1 February 2021
USERS OF OUR SERVICES
Our Services are provided only in the United States for use by Physicians and U.S. residents that are Patients of those Physicians or more minimally by Visitors. There are three kinds of users of our Services:
- A “Physician” is a physician or medical practice that uses our Service to maintain business records and give their patients the ability to subscribe to, pay for and keep a history of their treatments, all supported by the Opul platform, which may be accessed through this site (“Opul platform”).
- A “Patient” is an individual with an account on the Opul platform. If you are a Patient, your account with Opul has been created by and is paid for by your Physician.
- A “Visitor” is an individual visiting our website or downloading our app without an account on the Opul platform.
OUR RELATIONSHIP WITH PHYSICIANS AND THEIR EMPLOYEES
OUR RELATIONSHIP WITH PATIENTS OF A PHYSICIAN USING OUR SERVICES
We are a service provider to your Physician, and your Physician is providing our services to you as a benefit of your relationship with that Physician. The records, data and information that are stored by our Services are usually controlled by your Physician and may be subject to HIPAA (described below).
OUR RELATIONSHIP WITH VISITORS
WHERE WE STORE YOUR DATA
Opul provides Services only within the United States of America to residents of the United States. When you use our Services, the information you enter will be sent to and stored in our servers in the United States.
PROTECTED HEALTH INFORMATION
If you are a Patient, our Services are being used by your Physician to store and process information that may include health information that can identify you (known as “Protected Health Information”). The Protected Health Information that we may store, use and disclose depends on what your Physician provides or what you provide as a Patient of your Physician and generally falls into one of these categories:
- Information used to identify you, including your name and contact information (e.g., physical address, email address, phone number);
- Lists of the treatments you received from your Physician;
- Descriptions of any treatment services to which you have subscribed with your Physician; and
- Financial information related to your subscriptions, payments and invoices for the services provided by your Physician.
If you are a Physician or a Visitor, we are not collecting Protected Health Information about you unless you are also a Patient with an account on the Opul Platform, in which case we would collect such information only in your capacity as a Patient.
PERSONAL INFORMATION AND OTHER INFORMATION WE COLLECT
Through our websites and mobile apps and our other Services, we also collect and store data that we use to provide and improve the functionality of our websites and mobile apps and provide the Services as well as to improve those Services. This section will give you more information about the kinds of information we collect, but the specific information we collect will depend on the type of user you are, and whether you are using our app or visiting our website.
- Personal Information that is not Protected Health Information. We may collect personal information that is not Protected Health Information for the purposes set forth below. Personal Information means information that identifies you or when combined with other data we may have could be used to identify you.
- Device and Traffic Data. Our website servers automatically recognize and store your domain names, Internet Protocol addresses (the number assigned to your device when it accesses the Internet), device identifiers (small data files or similar data structures stored on or associated with your mobile device or wearable, which uniquely identify your device), and your device’s name, model, operating system and locale – some of which could be considered Personal Information. The Services may also gather anonymous traffic data — for example, the amount of data passing through our Services at any point in time — that does not directly identify you but may be helpful for improving our business and how we serve you.
- Cookies and Similar Technologies. Opul automatically collects information about your use of the Services through web technologies that collect data, such as web beacons, pixels, and cookies that we store on your computer or mobile device that you use to access our Services. A “web beacon” is a piece of code that enables us to monitor user activity and website traffic. A “cookie” is a randomly generated unique numeric code stored in the user’s web browser settings or computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires), and other data, as well as the randomly generated unique numeric code. Some laws consider the data collected and processed by these web technologies to be Personal Information.
- Log Files. When you access our Services, we may automatically record certain log file information, including your request, browser type (when you access our website), referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails we send you to help us track which emails are opened and which links are clicked. The information we collect helps us achieve a better, more accurate understanding of how our Services are used, and how we can improve them. Some of the information in log files is considered to be Personal Information.
