Privacy Policy

Last updated: October 19, 2023

Simple Summary

 

  • Primary Record does not sell personally identifiable information.
  • Information is shared only in limited circumstances to operate the site and software.
  • Personal data, usage data, and other non-identifiable information are collected.
  • Cookies and similar technologies are used for site functionality.
  • Information can be shared with affiliates and third parties for service improvement.
  • Users have rights to opt out and request data deletion.



Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. By accessing or using the Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use the Services. This Privacy Policy is incorporated into our Terms of Service (located at https://www.primaryrecord.com/terms-of-service/) and constitutes part of the Policy as such term is defined therein. Capitalized terms used in this policy but not defined herein shall have the meaning set forth in the Terms of Use. 

 

We reserve the right to change this Privacy Policy at any time. Such changes, modifications, additions, or deletions shall be effective immediately upon notice thereof, which may be given by means of posting a notification on the Site or by other means if required by law, including emailing you to the address associated with your Account. We may make non-substantive updates or clarify existing provisions without notifying our Account holders or other users. It is your responsibility to review this Site and the Policy periodically and to be aware of any modifications. Your continued use of the Services after such modifications will constitute your acknowledgment of the modified Privacy Policy and you agree to be bound by the modified Privacy Policy.

Definitions

“API” stands for Application Programming Interface. In the context of APIs, the word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses.

 

“Affiliate” means an entity that controls, is controlled by or is under common control with a party, where control means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

 

“California Consumer” means, for the purpose of the California Consumer Privacy Act (“CCPA”), a natural person who is a California resident.  

 

“Device” means any device that can access the Site such as a computer, a cellphone, or a tablet.

 

“De-Identified Data” means aggregated, anonymized, and/or de-identified information, which may be derived from your Personal Data or other Information, but which is not capable of being associated, with nor is reasonably linkable to, a particular individual or household.

  

“Personal Data” means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.  

 

“Third-Party Social Media Service” refers to any website or any social network website through which a User can log in or create an account to use the Service.

 

“Usage Data” refers to information regarding how the Services are accessed and used by you. 

How We Collect Information

We may collect the following from you: (i) Personal Data; (ii) Usage Data; and (iii) certain other information which is about you but is not capable of identifying you. The information we collect from you or which you grant us access to may be collectively referred to as “Information.” For clarity, health records you upload, import, or store via the Site are included in the definition of “information” unless otherwise specified herein.

  

Below are descriptions of how we intend to collect certain Information from you. In any case, if any Information or data is provided to us in any manner by any User, this Policy will apply to the same. 

 

  • The Personal Data we collect includes email addresses, names, dates of birth, phone numbers, addresses (including state, postal code, and city). We will collect this from you when you provide it to us, including when you create an Account or otherwise disclose this information to us. 
  • Usage Data is collected automatically when using the Services, and includes but is not limited to your access times, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, content you have accessed or seen, the time spent on certain training modules or pages, and other similar data. Usage Data is collected for every User of the Website and is not intended to be capable of personally identifying you, except that we may associate such Usage Data with your unique identifier in our internal systems. We will collect Usage Data automatically as you navigate the Site. We will also collect Usage Data from certain third parties who we have engaged to perform services for us or who may collect such data from you subject to their own policies, including, as to the publicly available portions of the Site, Google Analytics. 
  • Health records, which may include Personal Data, are only obtained by us when you request that we obtain the same or provide the same to us. 
  • We may request your permission to access pictures and other information from your Device’s camera and photo library, as well as the location of the Device that accesses the Site. Such information may be uploaded to our servers and/or a third-party service provider’s, or it may be simply stored on your Device. You may be able to enable or disable access to this information at any time, through your Device settings.

Information may be obtained from you through the use of cookies and similar tracking technologies, such as beacons, tags, and scripts. 

 

Cookies are files with a small amount of data which may include an anonymous unique identifier. We may make cookies available to give you the best online experience possible. The cookies we use do not contain personally identifiable information; however, once you choose to enter our site with personally identifiable information, that information may be linked to the data stored in the cookie. You may be able to disable cookies through your web browser or via other means, but in such case, we may not be able to provide to you some of the features and functionalities otherwise available via the Website, or your experience with our Services may change.

 

Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as You close you web browser. 

