Last Updated: August 8, 2023
This Headway Privacy Policy describes how Therapymatch, Inc. d/b/a Headway and our subsidiaries and affiliated companies (collectively, “Headway”, “we”, “us”) collect, use, and disclose information about you. This Privacy Policy applies to information we collect from you as a consumer when you access or use our websites, mobile applications, and other online products and services, or when you otherwise interact with us where we provide this Privacy Policy, such as through our customer support channels (collectively, “Services”). In some circumstances, we may provide different or additional notices of our privacy practices to the extent they apply to you because of the product or services you obtain from us, the capacity in which you engage with us, or different laws that may apply. For example, if you interact with us for products and services covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), our Notice of Privacy Practices applies to you and not this Privacy Policy. If you are a resident of California or Colorado, the Additional California and Other State Notice and Privacy Rights applies to you. If you engage with us in a commercial or business capacity, including as a Provider or a Health Plan representative, please see our California Privacy Notice for Business Customers.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy. We may also provide you with additional notice (such as by adding a statement to the Services or sending you a notification), such as in connection with making material changes to this Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
We collect and use your information in a variety of ways. We collect information you provide directly to us. For example, we collect information directly from you when you create an account, fill out a form, request Services or customer support, or otherwise communicate with us. We also collect certain information from you or your device automatically when you interact with our Services such as activity or usage information. We use this information to provide you Services and for other business purposes. The types of information about you that you provide and that we collect automatically are listed below along with our uses of that information.
Category and Types of Personal Information | Uses of Personal Information |
---|---|
Headway generally collects the Personal Information described below as part of our HIPAA covered products and services. We describe below certain information we might collect to the extent you interact with Headway as a consumer (where HIPAA does not apply), along with our uses of that information. |
|
|
|
|
|
|
|
|
|
|
|
|
|
In addition to collecting information from you, we obtain information from other sources. For example, we may collect and process information from Providers and Health Plans that use our Services.
We may derive information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address.
We will retain your Personal Information for as long as reasonably necessary to carry out the purposes disclosed in this policy.
We disclose the following categories of personal information to the recipients described below for the following business purposes or as otherwise described in this policy:
Category of Personal Information | Recipients and Purposes of Disclosure |
---|---|
Headway generally discloses the Personal Information described below as part of our HIPAA covered products and services. We describe below certain information we might disclose to the extent there might be instances where HIPAA does not apply, along with our purposes of disclosure of that information. |
|
|
|
|
|
In addition, we may disclose any of the categories of personal information listed above for the following purposes:
We also use and disclose aggregated or de-identified information that cannot reasonably be used to identify you.
This section describes how we collect and use non-HIPAA covered information on our Services for our analytical purposes. We engage service providers and/or contractors to provide analytics services across the web and in mobile apps subject to certain written agreements where required by law. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in mobile apps, links clicked, and conversion information. Headway and others may use this information to, among other things, analyze and track data, determine the popularity of certain content, and better understand your online activity.
Google Analytics. We use analytic services such as Google Analytics to manage our operations and better understand how you engage with the Services we provide to you. More specifically, we use Google Analytics to analyze information regarding visits to our Services, including, for example, to measure traffic and flow to our Services, frequency and duration of visits to our site, and how visitors come to our site. Click here to learn about the different ways How Google uses information from sites or apps that use its services, including for analytics, and see the Google Privacy Policy to learn more about its privacy practices and how you can manage your privacy preferences.
Headway is headquartered in and offers Services to those in the United States, and we have operations and vendors in the United States and other countries. Therefore, we and those that perform work for us may transfer your personal information to, or store or access it in, jurisdictions that may not provide levels of data protection that are equivalent to those of your home jurisdiction. Where required by law, we provide adequate protection for the transfer of personal data in accordance with applicable law.
You may update and correct certain account information at any time by logging into your account and editing your information. If you wish to deactivate your account, please contact [email protected], but note that we may retain certain information as required by law or for our legitimate business purposes.
Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.), as amended by the California Privacy Rights Act (“CPRA”), affords consumers residing in California certain rights with respect to their personal information. Privacy laws in Colorado also provide consumers residing in that state certain rights with respect to their personal information. So, in addition to the notices provided above, if you are a California or Colorado resident, this section applies to you as indicated.
California law requires that we provide transparency about personal information we “sell” or “share.” “Sale,” for the purposes of the CCPA, broadly means scenarios in which we have disclosed personal information with partners in exchange for valuable consideration, while “sharing” means we have disclosed information to a third party for cross-context behavioral advertising. In addition, the CCPA has been interpreted to deem this “sharing” to also be a form of “sale.” Accordingly, in the preceding twelve (12) months, Headway has not “sold” or “shared” your personal information to or with third parties for cross-context behavioral advertising, such as targeting of advertising to you based on your personal information obtained from your activity across businesses, websites, apps, and services other than our Services. See the Targeted Advertising and Analytics section above for more information about behavioral advertising.
We do not knowingly sell or share personal information about consumers under the age of 16.
Colorado's privacy law requires that we notify you if we use your information for Targeted Advertising. Targeted Advertising means displaying advertisements to you where the advertisement is selected based on personal information obtained from your activities over time and across nonaffiliated websites or online applications to predict your preferences or interests. We do not use your personal information for targeted advertising.
Subject to certain limitations, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose, (2) request correction of your personal information, (3) request deletion of your personal information, and (4) not be discriminated against for exercising these rights. You may make these requests by sending an email to [email protected]. If we need to further verify your request, we may do so by asking you to provide information related to your interactions with us.
If we deny your request, you may appeal our decision by contacting us at [email protected]. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
Some browsers allow you to enable privacy-controls in the browser's settings to automatically signal your opt-out preference to the websites you visit (e.g., Global Privacy Control). To the extent we are required to offer opt-outs through Global Privacy Control, we honor these signals as a valid request to opt-out of the sharing of information linked to your browser. Please be aware, however, that opt-out preference tools are limited to the browser or device you are using. Also, to maintain your privacy preferences, your browser may save some information in its cookies and cache, and if you clear cookies, you may remove your opt-out preferences so that you may have to opt-out again.
If we receive your request from an authorized agent and they do not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you are an authorized agent seeking to make a request, please contact us at [email protected].
If you have any questions about this Privacy Policy, please contact us at [email protected].