Your information. Your rights. Our responsibilities.
LAST UPDATED 1 JULY 2023
If you visit our Site and use any of our Services from outside the United States, please be aware that Personal Information may be collected, stored, and processed in the United States and is subject to the jurisdiction of U.S. state and federal law. Cecelia’s Services are intended for people located in the United States. Please be aware that the data protection laws of the United States might not be as comprehensive as those in your country.
What Information We Collect
Information You Provide to Us Voluntarily
In various places on the Site and Services, we request information from you via forms. The exact information that we need to collect, including Personal Information will depend on the purpose of the form.
“Personal Information” is information that identifies or relates to a particular individual. Examples of Personal Information include, among others, name, email address, phone number, mailing address, and online identifiers.
Information that We Automatically Collect From and About You
Most browsers offer ways to limit or block cookies and other web tracking technologies. Each browser developer provides consumer resources to help manage cookies. Please refer to your browser’s resources to help you with managing settings, (e.g., clearing, caching and deleting cookies.)
Do Not Track
When you use our Site, our servers automatically record you Internet Protocol (IP) Address, browser type, referring URLs (aka: the site you visited before navigated to our Site), domain names associated with your internet service provider, information about your interaction on our Site, and other such information (collectively “Log File Information”). We may also collect similar information from emails we send you which can help us track which emails you open and when you click on links. We also use Log File Information to improve our Site’s function and content, and to identify potential security threats and vulnerabilities.
Disclosure of Personal Information
The Site and Services support the treatment relationship between you and your Provider. For us to provide our Services, we must confidentially disclose Personal Information to your Provider and/or your Provider’s third-party service providers. Our use and disclosure of any Personal Information collected on behalf of the Provider, including PHI, is limited in accordance with applicable privacy laws and our agreements with your Provider or Health Plan.
Payment Services Vendor
Health Information Exchange
We may share information that we obtain or create about you with other health care providers or other health care entities, such as your primary care doctor, hospital, health plan or health insurer, as permitted by law, through Health Information Exchanges (HIEs) to which we are connected. For example, information about your past medical care and current medical conditions and medications can be available to us, if they participate in the HIE as well. Exchange of health information can provide faster access, better coordination of care and assist providers and public health officials in making more informed decisions. You may opt out of sharing information that you provide to us with health information exchanges by contacting us at firstname.lastname@example.org. Even if you choose to opt-out, public health reporting and Controlled Dangerous Substances information, as part of the State Prescription Drug Monitoring Program (PDMP), will still be available to providers as permitted by law.
Our Service Providers
We engage service providers to perform tasks on our behalf and to assist us in operating the Site and Services or providing our products and services. For example, Cecelia may use third-party vendors and hosting companies to provide the necessary hardware, software, networking, storage, and related technology required to operate the Site and Services. We may store encrypted database backups off site with a third-party storage provider to ensure data security in the case of an emergency or catastrophe. We take commercially reasonable steps to help ensure our service providers provide at least the same level of protection for Personal Information as we do.
Companies Involved in Mergers and Acquisitions Transactions
If we sell or otherwise transfer part or the whole of our business or assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, or liquidation), any information collected through the Site and Services, including Personal Information, may be among the items sold or transferred.
Law Enforcement, Government Agencies, and Courts
We may disclose Personal Information at the request of law enforcement or government agencies; in response to subpoenas, court orders, or other legal process; to establish, protect, or exercise our rights; to defend against a legal claim; to protect the rights, property, or safety of any other person; or as otherwise required by law.
How We Protect the Confidentiality of Personal Information
We protect the confidentiality and security of Personal Information we obtain in the course of doing our business. We use commercially reasonable safeguards, such as industry-standard encryption technology, to help keep the Personal Information collected through the Site and Services secure.
Despite these efforts to store Personal Information in a secure operating environment, we cannot guarantee the security of Personal Information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties such as hackers from illegally obtaining access to Personal Information. We do not represent or warrant that Personal Information about you will be protected against, loss, misuse, or alteration by third parties.
