Ada Health GmbH, and affiliates are committed to processing, using, transferring, and managing personal information in accordance with applicable privacy laws and this Policy. This Policy details how Ada collects, uses, transfers, and shares your personal information.
This Policy applies to the personal information we obtain when you interact with Ada using our digital health and symptom assessment (“Ada Assess”), websites, , and other online services or otherwise connect with us (collectively, the “Services”). Please note that Ada’s COVID-19 Risk Severity and Authorized Oral Antiviral Potential Eligibility Questionnaire is subject to a dedicated Privacy Policy that can be found here. Use of the mobile app provided by Ada’s parent company, Ada Health GmbH, is subject its own Privacy Policy that will be provided within the app.
In this Policy, "we", "us" and "our" refers to Ada, and "you" refers to any individual about whom we collect personal information.
1. Information we collect
We ask for personal information so you can use our Services, sign in to your account, receive customer support, and communicate with us about our Services, promotions, and activities. We collect the following information when you engage with us.
When you create an account, we collect the following information:
- Name and contact information
- Date of birth
- Username and password that you may select in connection with establishing an account on our Services
- Health and symptom information which you provide to us
- Any additional personal information you provide to us, or authorize us to collect, as part of your interaction with Ada
When you use our Services:
- Information about your physical condition (e.g. height, weight, age)
- Information about risk factors concerning your health (smoking, diabetes, pregnancy status, etc.)
- Information about your health that you provide (e.g. description of your symptoms, allergies, medication, medical history, etc.)
- Information about your health that we generate based on your input (e.g. test results, likely causes for your symptoms, etc.)
- Details of the products and Services you have used or which you have enquired about, together with any additional information necessary to deliver those products and Services and to respond to your inquiries
- IP address
- Information on your interaction with our Services and advertisements, if any, appearing on our Website
When you interact with us:
- Any additional information relating to you that you provide to us directly through our Services or by other means such as over the phone, via email, or in person
- Information you provide to us via voluntary feedback or surveys
2. Information collected by automated means
When you interact with our online services, we obtain certain information by automated means, such as cookies, web server logs, web beacons, and other technologies. A 'cookie' is a small text file that websites send to a visitor’s computer or other Internet-connected devices to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag, or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server.
We use these automated technologies to collect information about your equipment, devices, internet connection, browsing actions, and usage patterns. The information we obtain in this manner may include your IP address, host name of the accessing device, your access provider, identifiers associated with your devices, types of devices connected to our Services, web browser characteristics, browsing history, device characteristics, language preferences, referring/exit pages, clickstream data, and dates and times of visits to our Services. We may also obtain information about how you interact with our Services, such as features and pages you visit, search queries, and download errors.
These technologies help us (1) remember your information so you will not have to re-enter it; (2) track and understand how you use and interact with our products and services; (3) tailor the products and services around your preferences; (4) measure the usability of our products and services and the effectiveness of our communications; and (5) otherwise manage and enhance our products and services. Most web browsers are initially set up to accept cookies. You have the option of disabling or refusing cookies at any time in your browser preferences. For mobile devices, you can manage how your device and browser share certain device data by adjusting the privacy and security settings on your mobile device. However, note that some parts of our Sites will not function properly or may be considerably slower if you refuse cookies. For example, without cookies, you will not be able to set personalized preferences, and/or may have difficulty completing transactions.
Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time. Please note that not all tracking will stop even if you delete cookies. For information about Do Not Track, please visit: www.allaboutdnt.org.
For more information about how we use cookies, please visit our cookie policy here.
3. How we use your personal information
Ada collects personal information reasonably necessary to carry out its business, to assess and manage our users’ needs, and provide our Services to you. We may also collect information to fulfill administrative functions associated with these Services, for example billing, entering into contracts with you and/or third parties and managing user relationships.