Certain sections of our Services and our emails to you may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Third-Party Social Media Services

The Company may allow you to create an Account and log in to use the Site through Google or another Third-party Social Media Service. If you decide to register through or otherwise grant us access to a Third-Party Social Media Service, we may collect Personal Data or other data that is already associated with your Third-Party Social Media Service’s account, such as you name, email address, activities, or your contact list associated with that account.

 

You may also have the option of sharing additional information with the Company through you Third-Party Social Media Service’s account. If you choose to provide such information, during registration of your Account or otherwise, you are giving the Company permission to use, share, and store any such information in a manner consistent with this Privacy Policy.

Use of Your Information

The Company may use your Information for the following purposes:

 

  • To provide and maintain the Services, including to monitor the usage of our Site, and to improve and tailor our Services; 
  • To manage your Account or assist you in managing your Account;
  • To perform or fulfill Services you request or purchase from us;  
  • To contact you regarding our Services, updates to the same, updates to this Policy, other administrative communications, and to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or inquired about; 
  • To correspond with you regarding offers from third parties who we may partner with for such purpose. If you wish to opt out of communications from us containing third party offers, you may use your Account settings to for such purpose, or reach out to us at trust@primaryrecord.com.
  • To analyze how you interact with our Services and to assist us in determining whether to develop new products and services; 
  • To resolve disputes, troubleshoot problems, and enforce our agreements with you, including this Policy;
  • To prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our information technology systems, architecture, and networks; 
  • For data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience; 
  • To comply with legal obligations and legal processes, and to protect our rights, privacy, safety, or property, and/or that of our Affiliates, you, or other third parties; and 
  • For any other specific purpose that we communicate to you upon collection of the same, and for any purpose that you approve or for which you direct us to use such Information.
 

Please note that we may use such De-Identified Data for any lawful purpose that we deem appropriate, including using the same for our marketing purposes, for demonstrating the use or capabilities of our Services, and for further developing our Services.

Disclosure of Your Information

We may disclose your Information in the following situations:

 

  • We may share your Information with our subsidiaries and Affiliates, and with contractors, third-party service providers, and other third parties who we have engaged in order to continue to develop our Site, improve our Services, and provide the Services to you. For example, we may share your Information with IT service providers, such that they may support our IT systems, provide hosting, processing, and analyzing services with respect to information and data collected, and provide maintenance of such systems, or on the basis of other legitimate interests.  
  • We may share your Information as part of a transfer or assignment if we are acquired by, sold to, or merged with another entity, or otherwise reorganized or liquidated, provided that, if in connection with such sale, merger, or other reorganization, the collection, use, or disclosure or your Information will differ from this policy, you will receive a notification of the same as provided herein above, and you may terminate your Account in your discretion. 
  • We may share your Information in response to legal processes, court orders, or government or regulatory requests; to enforce other agreements with you, including for billing and collection purposes; and if we believe disclosure is necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use, to verify or enforce compliance with the policies governing our sites and applicable laws or as otherwise required or permitted by law or consistent with legal requirements.
  • We may share your Information with credit card issuers and financial institutions in order to obtain payment from you if you agree to make a payment to use for the use of the Services, such that they may process payments and refunds, verify the absence of fraud, or assist in debt collection, in the course of the performance of a contract or on the basis of other legitimate interests. 
  • We may share your Information as appropriate to protect us, other Users, and third parties if we believe that you may harm, or have harmed, the property or rights of Primary Records, other Users, or any other third party, to report, disclose, limit, respond to, or prevent such conduct or activity. 
  • We may disclose your Information for any other purpose with your consent. 

Selling of Data

We will not engage in a sale of your Personal Data without your specific consent and opt-in. There may be instances where we provide you with the option to  opt in to and consent to the sale of such data;  additional terms related to the sale of such data may be provided to you at the point of the opt-in if you should choose to opt-in, and such terms are incorporated herein by reference. 

Health Records

We will limit any use or disclosure of your health records to only those uses or disclosures specified in the sections entitled “Use of Your Information” and “Disclosure of Your Information” which are legally necessary, necessary for us to provide the Services, or which are otherwise approved by you. If we can achieve a purpose or fulfill any requirement by using or disclosing only other types of Information, and not your health records, we will do so. 

 

Further, whenever possible, we will associate your personal information and health data with a token or similar identifier which is capable of associating such information with a specific user, but which is not capable of identifying you personally, prior to providing the same to any service providers or other parties specified herein. 