Retention and Deletion
We will only retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. Depending on the program, Cecelia may be required to comply witha ten (10) year records retention requirement. This means that, we will only delete Personal Information associated with your account after ten (10) years from the last date of Service or the contract for the Services ends. In some circumstances, your Personal Information may be de-identified, aggregated, or otherwise anonymize consistent with applicable laws and industry standards so that it can no longer be associated with you, in which case it is no longer treated as Personal Information.
Accessing, Updating, or Deleting Personal Information
If you would like to otherwise access, update, or delete Personal Information about you, you may submit a request to email@example.com. We will promptly review all such requests and will respond as required and in accordance with applicable law.
Opting Out of Receiving Electronic Communications
We may send notifications, promotions, or other information via email or text message(“Communications”). When you set up an account you must provide a cell phone number or email address which grants us permission to contact you via text or email. You may choose to stop receiving Communications by indicating your preference in your account profile or settings. Please note that certain Site and Services-related Communications are necessary for the proper functioning and use of the Site and Services (e.g., to verify your account or your identity) and you may not have the ability to opt out of those Communications.
This section applies to our collection and use of “Personal Information” as defined under California law, if you are a resident of California.
Categories of Personal Information Collected, Used, and Disclosed
In accordance with California law, we collected the following categories of Personal Information within the preceding twelve (12) months:
Identifiers such as your name, email address, IP address, and online identifiers;
Certain categories of Personal Information described in subdivision (e) of California Civil Code Section 1798.80;
Internet or other electronic network activity information, including information on your usage of our Website (“Usage Information”);
Information used to create a profile about a consumer reflecting the consumer’s preferences or behavior;
Location data such as the GPS coordinates of a mobile device;
Commercial information, including records of products or services purchased or other purchasing histories; and
Professional or employment-related information.
We share each of these categories of Personal Information with our service providers to the extent necessary for them to facilitate our business purposes (including any purpose specified in Section 2, above).
Additionally, within the past twelve (12) months, some of our online advertisers may have used and disclosed Usage Information collected automatically from the Service. This may be a “sale” as broadly defined under the CCPA. Therefore, we provide you the right to opt out of this “sale” of Personal Information as described, below.
Your California Privacy Rights
If you are a resident of the California, you have the following rights:
Right to Know. You may have the right to request information on the categories of personal information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such personal information is collected and shared. You also have the right to request information on the categories of Personal Information which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your personal information.
Right to Delete. You may have a right to request us to delete Personal Information that we collected from you.
Right to Opt-Out. You have a right to opt-out of certain disclosures of Personal Information to third parties, if such disclosures constitute a “sale” under California law. As noted above, in the past twelve (12) months we enabled advertisers to collect certain information from the Site and Services, which the advertisers may use to improve their interest-based advertising networks. Regardless of whether this is a “sale,” you may opt-out of interest-based advertising as described in Section 3(B), above.
If you would like to exercise your rights listed above, please contact (or have your authorized agent contact) us at firstname.lastname@example.org. When doing so, please tell us which right you are exercising and provide us with contact information to direct our response.
We must verify your identity before fulfilling your requests. If we cannot initially verify your identity, we may request additional information to complete the verification process. Any Personal Information you disclose to us for purposes of verifying your identity will solely be used for the purpose of verification.
You have a right not to receive discriminatory treatment by any business when you exercise your California privacy rights.
We do not knowingly collect or solicit any Personal Information from children. In the event that we learn that we have collected Personal Information from a child, we will promptly take steps to delete that information.
Other Websites and Sites, Including Social Media
We are not responsible for the practices employed by any websites or services linked to or from our Site and Services, including the information or content contained within them. A link to a third party’s website is provided as a convenience and should not be construed as an endorsement by Cecelia. We encourage you to investigate and ask questions before disclosing Personal Information to third parties.