This Policy describes how we collect, use, protect and disclose Personal Information we obtain via the websites we own or control (today or in the future), including, but not limited to, vitalcircle.info, vitalcircle.health and vitalcircle-dev.azurewebsites.net (collectively, the “Sites”), your use of any web-based applications we own or control (today or in the future), including the Vital Circle application (collectively, the “Applications” or “Apps”), and your use of any services we provide through the Sites or the Apps (collectively, together with the Sites and the Apps, the “Services”). You can access the Sites in many ways, including from a computer, tablet, mobile phone or internet enabled device, and this Policy will apply regardless of the means of access. This Policy also governs the use of Personal Information we obtain from you and any third-party site or application where we post content or invite your feedback or participation. Vital Circle cannot control the privacy policies or practices of sites or of companies that we do not own or control and cannot control the actions of people we do not employ or manage.
If you do not want us to collect, use or share your Personal Information in the ways described in this Policy, please do not use the Services. By using the Services, you consent to the collection and use of your information (including Personal Information) by us as identified in this Policy.
If you have any questions about this Policy or wish to exercise your rights under this Policy or any applicable law, please email us at email@example.com or mail us a letter at PO Box 57 Mount Mourne, NC 28123.
The information we learn from and about our customers helps us to personalize and continually improve your experience with us. This section describes what Personal Information we collect and the different ways we collect it. Please note that Personal Information does not include information that is publicly available information from government records or de-identified or aggregated consumer information.
Information We Collect from You
To use some of our Services, we ask you to provide certain Personal Information and, in some cases, require you to register for an account. While using the Services, we collect certain Personal Information including, but not limited to, your name, your email address, gender, date of birth, as well as health and symptom information, vaccination status, COVID-19 testing results documentation and proof of vaccination documentation. In addition, if contact-tracing is part of the client agreement, we will collect the device-to-device interactions through Bluetooth but will not record GPS coordinates or specific location information. Where applicable, we indicate whether you must provide us with your Personal Information in order to use the Services. If you do not provide the Personal Information, you may not be able to benefit from the Services if that information is necessary to provide you with the applicable Services or if we are legally required to collect it.
When you register for an account, we may access and collect the Personal Information you provide, such as your name, contact information (including your mailing and billing address), e-mail address, date of birth, phone number, username and password. We may also ask for additional Personal Information including your mobile phone number and your credit or debit card number or other financial account number. We will also collect and maintain information about all transactions associated with your account.
When you use some of our other Services, you may choose to provide certain information directly to us to request more information about our Services or for other reasons. We will collect, use, share and store this Personal Information consistent with this Policy.
Personal Information Automatically Collected
When you use our Services, our servers automatically record information that your browser or device sends whenever you visit a website or utilize an application. This information may include your IP address, the type of device you are using, the internet service provider or mobile carrier you are using, your device identifiers, your mobile telephone number, your geographic location and your activities within the Services, including the links you click, the pages or screens you view, your session time, the number of times you click a page/screen or use a feature of the Services, the date and time you click on a page or use a feature and the amount of time you spend on a page or using a feature.
Like many websites, our Sites also use “cookie” technology to collect additional website usage data and improve the Sites and our Services. A cookie is a small data file that we transfer to your computer’s hard disk. A session cookie enables certain features of the Sites and is deleted from your computer when you disconnect from or leave the Sites. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Sites. We may use both session and persistent cookies to better understand how you interact with our Sites, to monitor aggregate usage by our users and web traffic routing on our Sites, and to improve our Services. You may also be able to configure your computer or mobile device to limit the collection of these “cookies,” but that limitation may also limit our ability to provide all the Services or functionalities of the Sites or Apps. For more information about cookies, including how to set your internet browser to reject cookies, please go to www.allaboutcookies.org.
We may also automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information may include your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or after you visit our Sites, the pages or other content you view or otherwise interact with on our Sites and the dates and times that you visit, access or use our Sites. We may also use these technologies to collection information regarding your interaction with email messages, such as whether you opened, clicked on or forwarded a message, to the extent permitted under applicable law.
