Privacy Policy

EFFECTIVE DATE:

1 February 2021

Hint Inc., doing business as Opul (“us,” “we,” or “Opul”), is committed to respecting your privacy. This Privacy Policy applies to all Opul online or digital services activities, including, www.opul.com  (the “site” or “website”), our other websites, mobile applications (“Apps”) and digital services in which this Privacy Policy is posted or linked (each a “Service,” and together the “Services”).

USERS OF OUR SERVICES

Our Services are provided only in the United States for use by Physicians and U.S. residents that are Patients of those Physicians or more minimally by Visitors. There are three kinds of users of our Services:

  1. A “Physician” is a physician or medical practice that uses our Service to maintain business records and give their patients the ability to subscribe to, pay for and keep a history of their treatments, all supported by the Opul platform, which may be accessed through this site (“Opul platform”).
    Employees and agents of the Physician who use our Services are treated as Physicians under this Privacy Policy.
  2. A “Patient” is an individual with an account on the Opul platform. If you are a Patient, your account with Opul has been created by and is paid for by your Physician.
  3. A “Visitor” is an individual visiting our website or downloading our app without an account on the Opul platform.

OUR RELATIONSHIP WITH PHYSICIANS AND THEIR EMPLOYEES

As a Physician or an employee or agent of a Physician, you create and are in control of the data and information stored in our Services. This Privacy Policy, along with the services agreements entered into by you and your practice, describes how we treat and can use the data and information we collect when you use or access our Services.

OUR RELATIONSHIP WITH PATIENTS OF A PHYSICIAN USING OUR SERVICES

We are a service provider to your Physician, and your Physician is providing our services to you as a benefit of your relationship with that Physician. The records, data and information that are stored by our Services are usually controlled by your Physician and may be subject to HIPAA (described below).

The notices you have received from your Physician and any agreements you have entered into for use of these Services, describes how we treat and can use the data, records and other information about you that may be placed into your account by your Physician. It also describes the data we collect when you access our Services to check on or use your account, and how we treat and can use that data. This Privacy Policy also describes some of those uses and disclosures.

OUR RELATIONSHIP WITH VISITORS

As a Visitor, you do not have an account and Opul does not have any directly identifiable personal information about you, unless you have voluntarily provided it through certain functions that may be offered from time to time on this site, for example if we provide a “contact us” function and you provide us your email address. However, we may collect other Personal Information about you as set forth below. This Privacy Policy describes the data, including Personal Information, we collect when you use this Site and/or access our other Services, and how we treat and can use that data.

WHERE WE STORE YOUR DATA

Opul provides Services only within the United States of America to residents of the United States. When you use our Services, the information you enter will be sent to and stored in our servers in the United States.

If you are visiting our websites or accessing the Services you previously registered for from anywhere outside of the United States, including any part of the European Union, please note that you are expressly agreeing and consenting that your information will be transferred to, processed in and stored in the United States, where we will always treat it as described in this Privacy Policy.

PROTECTED HEALTH INFORMATION

If you are a Patient, our Services are being used by your Physician to store and process information that may include health information that can identify you (known as “Protected Health Information”). The Protected Health Information that we may store, use and disclose depends on what your Physician provides or what you provide as a Patient of your Physician and generally falls into one of these categories:

  1. Information used to identify you, including your name and contact information (e.g., physical address, email address, phone number);
  2. Lists of the treatments you received from your Physician;
  3. Descriptions of any treatment services to which you have subscribed with your Physician; and
  4. Financial information related to your subscriptions, payments and invoices for the services provided by your Physician.

The use and disclosure of your Protected Health Information is governed by the notices provided to you by your Physician and any agreements you may have signed related to the Opul platform and the agreements we have signed with your Physician. This Privacy Policy describes some of those uses and disclosures. It is also possible that your Protected Health Information may be governed by a federal health privacy law called the Health Insurance Portability and Accountability Act (“HIPAA”), which provides you certain rights with respect to your Protected Health Information – all of which can be explained by your Physician.

If you are a Physician or a Visitor, we are not collecting Protected Health Information about you unless you are also a Patient with an account on the Opul Platform, in which case we would collect such information only in your capacity as a Patient.