The purposes for which Ada usually collects and uses personal information may include:
- To fulfill obligations under any contract you may have with us;
- To process your personal information to deliver our health assessment to you and otherwise provide the Services and/or products you requested;
- To manage our relationship with you, with your consent;
- To provide information and marketing about our products, Services, and/or special offers to users;
- To obtain opinions or comments about our products and/or Services from users;
- To record statistical data for marketing analysis;
- To improve our Services, as well as for training and quality purposes;
- Responding to your requests, questions, complaints, and other general inquiries;
- To contact you if additional information is needed to perform the assessment requested by you or if your assessment presents anomalous results;
- Researching, developing and expanding our Services;
- Uses made at your direction and with your consent;
- For quality control and administration and assisting us to develop new and improved products and Services;
- To comply with any requirement of any applicable statute, regulation, rule, and/or good practice;
- To prevent or detect abuse of our Services or any of our rights (and attempts to do so), and to enforce or apply this Policy and/or any other agreement, and to protect our (or others') property or rights.
4. Making personal information available
We may make your personal information available for the purposes as follows:
- Within our company and with our affiliates.
- For service providers that perform services on our behalf, including for the purposes of operating our website, assisting us to perform business functions, managing and updating member lists and records, analyzing data, and facilitating customer service.
- For our third-party businesses partners with whom you have requested certain services, such as clinical laboratories, insurance companies, hospitals, your pharmacy, or other care providers. Such uses will always be made transparent to you with your knowledge.
- For our professional service advisors such as legal advisors, accountants, and consultants under data protection agreements to the minimum extent necessary for them to perform their services for us.
- For other parties with your consent and at your direction.
- With those “Covered Entities” with whom you have a relationship or request to have a relationship as part of our providing “Business Associate” services to the Covered Entity as described below.
We reserve the right to disclose your personal information as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, us or others.
We may use and disclose your personal information for other purposes explained at the time of collection (such as in a specific privacy collection statement or notice) or otherwise as set out in this Policy.
We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Policy. After such a sale or transfer, you may contact the recipient with any inquiries concerning the recipient’s privacy practices.
5. HIPAA
We have adopted data privacy and security measures with respect to your personal information consistent with the privacy and security obligations required of a “Business Associate” under the Health Insurance Protection and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). We may provide our Services to or through “Covered Entities” as defined by HIPAA. In these and other situations where your personal information takes on the status of “protected health information” under HIPAA, we handle such data under HIPAA as the Business Associate of the Covered Entity. If our engagement as a Business Associate involves the preparation of an assessment under our app or other Service for or on behalf of the Covered Entity, we will share your assessment or other items of protected health information with the Covered Entity to the minimum extent necessary for us to perform our Business Associate functions for the Covered Entity.
6. Data retention
We retain personal information for as long as is necessary for the processing purpose(s) for which the data was collected, and any other permissible, related purpose. When we no longer need the personal information we collect, we either anonymize the information upon your request or delete the information, unless we are legally required to retain it.
7. Your marketing choices
You can opt-out of our use and disclosure of your personal information for marketing purposes and customer satisfaction surveys, and/or withdraw your prior consent for same, by the methods provided below. Upon requesting an opt-out, your consent will be withdrawn; however, please note that it often takes some time to process these requests. Therefore, it is possible that you may receive communications scheduled prior to our receipt of your withdrawal of consent.
You may reply to a promotional or marketing e-mail that you have received from us with the word "Unsubscribe" in the subject line or you can email us directly at [email protected]. You may also unsubscribe from receiving marketing or other commercial emails by following the instructions included in the email. (If you use more than one e-mail address, then send your opt-out e-mail from each of your e-mail addresses.) Another way to unsubscribe is to delete your account in the app but this is irreversible, and you will lose access to your account and records. We may also provide additional methods for you to opt-out of having your personal information used or disclosed for promotional and marketing purposes.
Please note, even if you opt-out of receiving marketing or commercial communications, we retain the right to send you non-marketing communications such as correspondence about your existing business relationship with us, information about tests and results, payment receipts, or notifying you of updates to this Policy or Terms & Conditions.
8. California residents
If you reside in California, you may have certain additional rights regarding your “personal information” as defined under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act, collectively, “CCPA”) or otherwise. This section of our Policy supplements the information provided elsewhere in this Policy and in our Cookie Policy.
