Last Updated: August 8, 2023
Notice of Collection and Uses of Information
We collect and use your information in a variety of ways. We collect information you provide directly to us. For example, we collect information directly from you when you create an account, fill out a form, request Services or customer support, or otherwise communicate with us. We also collect certain information from you or your device automatically when you interact with our Services such as activity or usage information. We use this information to provide you Services and for other business purposes. The types of information about you that you provide and that we collect automatically are listed below along with our uses of that information.
|Category and Types of Personal Information||Uses of Personal Information|
|Headway generally collects the Personal Information described below as part of our HIPAA covered products and services. We describe below certain information we might collect to the extent you interact with Headway as a consumer (where HIPAA does not apply), along with our uses of that information.|
- In addition, we may use the above categories of information to create de-identified, anonymized, or aggregated information that no longer identifies or relates to a specific person. We use such de-identified, anonymized, or aggregated information in accordance with applicable law.
- We may also use the personal information listed above to comply with legal and financial obligations and/or to carry out any other purpose described to you at the time the information was collected.
- Additionally, if you make a payment through our Services, we work with a third-party payment processor that collects and processes your payment information, and we do not directly handle your payment card information.
Information We Collect from Other Sources
In addition to collecting information from you, we obtain information from other sources. For example, we may collect and process information from Providers and Health Plans that use our Services.
Information We Derive
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address.
Retention of Personal Information
We will retain your Personal Information for as long as reasonably necessary to carry out the purposes disclosed in this policy.
Disclosure of Information
We disclose the following categories of personal information to the recipients described below for the following business purposes or as otherwise described in this policy:
|Category of Personal Information||Recipients and Purposes of Disclosure|
|Headway generally discloses the Personal Information described below as part of our HIPAA covered products and services. We describe below certain information we might disclose to the extent there might be instances where HIPAA does not apply, along with our purposes of disclosure of that information.|
In addition, we may disclose any of the categories of personal information listed above for the following purposes:
- We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements.
- We may disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law, or if we believe it is necessary to protect the rights, property, and safety of Headway, our users, the public, or others.
- We disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests.
- We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
- Personal information is disclosed between and among Headway and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership.
- We disclose personal information with your consent or at your direction.
We also use and disclose aggregated or de-identified information that cannot reasonably be used to identify you.
Advertising and Analytics
Transfer of Information to the United States and Other Countries
Headway is headquartered in and offers Services to those in the United States, and we have operations and vendors in the United States and other countries. Therefore, we and those that perform work for us may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law.
You may update and correct certain account information at any time by logging into your account and editing your information. If you wish to deactivate your account, please contact firstname.lastname@example.org, but note that we may retain certain information as required by law or for our legitimate business purposes.
Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.
Additional California and Other State Notice and Privacy Rights
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.), as amended by the California Privacy Rights Act (“CPRA”), affords consumers residing in California certain rights with respect to their personal information. Privacy laws in Colorado also provide consumers residing in that state certain rights with respect to their personal information. So, in addition to the notices provided above, if you are a California or Colorado resident, this section applies to you as indicated.
California Sales and Sharing of Personal Information
California law requires that we provide transparency about personal information we “sell” or “share.” “Sale,” for the purposes of the CCPA, broadly means scenarios in which we have disclosed personal information with partners in exchange for valuable consideration, while “sharing” means we have disclosed information to a third party for cross-context behavioral advertising. In addition, the CCPA has been interpreted to deem this “sharing” to also be a form of “sale.” Accordingly, in the preceding twelve (12) months, Headway has not “sold” or “shared” your personal information to or with third parties for cross-context behavioral advertising, such as targeting of advertising to you based on your personal information obtained from your activity across businesses, websites, apps, and services other than our Services. See the Targeted Advertising and Analytics section above for more information about behavioral advertising.
We do not knowingly sell or share personal information about consumers under the age of 16.
Information Relevant to Other States
Colorado's privacy law requires that we notify you if we use your information for Targeted Advertising. Targeted Advertising means displaying advertisements to you where the advertisement is selected based on personal information obtained from your activities over time and across nonaffiliated websites or online applications to predict your preferences or interests. We do not use your personal information for targeted advertising.
Subject to certain limitations, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose, (2) request correction of your personal information, (3) request deletion of your personal information, and (4) not be discriminated against for exercising these rights. You may make these requests by sending an email to email@example.com. If we need to further verify your request, we may do so by asking you to provide information related to your interactions with us.
If we deny your request, you may appeal our decision by contacting us at firstname.lastname@example.org. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
Opt-out Preference Signals
Some browsers allow you to enable privacy-controls in the browser's settings to automatically signal your opt-out preference to the websites you visit (e.g., Global Privacy Control). To the extent we are required to offer opt-outs through Global Privacy Control, we honor these signals as a valid request to opt-out of the sharing of information linked to your browser. Please be aware, however, that opt-out preference tools are limited to the browser or device you are using. Also, to maintain your privacy preferences, your browser may save some information in its cookies and cache, and if you clear cookies, you may remove your opt-out preferences so that you may have to opt-out again.
If we receive your request from an authorized agent and they do not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you are an authorized agent seeking to make a request, please contact us at email@example.com.