PERSONAL INFORMATION AND OTHER INFORMATION WE COLLECT

Through our websites and mobile apps and our other Services, we also collect and store data that we use to provide and improve the functionality of our websites and mobile apps and provide the Services as well as to improve those Services. This section will give you more information about the kinds of information we collect, but the specific information we collect will depend on the type of user you are, and whether you are using our app or visiting our website.

  1. Personal Information that is not Protected Health Information. We may collect personal information that is not Protected Health Information for the purposes set forth below. Personal Information means information that identifies you or when combined with other data we may have could be used to identify you.
  2. Financial Data. Opul will collect, record, and maintain a history of transactions between Patients and Physicians. Our Services make those records available to you at any time. Either a Patient or your Physician will also provide Patients’ credit card numbers or other financial account information (“Payment Account Data”) that will be used to process subscription plans and service payments as described in our Terms of Use. Financial Data is considered Personal Information. Opul never directly sees, records, or uses any Payment Account Data other than the last four digits of your payment account number, which we use solely for identity and account verification. Instead, we use a third-party payment processor that complies with the Payment Card Industry Data Security Standard when processing and/or storing such data. Our payment processor’s privacy policy governs Payment Account Data and can be found here: https://www.fiserv.com/en/about-fiserv/privacy-notice.html
  3. Device and Traffic Data. Our website servers automatically recognize and store your domain names, Internet Protocol addresses (the number assigned to your device when it accesses the Internet), device identifiers (small data files or similar data structures stored on or associated with your mobile device or wearable, which uniquely identify your device), and your device’s name, model, operating system and locale – some of which could be considered Personal Information. The Services may also gather anonymous traffic data — for example, the amount of data passing through our Services at any point in time — that does not directly identify you but may be helpful for improving our business and how we serve you.
  4. Cookies and Similar Technologies. Opul automatically collects information about your use of the Services through web technologies that collect data, such as web beacons, pixels, and cookies that we store on your computer or mobile device that you use to access our Services. A “web beacon” is a piece of code that enables us to monitor user activity and website traffic. A “cookie” is a randomly generated unique numeric code stored in the user’s web browser settings or computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (i.e., when it expires), and other data, as well as the randomly generated unique numeric code. Some laws consider the data collected and processed by these web technologies to be Personal Information.
  5. Log Files. When you access our Services, we may automatically record certain log file information, including your request, browser type (when you access our website), referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails we send you to help us track which emails are opened and which links are clicked. The information we collect helps us achieve a better, more accurate understanding of how our Services are used, and how we can improve them. Some of the information in log files is considered to be Personal Information.
  6. Metadata. Metadata is usually technical data that is associated with the entry of specific data into our Services. For example, Metadata can describe how, when, where and by whom a piece of data was created and collected.
  7. Analytics Data. We may use third-party analytics tools to help us measure traffic and usage trends for the Services. These tools collect and use some of the information referenced above and generate analytics data to assist us in improving the Service.

HOW WE USE AND SHARE INFORMATION

Our goal in using and sharing information is to create better services for visitors, and for Patients and your Physician. Here is how we use and share, or not share, the different kinds of information we collect.

  1. Personal Information. We may use your personal information to verify your identity or to follow up with activities initiated on the Services. For example, if you enter into a subscription with a Physician that includes purchases of cosmetic products, we may provide your shipping information (e.g., name, address, phone number and email address) to the seller of those cosmetic products. We may also use your contact information to stay in touch, inform you of any changes to the Services, or to send you additional information about Opul.

We will disclose your Personal Information as stated in this Privacy Policy — including to our service providers under appropriate contractual obligations to assist us in providing the Services. As discussed above, we use a service provider — a third-party payment processor — to process your payments that you may make on the Opul platform. We, and you, provide the payment processor with personal information for that purpose and subject to the payment processor’s privacy policy. We will also disclose and share your Personal Information as necessary to provide you with our Services or as we believe may be necessary to comply with the law.