Please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals considering industry developments or legal changes.
Information Collected by Third Parties
We may collect your Personal Information from third-party business partners such as social media sites, ad networks and analytics providers. We may also collect your Personal Information from others that refer you to our Services including our clients who facilitate our ability to provide Services.
Our Services may contain links to other websites. The fact that we link to a website is not an endorsement, authorization, or representation of our affiliation with that third party. We do not exercise control over third-party websites. These other websites may place their own cookies or other files on your computer or mobile device, collect data or solicit Personal Information from you. Other sites follow different rules regarding the use or disclosure of the Personal Information you submit to them. We are not responsible for the content, privacy and security practices, and policies of third-party sites or services to which links or access are provided through our Services. We encourage you to read the privacy policies or statements of the other websites you visit.
We may use your Personal Information for various purposes, including, but not limited to, the following:
We may use the Personal Information and other information we collect for non-marketing purposes including: (1) validating your identity; (2) sending you push notifications, text messages, or emails to provide you with alerts and updates about your account and the Services; (3) processing your transactions; (4) conducting statistical or demographic analysis; (5) complying with legal and regulatory requirements; (6) customizing your experience with the Services; (7) protecting and defending Vital Circle and its affiliates against legal actions or claims; (8) preventing fraud; (9) debt collection; (10) satisfying contractual obligations; (11) cooperating with law enforcement or other government agencies for purposes of investigations, national security, public safety or matters of public importance when we believe that disclosure of Personal Information is necessary or appropriate to protect the public interest; and (12) for other business purposes permitted under applicable law (collectively, “Non-Marketing Purposes”).
Vital Circle also uses the collected data for the following public health objectives:
We may also use information in the aggregate to understand how our users as a group use the Services. Vital Circle will not collect additional categories of Personal Information or use the Personal Information we collect for materially different, unrelated, or incompatible purposes without providing you notice.
We will process your Personal Information for the purposes listed above on the basis of one or more of the following:
III. Who We Share Personal Information With
Except as provided herein, we will not trade, rent, share, or sell your Personal Information to third parties. For business purposes, we may share certain Personal Information we receive from and about you, and about your transactions with us, with our affiliates and certain third parties. Doing so allows us to provide the Services you request. We may also share your Personal Information with the following third parties:
Third-Party Service Providers
Your Personal Information may be shared with or collected by third-party service providers who provide us with services, including, but not limited to data hosting or processing and credit card processing. We require these third-party service providers to exercise reasonable care to protect your Personal Information and restrict their use of your Personal Information to the purposes for which it was provided to them. We do not share your Personal Information with any third-party providers for the purpose of Marketing to you.
We may provide anonymized information to third parties, including governmental agencies for purposes of contact tracing and/or any governmental agency that requires COVID-19 outbreak/cluster data to be reported. Any anonymized information we provide to third parties is not considered Personal Information and is not subject to the terms of this Policy.
Sale of our Business; Bankruptcy
Compliance with Laws and Law Enforcement
Vital Circle cooperates with government and law enforcement officials or private parties to enforce and comply with the law. To the extent permitted under applicable law, we may disclose any information about you, including, but not limited to, your Personal Information, to government or law enforcement officials or private parties as we believe is necessary or appropriate to investigate, respond to, and defend against legal claims, for legal process (including subpoenas), to protect the property and rights of Vital Circle or a third party, to protect Vital Circle against liability, for the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive, or legally actionable activity, to protect the security or integrity of the Services and any equipment used to make the Services available, or to comply with applicable law.
If you use our Services to arrange a shipment or otherwise engage in any transaction involving payment, you may be asked to provide payment information, including, but not limited to, payment card information. We will not ask you, and you are not permitted, to provide any payment card information via email, text, or other electronic means (excluding through the dedicated forms on the Sites and Apps). Any payment card information you properly provide to us is used exclusively to process payments for Services and related products you receive from us. Under no circumstances do we collect or keep payment card information on our servers.
