Privacy Policy

Privacy Policy

Last Updated: October 25, 2024

Introduction

This Privacy Policy ("Privacy Policy") describes the data protection practices of Coby Health LLC and its affiliates (collectively, "Coby," "we," "our," or "us"), including when you visit any Coby website that links to this Privacy Policy (including cobyhealth.com) (collectively, our “Websites”), use any affiliated mobile applications (the “Apps”), or otherwise provide data to Coby. We refer to the Websites, Apps, and other services provided by Coby together in this Privacy Policy as the "Services." This Privacy Policy is incorporated into our Terms of Service. All capitalized terms used in this Privacy Policy but not defined herein have the meanings assigned to them in the Terms of Service.

If you are a Washington state resident, please review our Washington My Health My Data Privacy Policy.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

This Privacy Policy contains the following sections:

• Protected Health Information
• The Information We Collect and the Sources of Such Information
• Purposes for How We Use Your Information
• Online Analytics and Advertising
• How We Share and Disclose Your Information
• Your Marketing Choices
• Your Rights
• Third-Party Services and Notice About Health Information
• How We Protect Your Information
• Privacy Information for California Residents
• Privacy Information for Nevada Residents
• Limitation on Use by Minors
• Retention of Your Information
• Revisions to Our Privacy Policy
• Contacting Us
• Cookie Notice
• Notice of Privacy Practices for PHI

PROTECTED HEALTH INFORMATION

When you set up an account with Coby through the Services, you are creating a direct customer relationship with Coby that enables you to access and/or utilize the various functions of the Services as a user. As part of that relationship, you provide information to Coby, including but not limited to, your name, email address, shipping address, phone number and certain transactional information, that we do not consider to be "protected health information" or "medical information".

However, in using certain components of the Services, you may also provide certain health or medical information that may be protected under applicable laws. Coby is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, " HIPAA"). One or more of the Labs, Pharmacies or Medical Groups (as defined in our Terms of Service) may or may not be a "covered entity" or "business associate" under HIPAA, and Coby may in some cases be a "business associate" of a Pharmacy or Medical Group. It is important to note that, while state-specific privacy laws may apply, HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Coby, the Medical Groups, the Providers, the Pharmacies or the Labs. To the extent Coby is deemed a "business associate" however, and solely in its role as a business associate, Coby, may be subject to certain provisions of HIPAA with respect to "protected health information," as defined under HIPAA, that you provide to Coby, the Medical Group or the Providers (" PHI"). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, "Protected Information"), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.

The Medical Groups and Providers have adopted a Notice of Privacy Practices that describes how they use and disclose Protected Information. By accessing or using any part of the Service, you acknowledge receipt of the Notice of Privacy Practices from your Medical Group and Provider(s).

By accessing or using any part of the Services, you understand and agree that even if HIPAA does apply to Coby, the Medical Groups, the Providers, the Pharmacies or the Labs, any information that you submit to Coby that is not intended and used solely for the provision of diagnosis and treatment by the Medical Group and Providers, prescription fulfillment by the Pharmacies or laboratory services by the Labs, is not considered Protected Information, and will only be subject to our Privacy Policy and any applicable state laws that govern the privacy and security of such information. For purposes of clarity, information you provide to Coby in order to register and set up an account on the Services, including name, username, email address, shipping address and phone number, are not considered Protected Information

THE INFORMATION WE COLLECT AND THE SOURCES OF SUCH INFORMATION

We obtain information about you through the means discussed below when you use the Services. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use part or all of our Services.

1. Information You Provide to Us

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

• Account and product registration and administration of your account
• Processing your orders and requests for treatment
• Questions, communications, or feedback you submit to us via forms or email
• Your participation in research, surveys, contests, and sweepstakes
• Requests for customer support and technical assistance, including through online chat functionalities
• Uploads or posts to the Services
• Employment applications you submit

‍The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you includes:

• Name, address, telephone number, date of birth, and email address
• Information about your medical conditions, treatment options, physician referrals, lifestyle and personal preferences, prescriptions, medical photos, and lab results or other related health information, such as your physical and emotional characteristics
• Log-in credentials, if you create an account
• Billing and financial information, such as shipping address, credit or debit card number, verification number, and expiration date, collected by our payment processors on our behalf
• Identity verification information (e.g. driver's license or other government-issued ID card or number), and your signature (if required for notarization purposes)
• Information about purchases or other transactions with us
• Information about your customer service and maintenance interactions with us
• Demographic information such as your gender, race/ethnicity, and age, marital status and number of children, and similar information that may be required in connection with the Services
• Information about others, such as if you share a family or friend's email address or contact information to allow access to your information or name them as an emergency contact
• User-generated content you post in public online forums on our Services or share with other users
• Your location
• Any other information you choose to directly provide to us in connection with your use of the Services.