 

As more fully described in the Terms of Service, we license an API offered by 1upHealth, Inc. (https://1up.health/) to enable you to upload, import, or transfer your health records into the Site. 1upHealth, Inc. may obtain such records from third party Electronic Health Record providers (EHRs). We recommend that you review the policies of 1upHealth, Inc. posted to their website (currently, https://1up.health/) if you have questions about how 1upHealth, Inc. integrates with platforms like the Site.

Retention of Your Information

The Company will retain Personal Data only for as long as is necessary for the purposes set out in this Policy. We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

 

The Company will also retain Information which does not constitute Personal Data (including De-Identified Information and Usage Data) for any period legally allowable and deemed appropriate by Primary Record.

Security of Information

We have put in place industry-standard procedures to safeguard and help prevent unauthorized access, to maintain data security, and to use correctly the Information we collect online. Unfortunately, we cannot guarantee that 100% of the data transmissions are secure. Therefore, while we strive to protect your Personal Data, you acknowledge that: (a) there are limitations to security and privacy of the Internet that are beyond our control; (b) the security, integrity and privacy of the Personal Data exchanged between you and us cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party. As such, you should take special care in deciding what Personal Data you provide or disclose in using the Services. Primary Record is not responsible or liable for the circumvention by third parties of any privacy settings or security measures contained on the Site.

 

As more fully described in this Policy, we may use one or more third party services to import or upload certain Information. Without limiting the provisions of the Policy addressing liability limitations, we are not responsible for, and you hereby waive, any claims, liabilities, or damages arising from or related to our use of third party services to import, upload, or transfer your Information to our Site.

Opt-Out

To the extent we rely on your consent to process any Information, you may revoke that consent at any time. If you wish to revoke such consent, or if at any time you do not wish to receive certain communications from Primary Record, you may either (i) click the opt-out link if such option is made available to you in certain circumstances, such as via email communications or in your Account; or (ii) send your request to us by email at trust@primaryrecord.com. It may take up to ten days for the change to be fully effective. Please note that you may not be able to opt out of all communications from us unless you terminate your Account, such as communications related to this Policy or your Account.

 

Notwithstanding the foregoing, we may continuously maintain any De-Identified Data. 

 

Additionally, you can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.

Payments

We may provide paid products and/or services within the Services. In that case, we may use third-party services for payment processing (e.g. payment processors). We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Account Closure & Deletion

We will retain your Information for the entire time that you keep your Account open. After you close your Account, we may retain your Information: (i) for as long as necessary to comply with any legal requirement, to protect our legal interests, or otherwise pursue our legal rights and remedies; (ii) on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures; and (iii) as to De-Identified Data, indefinitely.

 

To request access or deletion of your data, submit a request at https://www.primaryrecord.com/delete-request/ 

Children’s Privacy

We may ask a registered user to verify their date of birth before collecting any personal information from them. If the registered user is under the age of 13, we may deny Services to that User, or that User may be redirected to a parental consent process. If a minor child under the age of 13 has provided any personal information to us without parental consent, please reach out to us. We do not intentionally store personal information submitted by a child under the age of 13.  If there is a reason for a registered user to have access who is under the age of 13, please contact us at support@primaryrecord.com and we will review each case individually.

 

We also may limit how we collect, use, and store some of the information of Users between 13 and 18 years old. In some cases, this means we will be unable to provide certain functionality of the Service to these Users. If we need to rely on consent as a legal basis for processing your information, we may require a parent’s consent before we collect and use that information.

 

A parent who has already given the Company permission to collect and use their child’s personal information can, at any time: review, correct or delete the child’s personal information, and/or discontinue further collection or use of the child’s personal information. To make such a request, please refer to the process available to you via your Account.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If You click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

California Consumer Privacy Act

The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months, as such categories are more fully defined in the CCPA: (i) identifiers; (ii) personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); (iii) protected classification characteristics under California or federal law; (iv) Commercial information; (v) Geolocation data; (vi) Inferences drawn from other personal information. 

  

We obtain such personal information in the manners described above in the section of this Policy entitled “How We Collect Information.” 

  

We may use or disclose personal information in the manners described above in this section of this Policy entitled “Use of Your Information” and “Disclosure of Your Information” and as otherwise described in this Policy.  