  1. Data Disclosed to or Accessed by Physicians. Physicians create Patient accounts, and Patient accounts are business records for the Physicians. A Physician will always have access to the account created by that Physician, including all information in it. If a Patient receives treatments from more than one Physician using our Services, each Physician will only be able to access the account created by that Physician.
  2. Anonymous Information. We sometimes collect and use anonymous information to analyze our Services traffic. In addition, we may use anonymous information to help diagnose problems with our server, to administer our Services, or to display content according to your preferences. We may also strip your personal information from data about your use of the Services to create anonymized data that we aggregate with anonymized data of other users (for example, to determine the number of users we have in a particular region or the number of users who receive particular kinds of treatments from their Physicians). We may use anonymous and anonymized information for any legal purpose, including that we may sell anonymous, anonymized, deidentified, or aggregate information generated by the use of our Services to third parties.
  3. Use of Cookies and Similar Technologies. We use the information collected through web technologies (such as cookies, beacons and pixels) to monitor usage patterns, store information about your preferences and to improve the Services. For example, your Personal Information may be used to create customized offers, information and services tailored to your interests and preferences.  We may track your activities over time and across third-party websites, apps or other online services to display advertisements on third-party websites. We may also use this information to save your username, so you don’t have to re-enter it each time you use our Services, or for other purposes.
  4. Required Disclosure of Personal Information. We may disclose personal information, including Protected Health Information, if required to do so by law or in the good-faith belief that such action is necessary to (1) conform to the law or comply with legal process served on Opul or any parent company, subsidiaries or affiliates, (2) protect and defend the rights or property of Opul or the users of the Services, or (3) act under exigent circumstances to protect the safety of the public or users of the Services.
  5. Sale of Opul. As businesses grow and evolve, another company can buy them (or some part of them). If Opul or substantially all of its assets are acquired, user information, including personal information, will be one of the assets transferred to the acquirer. If a company that acquires Opul gets access to your information, it will be bound by this Privacy Policy and/or the other agreements and notices applicable to your personal information, in its treatment of all such information.

CHANGES TO AND DELETION OF PERSONAL INFORMATION

If you are a Physician, you have the ability to access, modify, delete and/or add to the data you provide us, including Patient information.

If you are a Patient and would like to review or request changes to the information that we collect about you, please contact us at opulsupport@revance.com. Because your account may be a business record for your Physician, our ability to make changes to or delete account information may be limited by applicable law, including HIPAA, or as agreed to between you and your Physician.

DATA SECURITY

The Services have security measures in place to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss or misuse to you or to any third party.

DATA RETENTION

Opul will retain Personal Information that you or a Physician input into our Services or Personal Information generated by the Opal platform or in certain circumstances by our other Services (i) for a minimum of seven years following the date it is entered or created; (ii) for such longer minimum time period as may be required by law for specific types of information; or (iii) as may be set forth in services agreements between us and/or your Physician or any specific agreements between you and us (the “Retention Period”). Opul may delete data after the Retention Period, but it is not obligated to do so. Subject to applicable law, Opul also may retain data for longer than the Retention Period, but it is not obligated to do so.

AREAS WE DO NOT OR CANNOT CONTROL

Our Services are used by you and your Physician. We do not input, electronically limit or control the input of any data by your Physician.

NOT A SERVICE FOR USE BY CHILDREN

We understand and are committed to respecting the sensitive nature of children’s privacy online. We provide our Services for use by adults 17 years old and older and do not direct any of our content or Services specifically at persons under 17 years of age. Accounts for Patients under 17 years of age may only be accessed and used by the Patient’s legal guardian. If we learn or have reason to suspect that a Services user is under age 13, we will block that person’s access to the account until it can be verified that the user is over 13. If we learn or have reason to suspect that a Services user is under age 17, we may exercise our right to terminate the account.

HOW TO CONTACT US

If you have any questions about this Privacy Policy, our practices related to this Services, or to exercise any rights you believe you may have with respect to your personal information, please feel free to contact us at opulsupport@revance.com.

UPDATES AND CHANGES

Opul reserves the right to make changes to this Privacy Policy. If we make any material changes to this Privacy Policy, we will notify you in advance through the Services. If we decide to use Personal Information in a manner that is materially different from the uses described in this Privacy Statement or otherwise disclosed to you, you will have the choice to allow or disallow any additional uses or disclosures of your Personal Information. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Policy. The Privacy Policy posted here supersedes all versions published or posted prior to the Effective Date of this Privacy Policy.