The below chart shows you where to find details about the information to which you may be entitled under the CCPA:
| CCPA Information Requirement | Corresponding Information in this Privacy Policy |
|---|---|
| Categories of personal information collected | PERSONAL INFORMATION WE COLLECT ABOUT YOU In general, we collect information in the following categories as defined by the CCPA: identifiers; personal information described by California Civil Code Section 1798.80(e); health information, characteristics of protected classifications under federal or California law; commercial information; and internet information. |
| Categories of sources from which we collected personal information | PERSONAL INFORMATION WE COLLECT ABOUT YOU In general, we collect information directly from you. This includes information we collect through the use of cookies, pixels or other tracking technologies on our website. |
| The business purpose for which we collected your personal information | HOW WE USE YOUR PERSONAL In INFORMATION In general, we use your Personal Information to operate, improve, and communicate with you about our Services. |
| Categories of information shared or disclosed to third parties, and the categories of third parties to which we shared or disclosed that information | HOW WE USE YOUR PERSONAL INFORMATION HOW WE SHARE YOUR PERSONAL INFORMATION In general, we share information in the following categories as defined by the CCPA: identifiers; personal information described by California Civil Code Section 1798.80(e); characteristics of protected classifications under federal or California law; and commercial information. We only share this information with third service providers involved in providing Services to you. |
In addition, California consumers may have the following rights under the CCPA:
- To request that we disclose what Personal Information we collect, use, or disclose about you.
- To know the specific pieces of Personal Information we hold about you.
- To request the deletion of your Personal Information, with some exceptions.
- To correct inaccurate Personal Information about you.
- To request that we stop selling or sharing your Personal Information.
- Submitting Requests. California residents have the right to limit the use of their Sensitive Personal Information. However, that right does not apply because we do not use Sensitive Personal Information for any additional purposes that are incompatible with the purposes listed above, unless we provide you with notice of those additional purposes.
- You may submit requests to opt-out of sale or sharing, correct, delete, and know specific Personal Information and/or categories of Personal Information we have collected about you by contacting us at [email protected].
- Verification of Your Identity. When you exercise these rights and submit a request to us, we or our partners will verify your identity by asking you to authenticate your identity via standard authentication procedures. For example, we may ask for your email address, full name, or street address. We also may use a third-party verification provider to verify your identity.
- Non-Discrimination. If you make a request under the CCPA, we will not discriminate against you in any way. For example, we will not deny you goods or services, charge you different prices or rates for goods or services, deny you discounts or other benefits or impose penalties on you, or provide you with or suggest that you will receive a different level or quality of goods or services.
- Automated Decision-Making. We generally do not use automated decision-making technology, as that term is defined by the CCPA. If we make use of automated decision-making technology, you will be informed through a separate privacy notice.
- Record Retention. We may retain your Personal Information for as long as necessary to fulfil the purpose for which it was collected or to comply with legal or regulatory requirements. We strive to retain your Personal Information no longer than is reasonably necessary to carry out the purposes listed in this Privacy Policy or as required by law. We retain your Personal Information following the end of our arrangement in accordance with applicable law and our data retention and destruction policies.
- We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed personal information for a business purpose to the categories of third parties indicated in the chart below.
| Personal Information Category | Category(ies) of Third-Party Recipients | Business Purpose |
|---|---|---|
| A: Identifiers. | Service providers | To provide our Services to you |
| B: California Customer Records personal information categories. | Service providers | To provide our Services to you |
| C: Protected classification characteristics under California or federal law. | Service providers | To provide our Services to you |
| D: Commercial information. | Service providers | To provide our Services to you |
| E: Biometric information. | None | N/A |
| F: Internet or other similar network activity. | Service providers | To provide our Services to you |
| G: Geolocation data. | None | N/A |
| H: Sensory data. | None | N/A |
| I: Professional or employment-related information. | None | N/A |
| J: Non-public education information. | None | N/A |
| K: Inferences drawn from other personal information. | None | N/A |
You can exercise your rights by contacting us via email at [email protected]. Please select the subject line “Exercising My Data & Privacy Rights”.
Please note that for Services that do not require registration, Ada might not be able to identify and authenticate individual users. In these cases, Ada is neither able nor required under the law to accommodate your request to exercise the rights as described above.
9. Nevada residents
If you reside in Nevada, the information in this section supplements and refines the information provided elsewhere in this privacy policy.
Some Information in this Privacy Policy refers to “Consumer health information” as defined in NRS 603A.430m especially health and symptom information which you provide to us when using our services. Where the purpose of processing your data listed above includes the processing of your Consumer health information and to the extent that those purposes are not necessary to provide a service that you requested according to NRS 603A.500(1)(b), Ada will always ask your explicit consent.