2. Information We Collect Through Automated Means

We collect certain information about your use of the Services and the devices you use to access the Services, as described in this Section. As discussed further below, we and our service providers (which are third-party companies that work on our behalf), may use a variety of technologies, including cookies, SDKs, pixels, and similar tools, to assist in collecting this information.

Our Websites. When you use our Websites, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, your time zone, error logs, and other similar information.

Our Apps. When you use our Apps, we automatically receive certain information about the mobile phone, tablet, or computer used to access the Apps, including a mobile device identifier, IP address, operating system, version, Internet service provider, browser type, domain name and other similar information, whether and when you update the Apps, date and time of use, and how you use the Apps, including time spent in different portions of the Apps.

Location Information. When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, mobile device's GPS signal, information about nearby WiFi access points and cell towers, city/state and or postal code associated with an IP address) from your computer or mobile device. This information allows us to enable access to content that varies based on a user's general location (e.g., to provide you with accurate sales tax information and to deliver content customized to your location).

We will ask your permission before collecting your precise GPS location information. In such instances, we will use your precise geo-location information to provide customized services, content, promotional offers and other information that may be of interest to you. If you no longer wish for us and our service providers to collect and use GPS location information, you may disable the location features on your device. Please see your device manufacturer settings.

Our Use of Cookies and Similar Online Tools. To collect the information discussed in this Section, and with your consent, we and our service providers use web server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. We use these technologies to offer you a more tailored experience.

• A web server log is a file where website activity is stored.
• An SDK is a set of tools and/or code that we embed in our Apps and software to allow third parties to collect information about how users interact with the Services.
• A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer/device; (ii) store your preferences and settings; (iii) understand the parts of the Services you have visited and used; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
• Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to: (1) collect usage information like ad impressions or clicks and email open rates; (2) measure popularity of the Services and associated advertising; and (3) access user cookies.

‍

As we adopt additional technologies, we may also gather information through other methods.  

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Google Chrome; Mozilla Firefox; or Apple Safari). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe's Setting Manager page. Please note that by blocking, disabling, or managing any or all cookies or other technologies, you may not have access to certain features, offerings, or functionalities of the Services.

3. Information We Collect From Social Media and Other Content Platforms

When you "like" or "follow" us on Facebook, Instagram, Twitter, or other social media platforms, we may collect some information from you including your name, email address, and any comments or content you post relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media platforms.

If you access the Services through a third-party connection or log-in (e.g., through a social network or third-party authentication tool), you may allow us to have access to and store certain information from such third parties depending on your settings on such services. If you do not wish to have this information shared, do not use these connections to access the Services. For a description of how these third parties handle your information, please refer to their privacy policies and terms of use, which may permit you to modify your privacy settings.

4. Information We Receive From Other Sources

We work closely with third parties (including, for example, third-party service providers, such as physicians, medical professionals, and pharmacies to provide you with the Services and their services, as well as with advertising networks, analytics providers, marketing partners, and search information providers). Such third parties will sometimes provide us with additional information about you.

PURPOSES FOR HOW WE USE YOUR INFORMATION

In connection with providing you with the Services, we may use your information for our business purposes to:

• Carry out, improve, and manage the Services and, as applicable, facilitate the provision of health care services to you by physicians or other health care providers and ensure that the physicians or health care providers have the services and support necessary for health care operations.
• Engage in internal research to understand the effectiveness of our Services, improve our Services, and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.
• Communicate with you about the Services, your use of the Services, or your inquiries related to the Services and send you communications on behalf of physicians, pharmacies, or other health care providers utilizing the Services to meet your needs.
• Communicate with you (in accordance with applicable legal requirements) by email, postal mail, or phone about surveys, promotions, special events or our products and Services and those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners.
• Provide you with technical support and customer service, and troubleshoot any technical issues or errors.
• Verify your identity and administer your account, including processing your payments, fulfilling your orders, and verifying the authenticity of your government-issued identification photo.
• Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
• Provide you with more relevant advertisements and personalized content, and measure or understand the effectiveness of advertising and content we serve to you and others, and to deliver and customize relevant advertising and content to you.
• Help us better understand your interests and needs, such as by engaging in analysis and research regarding use of the Services.
• Comply in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others, including to prevent potentially prohibited or illegal activities.
• Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others, such as protecting against malicious, fraudulent, or illegal activity.
• For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
• Any health information we collect about you may also be subject to additional protections under your state’s laws. We will only use, process and disclose that information, and will instruct any third-party who process that information on our behalf to use health data, in accordance with applicable laws and regulations in your state of residence.