Vital Circle is committed to protecting the security of the Personal Information you provide to us and that we collect about you. We maintain commercially reasonable safeguards to maintain the security and privacy of Personal Information we collect. Nevertheless, when disclosing Personal Information, you should remain mindful that there is an inherent risk in the use of email and the internet. Your information may be intercepted without your consent, collected illegally and used by others. We cannot guarantee the security of any information you disclose online, and you do so at your own risk.
The Services are for use by persons who are at least 18 years of age. If you are younger than 18, you may not access, attempt to access, or use the Services unless you obtain parental consent. We do not knowingly collect or allow the collection of Personal Information via the Services from persons underage, pursuant to applicable law and regulations, without parental consent. We do not knowingly collect or allow the collection of Personal Information via the Services from persons under the age of 13 without parental consent. If we learn that we have collected the Personal Information of someone under the age of 13 without parental consent, we will take appropriate steps to delete this information. If you are a parent or guardian of someone under the age of 13 and discover that your child has submitted Personal Information without your consent, you may contact us at firstname.lastname@example.org and ask us to remove your child’s Personal Information from our systems.
VII. California Residents
California requires operators of websites or similar services to make certain disclosures to users who reside in California regarding their rights, specifically:
Shine the Light
For clarity, we will not trade, rent, share or sell your Personal Information to third parties unless you ask or authorize us to do so. However, if we disclose Personal Information that is primarily used for personal, family, or household purposes of a California user to a third party for said third party’s direct marketing purposes, we will identify such third party along with the type of personal data disclosed, upon your request.
For further clarification, please refer to the “Contact Us” section below. Under California law, businesses are only required to respond to a user’s request once during any calendar year.
Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California law requires that we disclose to users how we treat do-not-track requests. The Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. We have not yet developed features that would recognize or respond to browser initiated Do Not Track signals in response to California law. In the meantime, there are technical means to prevent some of the tracking. See Section “Your Access to and Control Over Your Information”.
Personal Data Rights
California consumers have the right to request access to their personal data, additional details about our information practices and deletion of their personal information (subject to certain exceptions). California consumers also have the right to opt out of sales of Personal Information, if applicable. We describe how California consumers can exercise their rights under the CCPA below. Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney. Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information. We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information. We will not discriminate against you if you choose to exercise your rights under the CCPA and we will not deny you goods or services, charge you a different price, or provide you with a lesser quality of goods or services if you exercise any of your CCPA Rights.
VIII. European Economic Area (“EEA”) Residents
As used herein, “Personal Information” is deemed equivalent to “personal data” as used in the EU General Data Protection Regulation (“GDPR”).
GDPR grants individuals who are in the European Union and European Economic Area certain rights, including:
If you would like to exercise any of the above GDPR rights with respect to your Personal Information, please submit a written request using the information provided in the “Contact Us” section above. Our privacy team will examine your request and respond to you as quickly as possible.
Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We use commercially reasonable efforts to securely store your Personal Information and we store your information no longer than necessary for the purposes we collect your Personal Information.
We are a US based company and by accessing the Services, you grant us expressed consent to transfer your Personal Information to US servers. If you do not wish for us to transfer your Personal Information to the US, you must immediately cease any use of the Site or Services and please contact us using the information in the “Contact Us” section above.
This Policy sets out the privacy principles we follow with respect to transfers of Personal Information from the EEA to the United States, including Personal Information we receive from individuals residing in the EEA who visit our Site and/or who may use of our Services or otherwise interact with us.
We may revise this Policy from time to time in our sole discretion. We will notify you of any material revisions by placing notice of the revised Policy on our website or any place through which you access the Services. Your continued access or use of the Services following any amendments to the Policy constitutes your acceptance of the Policy as amended. It is your sole responsibility to monitor our website for changes to the Policy.
This Policy was last updated in August 2022.