We only collect Consumer health data directly from you. Please be aware that we will also automatically collect data about you, your device or your usage of our services as indicated above. This data does not contain any information about your health.
As a resident of Nevada, you may have certain rights regarding your Consumer health information:
- The right to confirm whether Ada is collecting, sharing, or selling your consumer health data, NRS 603A.505(1)(a)
- and to access this data, including a list of all third parties and affiliates with whom Ada has shared or sold the consumer health data and a contact to these third parties (email or other), NRS603A.505(1)b)
- The right to withdraw consent from the collection, sharing and selling of your consumer health data (where applicable), NRS 603A.505(1)(c)
- The right to have your Consumer health data deleted, NRS 603A.505(1)(d)
You can exercise your rights by contacting us via email at [email protected].
Please note that Services that do not require registration Ada might not be able to identify and authenticate individual users. In these cases, Ada is neither able nor required under the law to accommodate your request to exercise the rights as described above, NRS 603A.510(2). In case of a refusal to exercise your rights, you can appeal that decision via email at [email protected].
10. Washington residents
If you reside in Washington, the information in this section supplements and refines the information provided elsewhere in this privacy policy.
Where the purposes of processing your data listed above includes the processing of your “Consumer health information” as defined under the My Health My Data Act (“MHMDA”) and to the extent that those purposes are not necessary to provide a service that you requested according to Sec. 5 (1) (ii) MHMDA, Ada will always ask your explicit consent.
We only collect Consumer health data directly from you. Please be aware that we will also automatically collect data about you, your device or your usage of our services as indicated above. This data does not contain any information about your health.
As a resident of Washingtons State you may have certain rights regarding your “Consumer health information”:
- The right to confirm whether Ada is collecting, sharing, or selling your consumer health data and to access this data, including a list of all third parties and affiliates with whom Ada has shared or sold the consumer health data and a contact to these third parties (email or other), Sec. 6 (1) (a) MHMDA
- The right to withdraw consent from the collection and sharing of your consumer health data (where applicable), Sec. 6 (1) (b) MHMDA
- The right to have your Consumer health data deleted, Sec. 6 (1) (c) MHMDA
You can exercise your rights by contacting us via email at [email protected]. Please select the subject line “Exercising My Data & Privacy Rights”.
Please note that for Services that do not require registration Ada might not be able to identify and authenticate individual users. In these cases, Ada is neither able nor required under the law to accommodate your request to exercise the rights as described above, Sec. 6 (1) (e) MHMDA.
11. Location and international use of personal information
Ada is a United States company subject to United States law. We will treat your personal information in accordance with the applicable federal and state laws of the United States and this Policy. If you are located outside the United States, please do not use the Services.
We have affiliates, service providers, and other commercial interests across the globe. We may transfer your personal information to countries other than the United States for processing your personal information under our app. For example, we may transfer your personal information to our parent company Ada Health GmbH in Germany as a third-party processor in connection with delivering the Services, based on a data protection agreement. Ada Health GmbH may in turn transfer your personal information to further third-party processors in connection with delivering the Services, but only with those third-party processors with whom we or Ada Health GmbH have a data protection agreement in place. You may request a list of our third-party processors by contacting us at [email protected].
12. How we protect information
We maintain administrative, technical and physical safeguards designed to protect personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Despite such efforts, however, please note that no organization can fully eliminate risks or guarantee the security of personal information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of personal information or other data arising in connection with the theft of the information or other malicious actions.
13. Links to third-party websites
Our Services may contain links or references to third party websites. These websites are outside of our control, and the privacy policies of these sites may differ from our own. Please be aware that we have no control over these third-party websites and this Policy does not apply to such websites. We encourage you to check the terms of use and privacy policies of such websites before disclosing any personal information via such websites.
14. Updates to this Policy
Ada may amend this Policy from time to time, with or without notice to you. We recommend that you visit our Services regularly to keep up to date with any changes. We also try to let you know about major changes to this Policy (for example by putting a notice up on our website).
15. Contact us
The contact details for Ada are as follows:
E: [email protected]
Postal: Ada Health, Inc., The Flamingo House, 33 SE 4th Street, Suite 100, Boca Raton, 33432 Florida, USA