ELO HEALTH PRIVACY NOTICE
Last Updated on December 21, 2020
Elo Health, Inc. and its affiliates (collectively, “we,” “our,” “us,” or “Elo Health”) are committed to protecting your privacy and Personal Information (as defined below) about you. This Privacy Notice describes our practices regarding information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household (collectively “Personal Information”) relating to visitors to the Elo Health website (http://elo.health, the “Site”), mobile application (the “Application(s)”) and online services (collectively, the “ Services”) our customers, and prospective customers (“you” or “your”), for what purposes Personal Information may be used, and with whom we may share Personal Information.
The Services include a prescription dietary supplement subscription program that utilizes nutrition-related blood sample (the “Sample” or “Samples”) test results provided by third-party laboratories, as well as information and data received through the Services and from third-parties (e.g., Apple Healthkit) to personalize and deliver dietary and lifestyle goals, supplements, nutrition recommendations, and other nutrition-related products and services that are tailored to your personal wellbeing, needs and goals. By using the Sample collection kits (“Elo Biomarker Kits”), customers collect the Samples and submit them to Elo Health for testing and analysis. These Samples are subjected to a testing process that generates sample data and is analyzed in connection with customer-provided information to produce your unique test results (“Biomarker Test Data”) that Elo Health will use to make personalized supplements, and lifestyle recommendations via the Site, the Application, and other methods. We are committed to protecting the privacy and security of Personal Information which could be used to identify our customers, either alone or in combination with other information. By accessing or using the Services, customers allow us to collect, store, and use their Personal Information that enables us to provide more accurate and personalized supplements and recommendations. Elo Health recognizes and understands the importance of privacy and respects our customers’ desire to store and access Personal Information in a private and secure manner.
2. What Personal Information Do We Collect?
When you subscribe to or use our Services, Elo Health collects and uses several types of information as identified below. These include information you provide directly to us, your Biomarker Test Data, information provided in response to our questionnaires, self-reported information, data we retain in order to improve our data analytics methods and artificial intelligence engine and our Service, data we retain for provisioning our Service and securing payments for same, information we collected through cookies, web beacons, tracking pixels, web analytics, and other types of information we receive about you from third party sources.
a. When You Communicate And Have Health Consultations With Us
When you communicate with us in and through the Site, Application, email us, input or otherwise communicate with us, we collect the following identifiers or professional information that may, alone or in combination with other information, constitute Personal Information:
- Demographic and personal information, such as name, contact information, email address, phone number, birth date;
- General health information, such as information relating to your diet, lifestyle, tastes preferences, and physical activity levels;
- Health consultation information, such as information relating to your Biomarker Test Data, diet, fitness, physical condition, drinking habits, tobacco use, sleeping patterns and habits, medications, and general health; and
- Device and browser information, such as IP address, device type, browser type, browser version;
- Contents of communications sent to us.
b. When You Request Information From Us
When you use the “Contact” functions on the Site, we collect the following identifiers or professional information that may, alone or in combination with other information, constitute Personal Information:
- Physical Address;
- Contact information, such as email address and phone number.
c. When You Provide A Sample
When you subscribe to certain of our Services, you will receive a Elo Biomarker Kit. Once you obtain a Sample using the directions provided with the Elo Biomarker Kit, you must ship your Sample to our third-party laboratories. Once received by the laboratory, your Sample will be identified your Sample will be analyzed by our third-party laboratory, and your results will be made available to you through the Services. The results and analysis may include the following information that may, alone or in combination with other information, constitute Personal Information:
- Biomarker Test Data analysis may include, but is not limited to, biomarker analysis, nutritional analysis, customer-provided information and information we extract or resolve in our testing services; and
d. Information Collected via Technology
Software used on the Site and the Application collects Internet or other electronic network activity information that may, alone or in combination with other information, constitute Personal Information:
- Information from our servers, such as your browser type, operating system, Internet Protocol (“IP”) address, domain name, and/or the date and time you visited the Site (time stamp) and whether you are a first time visitor to the Site.
- Information from your mobile device if you have downloaded our Application(s). Examples of information that may be collected and used include your geographic location, how you use the Application(s), and information about the type of device you use. In the event our Application(s) crash on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our Application(s).
Google Analytics is an element of the Site. By using cookies, Google Analytics collects and stores data such as time of visit, pages visited, time spent on each page of the Site, the Internet Protocol address, and the type of operating system used in the devices used to access the Site. By using a browser plugin available at here provided by Google, you can opt out of Google Analytics.