‍

Combined Information. For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use and share such combined information in accordance with this Privacy Policy and your consent where required by applicable law.

Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device ("Aggregate/De-Identified Information"). We may use Aggregate/De-Identified Information for any purpose, including for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.

ONLINE ANALYTICS AND ADVERTISING

1. Online Analytics

We may use third-party web analytics services (such as those of Google Analytics (including Google Signals, Google User-ID, and other Google Analytics features) and MixPanel) on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; try to locate the same unique users across multiple browsers or devices to better tailor services and features; and provide certain features to you. If you have a Google account with personalized advertising enabled, through Google Signals, Google will also be able to gather for us analytics and engagement information from across the various devices you use to access the Services. To prevent Google from using your information for analytics (including cross-device tracking for personalization purposes), you may install the Google Analytics Opt-out Browser Add-on by clicking here. And to opt out of Google Signals, please open your "Settings" app, locate and tap "Google," select "Ads," and turn ON "Opt out of Ads Personalization." You may also be able to disable cross-device tracking through your Android or Apple device-based settings.

If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

‍2. Online Advertising

The Services may integrate third-party advertising technologies (e.g., ad networks and ad servers such as Facebook, Google Ad Words, TikTok, Criteo and others) that use cookies, pixels, and other technologies to deliver relevant content and advertising for Coby products on the Services, as well as on other websites you visit and other applications you use. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services.

We sometimes provide our customer information (such as email addresses) to service providers, who may "match" this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, in order to provide you with more relevant ads when you visit other websites and mobile applications. We may also share customer information such as your email address with third-party advertising networks that use such information to better target advertising to you regarding Coby products and services, as well as other products and services, as you browse the internet.

We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Services by non-affiliated third-party advertising network services. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link (https://optout.networkadvertising.org/), the Digital Advertising Alliance’s Consumer Opt-Out link (https://optout.aboutads.info/), or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. If you are interested in more information about Criteo’s privacy practices or opting-out of Criteo’s advertising services, you may view their Privacy Policy. To opt out of Google Analytics for display advertising or customize Google display network ads, visit the Google Ads Settings page. To update your advertising preferences with Facebook, click here. To update your advertising preferences with TikTok, click here. We do not control these opt-out links, whether these opt-out links change over time, or whether any particular company chooses to participate in the industry opt-out programs listed above. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.

Please note that if you exercise the opt out choices above, you will still see advertising when you use the Services, but it will not be tailored to you based on your online behavior over time.

‍3. Mobile Advertising

When using our or third-party mobile applications, you may also receive tailored in-application advertisements. We may use third-party service providers to deliver advertisements on mobile applications or for mobile application analytics. Each operating system, iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices provides its own instructions on how to prevent the delivery of tailored in-application advertisements. We do not control how the applicable platform operator allows you to control receiving personalized in-application advertisements; thus, you should contact the platform provider for further details on opting out of tailored in-application advertisements. You may review the support materials and/or the device settings for the respective operating systems to opt-out of tailored in-app advertisements.

4. Notice Concerning Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals. To learn more about Do Not Track, you can do so here.

HOW WE SHARE AND DISCLOSE YOUR INFORMATION

NOTICE: We may sell your sensitive personal data.

