TOIVOA, INC

RAUHA PATIENT FACING DIGITAL PRIVACY POLICY AND NOTICE

This service is provided by Toivoa, Inc

THIS PRIVACY POLICY AND NOTICE DESCRIBES HOW PERSONAL INFORMATION MAY BE COLLECTED, USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Through its digital therapeutic for patients (“Patient”, “you” or “user” with the digital therapeutic being ”Rauha”), Toivoa, Inc (“Toivoa”, “we” or “us”) provides digital prescription therapies designed to improve Patient outcomes. These prescription therapies include data collection, storage, analysis and reporting tools, functions and related services, referred to in this Privacy Policy as the “Service.” We also operate a website for Clinicians and Clinical Partners at [www.toivoa.com/clinical] (the “Site”) through which Clinicians and Clinical Partners view Patient information and monitor Patient use of Rauha and the Service. This Privacy Policy covers how Toivoa collects, receives, uses, processes, retains, and discloses personal information through Rauha and the Service. For more information about how we process personal information in connection with our Site, please see our Clinical Website Privacy Policy.

We may provide additional privacy notices to individuals at the time we collect their personal information. For example, we may provide a specific privacy notice to participants that describes our privacy practices in connection with conducting clinical trials or when you submit your information for recruitment to one of our clinical trials. To the extent that we collect Protected Health Information (“PHI”) that is subject to the Health Insurance Portability and Accountability Act, as amended, our Notice of Privacy Practices would apply. These additional privacy notices may supplement this Privacy Policy or may apply in lieu of this Privacy Policy.

Clinical Partners are hospitals, clinics, practices or other medical groups or healthcare systems that have contracted with Toivoa to permit use of the Service by their respective Clinicians and  Patients; Clinicians are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors to a Clinical Partner) provide health care or related services to Patients; Pharmacy Partners are pharmacies that have contracted with Toivoa to facilitate the use of the Service by their respective Clinicians and Patients; and Patients are individual patients of the Clinical Partner who receive medical treatments or other health care services from one or more Clinicians, or individuals who are properly authorized representatives of any such patient.

Clinicians, Clinical and Pharmacy Partners provide your personal information to Toivoa to register you as a Service user. As you use Rauha and the Service, the information you provide through Rauha and the Service will be viewed by your Clinician and Clinical Partner on the Site to enable your healthcare team to provide therapy and treatment. Clinicians, Clinical and Pharmacy Partners provide your personal information to Toivoa to register you as a Service user.

Rauha and the Service is available only to Patients who have been given the necessary password or similar credentials to access the Service.

CHANGES TO OUR PRIVACY POLICY

We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use Rauha or the Services after the new Privacy Policy takes effect.

PERSONAL INFORMATION WE COLLECT

The categories of personal information we collect depend on how you interact with us, Rauha, and the Services, and the requirements of applicable law.  We collect information that you provide to us and information we obtain automatically when you use Rauha and the Service, as described below.

Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

  • Account Creation.  Patients must be registered on Rauha and have an active account to use the Service. We receive personal information about Patients from a Clinician, Clinical or Pharmacy Partner in order to establish an account and for you to be able to register for and use the Service and identify you as an authorized Patient.  Toivoa may collect personal information when Patients are registered through the Site and confirmed within Rauha.  When registering for Rauha, we collect your email address and password. We combine this information with the personal information about you that we receive from the applicable Clinician, Clinical or Pharmacy Partner to create your user profile and provide you with the Service.

  • Clinical Trial Participants. If you participate in clinical trials that we sponsor, our clinical trial sites may collect personal information such as your driver’s license, passport number, tax identification number, health information related to your medications, medical history, medical insurance details, physical and mental health conditions, diagnoses, treatments, genetic information, and family medical history, and other relevant information in connection with your participation in clinical trials. Please note that the clinical trial site may be a separate “controller” or “business” of your personal information and your personal information may be subject to the clinical trial site’s privacy policy. We collect personal information about you from clinical trial sites only where you have provided your consent to disclose that information to us or as required by law.

  • Regulatory Information. We may collect personal information where required to comply with regulatory requirements, including information relating to any adverse events you may have experienced when using our Service.

  • Patient Advocates. If you are a patient advocate, we may collect personal information such as your name, email address, and phone number.

  • Your Communications with Us. We may collect personal information, such as email address, phone number, or mailing address, when you request information about our Services, register for communications from us, request customer or technical support, or otherwise communicate with us.

Personal Information Collected Automatically

We may collect personal information automatically when you use Rauha and the Service.

  • Automatic Collection of Personal Information. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, browser or device information, location information (including approximate location derived from an IP address if applicable), and service provider. We may also automatically collect information regarding your use of theRauha and the Service, information about the links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use Rauha and the Service.

  • Crash Reports. If you provide crash reports, we may collect personal information related to such crash reports, including detailed diagnostic information about your device and the activities that led to the crash.

  • Cookie Policy (and Other Technologies). We, as well as third parties that provide other functionality on Rauha or the Service, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect information through your use of Rauha or the Service.

    • Cookies. Cookies are small text files that store preferences and facilitate and enhance your experience.

    • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in Rauha or the Service that collects information about engagement on Rauha or the Service.

      Our uses of these Technologies fall into the following general categories:

      • Operationally Necessary. Includes Technologies that allow you access to the Service, applications, and tools that are required to identify irregular behavior, prevent fraudulent activity, improve security, or allow you to use our functionality.

      • Performance-Related. We may use Technologies to assess the performance of Rauha and the Service, including as part of our analytic practices to help us understand how individuals use Rauha and the Service (see Analytics below).