  

We may disclose or share your Personal Information with those parties described in the section of this Policy entitled “Disclosure of Your Information.” 

  

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes, as such categories are more fully defined in the CCPA: (i) Identifiers; (ii) Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); (iii) Commercial information; and (iv) Internet or other similar network activity. Please note that the categories listed above are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.

  

As defined in the CCPA, “sell” and “sale” mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for valuable consideration. We do not sell data without a User’s specific opt-in. For User’s who have opted in, we may sell the following categories of personal information: (i) Identifiers; (ii) Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); (iii) Commercial information; (iv) Internet or other similar network activity. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, you or your authorized representative may submit a request by contacting us or requesting such change through your Account. 

  

If you have reason to believe that a child under the age of 13 has provided us with personal information, please contact us with sufficient detail to enable us to delete that information.

  

The CCPA provides California Consumers with specific rights regarding their personal information. If You are a California Consumer, you have the following rights:

 

  1. The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used. 
  2. The right to request.
    1. Under the CCPA, you have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of personal information. Once we receive and confirm your request, we will disclose to you:
      1. The categories of personal information we collected about you
      2. The categories of sources for the personal information we collected about you
      3. Our business or commercial purpose for collecting or selling that personal information
      4. The categories of third parties with whom we share that personal information
      5. The specific pieces of personal information we collected about you
    2. If we sold your personal information or disclosed your personal information for a business purpose, we will disclose to you:
        1. The categories of personal information categories sold
        2. The categories of personal information categories disclosed
  3. The right to opt out. You have the right to direct us to not sell your personal information. To submit an opt-out request please contact us.
  4. The right to deletion of your personal information. 
    1. You have the right to request the deletion of Your personal information, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our Service Providers to delete) your personal information from our records, unless an exception applies. 
    2. We may deny you deletion request if retaining the information is necessary for us or our Service Providers to:
      1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
      2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
      3. Debug products to identify and repair errors that impair existing intended functionality.
      4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
      5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
      6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent.
      7. Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with us.
      8. Comply with a legal obligation.
      9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
  5. The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer’s rights, including by:
    1. Denying goods or services to you
    2. Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
    3. Providing a different level or quality of goods or services to you
    4. Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services
 

In order to exercise any of Your rights under the CCPA, and if You are a California Consumer, You can contact us via the following methods:

 

  • By email: trust@primaryrecord.com
  • By visiting this page on our website: https://www.primaryrecord.com/contact/
  • By phone: 317-210-0644
  • By mail: PO Box 7036, Fishers, IN 46038A
 

Only you, or a person registered authorized to act on your behalf, may make a verifiable request related to your personal information. Your request to us must:

 

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. We may require heightened verification requirements where the information you are requesting relates to sensitive personal information. 
  • Describe you request with sufficient detail that allows Us to properly understand, evaluate, and respond to it. 
 

We cannot respond to your request or provide you with the required information if we cannot verify your identity or authority to make the request, and confirm that the personal information relates to you. 

 

We will disclose and deliver the requested information free of charge within at least the time frame required by the CCPA. We will respond to at least that number of requests per year required by the CCPA. 

 

For data portability requests, we will select a format to provide you personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, such as a PDF or JSON file.

Additional State Notes

Residents of certain other states in the United States may have the right to request information regarding which the categories of personal information, and/or the specific personal information, we has collected about you and how such information has been used and disclosed; access and delete certain personal information; opt-out of personal data processing for targeted advertising and sales; correct inaccuracies about a user’s personal information; and/or similar rights. 

 

Whether or not Primary Record is subject to the privacy laws of specific US states, we strive to respect your personal information and provide you with details about how we collect, use, and disclose your personal information. You may use the contact information provided in the “California Consumer Privacy Act” section above to contact us with any requests, and we will use our best efforts to respond provide with the information you are requesting within reasonable bounds and subject to our discretion in confirming that providing such information would not risk the privacy of a third party. If a law or regulation governs our conduct and you have rights under such law, we will respond in accordance with such law or regulation. 

 

Contact Us

If you have any questions about this Policy, you can contact us as follows:
By email: trust@primaryrecord.com
By visiting this page on our website: https://www.primaryrecord.com/contactus
By phone: 317-210-0644
By mail: PO Box 7036, Fishers, IN 46038A