- Metadata. Metadata is usually technical data that is associated with the entry of specific data into our Services. For example, Metadata can describe how, when, where and by whom a piece of data was created and collected.
- Analytics Data. We may use third-party analytics tools to help us measure traffic and usage trends for the Services. These tools collect and use some of the information referenced above and generate analytics data to assist us in improving the Service.
HOW WE USE AND SHARE INFORMATION
Our goal in using and sharing information is to create better services for visitors, and for Patients and your Physician. Here is how we use and share, or not share, the different kinds of information we collect.
- Personal Information. We may use your personal information to verify your identity or to follow up with activities initiated on the Services. For example, if you enter into a subscription with a Physician that includes purchases of cosmetic products, we may provide your shipping information (e.g., name, address, phone number and email address) to the seller of those cosmetic products. We may also use your contact information to stay in touch, inform you of any changes to the Services, or to send you additional information about Opul.
- Data Disclosed to or Accessed by Physicians. Physicians create Patient accounts, and Patient accounts are business records for the Physicians. A Physician will always have access to the account created by that Physician, including all information in it. If a Patient receives treatments from more than one Physician using our Services, each Physician will only be able to access the account created by that Physician.
- Anonymous Information. We sometimes collect and use anonymous information to analyze our Services traffic. In addition, we may use anonymous information to help diagnose problems with our server, to administer our Services, or to display content according to your preferences. We may also strip your personal information from data about your use of the Services to create anonymized data that we aggregate with anonymized data of other users (for example, to determine the number of users we have in a particular region or the number of users who receive particular kinds of treatments from their Physicians). We may use anonymous and anonymized information for any legal purpose, including that we may sell anonymous, anonymized, deidentified, or aggregate information generated by the use of our Services to third parties.
- Required Disclosure of Personal Information. We may disclose personal information, including Protected Health Information, if required to do so by law or in the good-faith belief that such action is necessary to (1) conform to the law or comply with legal process served on Opul or any parent company, subsidiaries or affiliates, (2) protect and defend the rights or property of Opul or the users of the Services, or (3) act under exigent circumstances to protect the safety of the public or users of the Services.
CHANGES TO AND DELETION OF PERSONAL INFORMATION
If you are a Physician, you have the ability to access, modify, delete and/or add to the data you provide us, including Patient information.
If you are a Patient and would like to review or request changes to the information that we collect about you, please contact us at email@example.com. Because your account may be a business record for your Physician, our ability to make changes to or delete account information may be limited by applicable law, including HIPAA, or as agreed to between you and your Physician.
The Services have security measures in place to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss or misuse to you or to any third party.
Opul will retain Personal Information that you or a Physician input into our Services or Personal Information generated by the Opal platform or in certain circumstances by our other Services (i) for a minimum of seven years following the date it is entered or created; (ii) for such longer minimum time period as may be required by law for specific types of information; or (iii) as may be set forth in services agreements between us and/or your Physician or any specific agreements between you and us (the “Retention Period”). Opul may delete data after the Retention Period, but it is not obligated to do so. Subject to applicable law, Opul also may retain data for longer than the Retention Period, but it is not obligated to do so.
AREAS WE DO NOT OR CANNOT CONTROL
Our Services are used by you and your Physician. We do not input, electronically limit or control the input of any data by your Physician.
NOT A SERVICE FOR USE BY CHILDREN
We understand and are committed to respecting the sensitive nature of children’s privacy online. We provide our Services for use by adults 17 years old and older and do not direct any of our content or Services specifically at persons under 17 years of age. Accounts for Patients under 17 years of age may only be accessed and used by the Patient’s legal guardian. If we learn or have reason to suspect that a Services user is under age 13, we will block that person’s access to the account until it can be verified that the user is over 13. If we learn or have reason to suspect that a Services user is under age 17, we may exercise our right to terminate the account.
HOW TO CONTACT US
UPDATES AND CHANGES