3. The Sources of Personal Information
We collect Personal Information from the following categories of sources:
- You: When you voluntarily provide Personal Information to us;
- Software: Information automatically collected via cookies, web logs, web beacons, and other software-based analytics tools; and,
- Sample: extracting and analyzing the information from it as it is or by combining with other Personal or non-personal information.
4. Why We Collect Personal Information About You
We use Personal Information about you for the following purposes:
- To provide the Services to you;
- To operate and improve our Services, including through analytics to help us understand how you use the Site and Application, so that we can present content in the best manner;
- To develop and improve our Services;
- To provide you with any information that you request from us. If you do not provide us with the information we need to respond to your request, we may not be able to provide you with the information that you request from us;
- To notify you about changes to the Site, Application and our Services;
- To enable us to issue a notice, administrative, or corrective action to you in relation to the Site, Application or the Services, if required;
- To send you direct marketing messages that you have consented to receive;
- To protect against, identify and prevent fraud and other unlawful activity, claims and other liabilities;
- To comply with applicable legal requirements, industry standards, and our own policies; and
- Where permitted by law, to provide you with information about other products and services we offer that are similar to those that you have already subscribed to or enquired about and we feel may interest you.
- Biomarker Test Data is used to provide you with accurate and personalized recommendations and to generate results that Elo Health will use to make personalized supplements, and lifestyle recommendations via the Site, the Application, and other methods.
Finally, we may use Personal Information for purposes of de-identification. “De-identified Information” or “De-identified Data” as used here is Biomarker Test Data and other data after removing personal identifiers from them. De-identification is a well-established privacy practice followed in our industry whereby information likely to be identified with you will be scrubbed from the Biomarker Test Data, internal records, or other forms of data before using the data for provisioning the Services. De-identification prevents Elo Health from storing Personal Information about you together with your Samples, Biomarker Test Data or other data. Your Samples and Biomarker Test Data are used with Personal Information about you only to the extent necessary and for the purpose of delivering the Service to you and communicating directly with you when necessary. For all other purposes, including for Research and Research Studies, analysis, and improving our except when you have specifically consented to, we use the de-identified data.
5. How We Disclose Personal Information
We disclose the following categories of Personal Information with the following categories of third parties for business purposes:
a. Our affiliates
- Identifiers or professional information
- Professional or employment-related information
- Internet activity information
Affiliates such as subsidiaries that we own.
b. Service providers
- Professional or employment-related information
- Internet activity information
We use service providers (e.g., credit card processors, Sample collection services, electronic data processors, supplements manufacturers, fulfillment and logistics service providers, customer service accelerators, accredited reference laboratories, biomarker, and nutritional testing labs, data storage and data analysis companies and marketing technology companies). Such service providers can only use Personal Information to provide such services to us and for no other purpose.
The results of your Sample analysis will be disclosed to a laboratory consistent with the Informed Consent form, which can be found here.
c. Parties to a corporate transaction or proceeding
- Professional or employment-related information
- Internet activity information
In the event of a corporate sale, merger, reorganization, bankruptcy, dissolution or similar event, Personal Information may be part of the transferred assets.
d. Public authorities and legal proceedings
We may disclose Personal Information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern the Site, Application and/or the Services; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
e. Apple Health
Elo Health will not exchange any Personal Information with Apple's Health application without your prior approval. Approval is given by you in the relevant settings of the Health application or within the Application during initial user profile setup or via Application settings and can be revoked by you at any time. If you have given your approval, Elo Health may interact with the Health application on your iOS device and read and/or write information between the Application and Health application. You can choose if and to what extent Personal Information is exchanged between Elo Health and Health application by granting or revoking the relevant permissions in Health app settings. Please refer to Apple Health’s privacy notice for further information.
6. Data Retention
7. For California Residents
California Civil Code Section 1798.83 permits the users of the Site who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at firstname.lastname@example.org.
If you are a California resident you may also have the right:
- To request disclosure of the categories and specific pieces of Personal Information collected about you;
- To request the disclosure of the business purpose for collecting or selling Personal Information; the categories of third parties with whom it is shared, and the categories of sources from which Personal Information is collected;
- To request the deletion of Personal Information, subject to the limitations set forth in California Civil Code Section 1798.105(d);
- Not to be discriminated against for exercising the rights guaranteed by California Civil Code Section 1798.100et seq.