      • Functionality-Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using Rauha or the Service. This may include identifying you when you sign into Rauha or the Service or keeping track of your specified preferences.

  • Analytics. We may use Technologies and other third-party tools to process analytics information on  Rauha and the Service. These technologies allow us to better understand how Rauha and Service are used and to continually improve and personalize Rauha and the Service.

HOW WE USE YOUR PERSONAL INFORMATION

We use your personal information for a variety of business purposes, including to provide our Services, for administrative purposes, and to market our products and Services, as described below.

Provide Rauha and the Service.  We use your information to provide you with Rauha and the Service, such as:  

  • Delivering our Service to you and providing treatment.  For example, Toivoa may use personal information for the purpose of allowing Clinicians, Clinical and Pharmacy Partners to provide treatment and contact you about reminders and treatment effectiveness and alternatives.

  • Communicating with your Clinicians, Clinical and Pharmacy Partners as applicable to review the functionality and effectiveness of treatment, including this and other prescriptions provided by such parties.

  • Creating user profiles.

  • Managing your information and accounts.

  • Processing your financial information to make a payment to you.

  • Providing access to certain areas, functionalities, and features of Rauha or the Service.

  • Answering requests for customer or technical support.

  • Replying to your request for information or comments.

  • Communicating with you about your account, activities on Rauha and the Service, and policy changes.

Administrative Purposes.  We use your information for various administrative purposes, such as:

  • Pursuing our legitimate interests, such as research and development, network and information security, and fraud prevention.

  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity.

  • Measuring interest and engagement in Rauha and the Service.

  • Improving, upgrading, or enhancing Rauha and the Service.

  • Developing new products and services.

  • Ensuring internal quality control and safety.

  • Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy.

  • Debugging to identify and repair errors with Rauha and the Service.

  • Auditing relating to interactions, transactions, and other regulatory and compliance activities.

  • Sharing personal information with third parties as needed to provide Rauha and the Service.

  • Enforcing our agreements and policies.

  • Carrying out activities that are required to comply with our legal obligations.

With Your Consent.  We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

De-identified and Aggregated Information.  We may use personal information to create de-identified and/or aggregated information, such as demographic information, information about the device from which you access Rauha and the Service, or other analyses we create.

We may use your information for other legitimate business purposes as permitted by law.

HOW WE DISCLOSE YOUR PERSONAL INFORMATION 

We disclose your personal information to third parties for a variety of business purposes, including to provide Rauha and the Service, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

Disclosures to Provide Rauha and the Service.  The categories of third parties with whom we may share your personal information are described below.

  • Clinicians and Clinical and Pharmacy Partners.  We will share your personal information with your healthcare team, including Clinicians, Clinical and Pharmacy Partners, which they will access and view through the Site.

  • CRO. If you participate in clinical trials and research, the clinical trial sites may disclose any personal information you provide in conjunction with your participation to the Clinical Research Organization (“CRO”) that we have engaged to manage the research or conduct the clinical trial.

  • Clinical Trial Sites.  If you request to be matched with a clinical trial site through Rauha and the Service, we may share your personal information with the clinical trial site so that the clinical trial site can contact you about participating in the trial.

  • Service Providers. We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.

  • APIs/SDKs. We may use third-party application program interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of Rauha and the Service. For more information about our use of APIs and SDKs, please contact us as set forth in “Contact Us” below.

We may also share your information with third parties as appropriate and permitted by law. The privacy choices you may have about your personal information are determined by applicable law and are described below.

Disclosures to Protect Us or Others.  We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal processes, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

Disclosure in the Event of Merger, Sale, or Other Asset Transfers.  If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.

YOUR PRIVACY CHOICES AND RIGHTS

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.

  • Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding our Services or updates to our Terms or this Privacy Policy). 

  • Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.

  • Mobile Devices. We may send you push notifications through your mobile device. You may opt-out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information through your mobile device. You may opt out of this collection by changing the settings on your mobile device.

  • Phone calls. If you receive an unwanted phone call from us, you may opt out of receiving future phone calls from us by following the instructions that may be available on the call or by otherwise contacting us as set forth in “Contact Us” below.

  • Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Your Privacy Rights.  In accordance with applicable law, you may have the right to:

  • Access to and Portability of Your Personal Information, including: (i) confirming whether we are processing your personal information; (ii) obtaining access to or a copy of your personal information; and (iii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”).

  • Request Correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information.

  • Request Deletion of your personal information.

  • Request Restriction of or Object to our processing of your personal information where the processing of your personal information is based on our legitimate interest.

  • Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing and will not affect the lawfulness of processing before the withdrawal.

SECURITY

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot guarantee or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized access, use, disclosure, or loss of personal information.

By using Rauha and the Service or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of Rauha and the Service. If we learn of a security system breach, we may attempt to notify you electronically by posting a notice on Rauha and the Service, by mail, or by sending an email to you.

RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Policy for as long as you use Rauha and the Service, or as necessary to fulfill the purpose(s) for which it was collected, provide our service, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws, or based upon other criteria, including, but not limited to, the sensitivity and volume of such data.  Additionally, we endeavor to retain all such personal information in accordance with legal requirements.

CALIFORNIA SHINE THE LIGHT

The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties.

CHILDREN’S INFORMATION

Rauha and the Service are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children.  If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected unless we have a legal obligation to keep it.

THIRD-PARTY WEBSITES/APPLICATIONS

Rauha and the Service may contain links to other websites, applications and other websites/applications may reference or link to Rauha and the Service. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications.  Providing personal information to third-party websites or applications is at your own risk.


CONTACT US

If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy please contact us at:

Toivoa, Inc.

8 The Green, Suite # 15296, Dover, DE  19901

support@toivoa.com