We may share your information for our business purposes in the following ways:

• Affiliates and Subsidiaries. We may share information we collect within Coby or any other Coby member or group (i.e., our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries) to deliver products and services to you, ensure a consistent level of service across our products and services, and enhance our products, services, and your customer experience.
• Health Care Providers and Services. We share your information with third-party health care providers: (i) to schedule and fulfill appointments and provide health care services as part of the Services, (ii) to whom you send messages through our Services, and (iii) for other treatment, payment or health care operations purposes, including pharmacy services, upon your request.
• Service Providers. We provide access to or share your information with select third parties who use the information to perform services on our behalf. They provide a variety of services to us, including billing, credit card processing, content/service enhancements, sales, marketing, advertising, analytics, research, customer service, shipping and fulfillment, data storage, IT and security, fraud prevention, payment processing, and auditing, consulting, and legal services. These entities may also include health care organizations, pharmacies, and other third parties we use to support our business or in connection with the administration and support of the Services.
• Advertising Networks (unless you opt out). Please see the "Online Advertising" section above for details about how we share information with advertising partners.
• Joint Service Providers. These are entities that jointly offer or provide services or products with us through the Coby platform. These entities collect and use data in accordance with their own terms and privacy policies.
• Protection of Coby and Others. By using the Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce our Terms of Service, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Coby, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.
• Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
• Public Forums/User Interactions. Certain features of our Services make it possible for you to share comments publicly or with other users. Any information that you post publicly or otherwise is not confidential, and we may use it for any purpose (including in testimonials or other marketing materials). For example, if you submit a product review on one of our Websites, we may display your review (along with the name provided, if any) on other Coby Websites and on third-party websites. Any information you post openly in these ways will be available to the users you shared it with and potentially the public at large, and may be accessible through third-party search engines. Accordingly, please take care when using these features. We are not responsible for how others use the information about you that you share with them regarding the Services.
• Testimonials/Reviews. We may, directly or indirectly, via phone, email, third-party application and other methods, solicit or invite you to submit product or service reviews, written, video, or otherwise. If you choose to submit information in response to this solicitation, including name, likeness, image, product or service review, or any other materials, you consent to our use of your name, likeness, and other information in marketing materials, or testimonials on our website or third-party websites.
• Consent. We may also disclose your information in other ways you direct us to and when we have your consent.
• Aggregate/De-Identified Information. We reserve the right to create Aggregate/De-Identified Data from the information we collect through the Services and our sharing of such Aggregate/De-Identified Data is in our discretion.

We do not share your data internationally at this time.  

YOUR MARKETING CHOICES

You may instruct us not to use your contact information to contact you regarding products, services, promotions and special events that might appeal to your interests by sending us an email at legal@cobyhealth.com. In commercial email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain operational emails, such as those reflecting our relationship or transactions with you.

YOUR RIGHTS

Your local laws may permit you to request that we:

• prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling);
• update or rectify information which is out of date or incorrect;
• delete certain information which we are holding about you;
• oppose, cancel, or restrict the way that we process and disclose certain information;
• transfer your information to a third-party provider of services;
• revoke your consent for the processing of your information.

‍We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests, to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law. If you would like further information in relation to your legal rights under applicable law, or would like to exercise those rights, please email legal@cobyhealth.com. Please be sure to include your name, address (including the state where you reside), and email address so we can respond to your request in the time frame required under your state’s laws.  

If you submit a request and we deny your request, you also may have the right to appeal such determination. To appeal, please submit your request with the subject line “Data Rights APPEAL” to legal@cobyhealth.com, along with the original determination and reason for appeal. We will comply with the laws of your state of residence when processing and resolving such appeal request. You may also file a complaint with your state’s attorney general if you think your appeal or request was not handled in accordance with your state’s laws. You can find contact information for your state’s attorney general at “Find My AG”.

THIRD-PARTY SERVICES AND NOTICE ABOUT HEALTH INFORMATION

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices, including data privacy and security process and standards of any third parties, including physicians and other health care providers using the Services, the manufacturer of your mobile device and other IT hardware and software, and any other third-party mobile application, website, or service to which our Services may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.

HOW WE PROTECT YOUR INFORMATION

Coby takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. As such, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services or via the Internet and that any such transmission is at your own risk.

Where we have given you (or where you have chosen) a password that enables you to access the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The information you share in public areas may be viewed by any user of the Services.

PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Categories of personal information we collect and disclose. Throughout this Policy, we discuss in detail the specific pieces of personal information we collect from and about our users. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect and the categories of third parties to which we disclose personal information. Please note that some of the information we collect through the Services (e.g., medical information), is subject to various health data privacy laws, and is therefore not subject to the CCPA. See the following information to understand more about the categories of personal information we collect that are subject to the CCPA and the third parties to which we disclose it (each item number of personal information category corresponds to the same item number of third-party category)

Category of Personal Information

1. Identifiers and contact information (e.g., name, address, email address, account names)
2. Commercial and transactional information (e.g., information about your purchases)
3. Financial information (e.g., credit card info collected by our payment processors)
4. Internet or other network or device activity (e.g., IP address, browsing history, app usage)
5. Geolocation information (e.g., general location and precise location, with your permission)
6. Demographic and statistical data (e.g., your gender, interests based on products and services you use)
7. Physical characteristics (e.g., photos of you)
8. User-generated content (e.g., information you choose to post in our online forums)
9. Customer service data (e.g., information you provide through a chat or call with Coby’s Care Team)

Categories of Third Parties to Which we Disclose

1. Service providers; our affiliates; health care providers and services; entities for legal and fraud prevention
2. Service providers; our affiliates; health care providers and services; entities for legal and fraud prevention
3. Payment processors; service providers; our affiliates; entities for legal and fraud prevention
4. Service providers; our affiliates; entities for legal and fraud prevention
5. Service providers; our affiliates; entities for legal and fraud prevention
6. Service providers; our affiliates; entities for legal and fraud prevention
7. Service providers; our affiliates
8. Service providers; our affiliates; entities for legal and fraud prevention
9. Service providers; our affiliates; health care providers and services; entities for legal and fraud prevention

The business purposes for which we use the personal information we collect are: manage, facilitate, and improve the Services; research, marketing, and analytics; communicate with users; technical support and customer service; security and fraud prevention; and legal compliance and defense. For more detailed information about how we use and share your personal information, please see the “Purposes for How We Use Your Information” and “How We Share and Disclose Your Information” sections of this Policy above.

Your California Privacy Rights

CCPA Rights Disclosure. If you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

• Inform you about the categories of personal information we collect or disclose about you, the categories of sources of such information, the business or commercial purpose for collecting your personal information, and the categories of third parties with whom we share/disclose personal information.
• Provide access to and/or a copy of certain information we hold about you.
• Delete certain information we have about you.

The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you. We also will take reasonable steps to verify your identity before responding to a request.

If you are a California resident and you would like to exercise any of your data rights under California law, please email us at legal@cobyhealth.com.

Please include your full name, email address and residential address associated with your use of our Services, along with the rights you would like to exercise, so that we can process your request in an efficient manner. If you would like to receive a copy of your medical record in connection with your request, please indicate that in your email message. By requesting your medical record in this way, you are agreeing to receive your medical record in an unencrypted email message.

Sale of Personal Information.

Coby does not, and will not, sell information that identifies you such as your name, email address, phone number, or postal address. Like many companies with an internet presence, we do work with third parties that provide marketing and advertising services to us, including interest-based advertising services, and these third parties may place tags, pixels, cookies, beacons, and other similar tracking mechanisms on our Website and App and collect your online identifiers. Because of the CCPA’s broad definitions of “sale” and “personal information,” making certain online identifiers available to these companies so that they can provide marketing and advertising services to Coby may be considered a “sale” under the CCPA. To opt out of sharing your information with participating third parties for interest-based advertising, please visit the Network Advertising Initiative’s Consumer Opt-Out link (https://optout.networkadvertising.org/), the Digital Advertising Alliance’s Consumer Opt-Out link (https://optout.aboutads.info/), and Your Online Choices. Please note that these opt-outs are device and browser based, so you will need to opt out on each of your devices and browsers. For more information, see the Online Analytics and Advertising Section above.

Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

PRIVACY INFORMATION FOR NEVADA RESIDENTS

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity; however, if you are a Nevada resident who has purchased services from us, you may submit a request to opt out of any potential future sales under Nevada law by sending us an email at legal@cobyhealth.com. Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

LIMITATION ON USE BY MINORS

Our Services are generally intended for use by individuals who are at least eighteen (18) years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Services. The Services are not designed or intended to attract, and is not directed to, children under eighteen (18) years of age. If we obtain actual knowledge that we have collected personal information through the Services from a person under eighteen (18) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form.