For a list of categories of Personal Information collected and the purposes for the processing of that Personal Information, please refer to Sections II and IV above.
b. Requests to Know
You have the right to request that we disclose:
- The categories of Personal Information we collect;
- The categories of Personal Information we have sold or disclosed for a business purpose;
- The categories of sources from which we collect Personal Information about you;
- Our business or commercial purpose for selling or collecting Personal Information;
- The categories of Personal Information sold or shared about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom information was sold;
- The specific pieces of Personal Information collected about you.
Delivery may take place electronically or by mail. We are not required to respond to requests relating to Personal Information more than twice in a 12-month period.
c. Requests to Delete
With certain exceptions, you have the right to request that we delete any Personal Information we have collected about you. Upon receiving a verified request to delete Personal Information about you, we will do so unless otherwise authorized by law.
d. Verifiable Requests
We will acknowledge the receipt of requests to know or requests to delete Personal Information free of charge, within 10 business days. In order to protect your privacy and the security of Personal Information, we may verify your request by asking you to provide additional Personal Information for us to verify your identity. We will respond to your request within 45 calendar days of receipt, provided that we have been able to successfully verify your identity.
You may submit a request to know or a request to delete Personal Information via email@example.com.
e. Sale of Personal Information
We do not sell Personal Information collected in and through the Services. Consequently, we do not have an opt-out functionality relating to the sale of Personal Information on the Site or in the Application.
f. The Right to Non-Discrimination
You have a right not to receive discriminatory treatment for the exercise of your California privacy rights.
g. Authorized Agents
You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.
We take reasonable and appropriate physical, technical, and administrative measures to keep your Personal Information safe and secure and protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Information. We do not warrant or represent that Personal Information about you will be protected against, loss, misuse, or alteration by third parties. You acknowledge and agree that protecting Personal Information is a responsibility shared between you and Elo Health. In this regard, we ask all users of our Service to be responsible for keeping their login IDs, passwords, and other authentication information used to access the Service in a secure manner and maintain strict confidentiality. You should not share account and authentication information with any third parties and should inform Elo Health immediately of any prohibited use of your account or authentication information. Elo Health implements several physical and technical security measures to ensure confidentiality, integrity, security, and availability of Elo Health and customer data by employing industry standard safeguards such as de-identification, pseudonymization, encryption, and data segmentation. Elo Health keeps all Personal Information on secure cloud servers. Only a small group of qualified personnel within Elo health can access the information that can be used to identify you. These are personnel who need that information in order to provide, complete, testing, analysis, and reporting related to the Services. The Personal Information that matches the assigned codes will be kept in a secure, access controlled, and protected database at Elo Health. Only a small group of essential personnel will have access to this secure and protected database. All Elo Health employees, consultants, and others who might have access to your Personal Information must sign confidentiality and non-disclosure agreements that mandate them to keep customer Personal Information confidential and undergo a criminal background check, except where prohibited by law. Your Personal Information may be shared with your health care service provider only with your written permission. Your Samples and their specimens and their remnants, after testing and analysis, will be stored securely with de-identified alphanumeric IDs (with no Personal Information that can identify you).
9. Links to Other Websites
The Site, the Application and the Services are not intended for children under the age of 18. Accordingly, we do not intend to collect Personal Information from anyone we know to be under 18 years of age. We do not intentionally collect, sell, or process the Personal Information of individuals under 18 years of age.
The following sets out how we may use different categories of cookies and your options for managing cookie settings:
a. Required cookies
Because required cookies are essential to operate the Site, you may not be able to use all or parts of our site if you block required cookies.
b. Performance cookies
These cookies collect information about how you use the Site, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies you. Information is only used to improve how the Site functions and performs. From time to time, we may engage third parties to track and analyze usage and volume statistical information relating to individuals who visit the Site. We may also utilize Flash cookies for these purposes.
To learn how to opt out of performance cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.
c. Functionality cookies
Functionality cookies allow the Site to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Site after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on the Site to personalize your visit.
To learn how to opt out of functionality cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.
In addition, we use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to cookies, that are used to track online movements of website visitors. In contrast to cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in web pages. Pixel Tags also allow us to send e-mail messages in a format users can read, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to a user. We do not tie the information gathered by Pixel Tags to our users’ Personal Information.
12. How We Respond to Do Not Track Signals
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time.
13. Changes to This Notice
14. Contact Us
Elo Health, Inc.
435 Yellowstone Ave #121
West Yellowstone, MT 59758