‍Please note that we are not required to erase or otherwise eliminate, or enable erasure or elimination of such content or information in certain circumstances, such as, for example, when an international, federal, state, or local law, rule or regulation requires Coby to maintain the content or information; when Coby maintains the content or information on behalf of your Providers (as defined in our Terms of Service) as part of your electronic medical record; when the content or information is stored on or posted to the Website by a third party other than you (including any content or information posted by you that was stored, republished or reposted by the third party); when Coby anonymizes the content or information, so that you cannot be individually identified; when you do not follow the instructions for requesting the removal of the content or information; and when you have received compensation or other consideration for providing the content or information.

RETENTION OF YOUR INFORMATION

Coby may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes, and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Services or Coby. Coby may dispose of or delete any such information at any time except as set forth in any other agreement or document executed by Coby or as required by law.

‍Similarly, the Providers, any pharmacy, and anyother service providers may retain your information for as long as they believe necessary; as long as necessary to comply with their respective legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with their products and/or services. The Providers, any pharmacy, and any other service provider, may dispose of or delete any such information at any time except as set forth in any other agreement or document executed by such parties or as required by law.

‍Other third parties with whom we share your information have their own policies and procedures with respect to how long they may retain your information and how and when they dispose of or delete your information.

REVISIONS TO OUR PRIVACY POLICY

 We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through the Services, so you should review it periodically. The date this Privacy Policy was last revised is identified at the top of the document. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. If we make a material change to the Privacy Policy, we will provide you with appropriate notice in accordance with legal requirements. Your continued use of our Websites or Apps after such amendments (and notice, where applicable) will be deemed your acknowledgment of these changes to this Privacy Policy.

CONTACTING US

If you have any questions or concerns about our Privacy Policy, or if you wish to submit a data subject access, deletion, or opt-out request according to the state law where you reside, please contact our privacy officer at legal@cobyhealth.com. Please be sure to include your name, address (including the state where you reside), and email address so we can respond to your request in the time frame required under your state’s laws.

COOKIE NOTICE

We use cookies to collect information about your browsing activities over time and across different web Services following your use of our Services. They allow us to recognize and count the number of users, to see how users move around the Services when they are using it and assess our internal performance and functionality needs. This helps us to improve the services we provide to you and the way the Services works. You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/.  

In addition to cookies that are “strictly necessary” which are required for the proper operation of our Services, we may use the following cookies:

Functionality cookies: these cookies record information about choices you’ve made and allow us to tailor our Services to you. These cookies mean that when you continue to use or come back to our Services, we can provide you with our Services as you have asked for them to be provided.

These cookies allow us to:

• Save your location preference if you have set your location on your homepage;
• Remember settings you have applied, such as layout, text size, preferences, and colors;
• Show you when you are logged in; and
• Show you when you are logged in; and
• Store accessibility options.

Performance and Analytics cookies: these cookies help us analyze how our Services are accessed, used, or are performing in order to provide you with a better user experience and to maintain, operate and continually improve our Services. They allow us to count visitors and traffic to our Services. All information collected from analytic cookies is aggregated so it is not identifiable.

These cookies allow us to:

• Better understand our Services visitors so that we can improve how we present our content;
• Test different design ideas for pages, such as our homepage;
• Collect information about visitors of our Services such as where they are located and what browsers they are using;
• Determine the number of unique users of our Services;
• Improve our Services by measuring any errors that occur; and
• Conduct research and diagnostics to improve product offerings.

Marketing: We may use Google pixels and Microsoft Bing and Meta marketing cookies to help in our marketing efforts.

Alternatively, you can change your preferences by changing the settings in your browser. Most browsers will allow you to choose the level of privacy settings you want. This lets you control your cookie settings so that you can:

• See what cookies or other locally stored data you’ve got and delete them on an individual basis;
• Block third party cookies or similar technology;
• Block cookies or similar technology from websites;
• Block all cookies or similar technologies from being set; or
• Delete all cookies or similar technologies when you close your browser.
• 
  

For more information on how to manage the most popular browsers, please see below.

Microsoft Edge

Firefox

Google Chrome

Safari

NOTICE OF PRIVACY PRACTICES FOR PROTECTED HEALTH INFORMATION

This Notice of Privacy Practices ("Notice") describes how Coby may use and disclose your PHI to carry out treatment, payment, or healthcare operations and for other purposes that are permitted or required by law. This Notice also describes your rights regarding your PHI. We are required by law to maintain the privacy of your PHI, provide you with this Notice of our legal duties and privacy practices, and to abide by the terms of this Notice.

Uses and Disclosures of PHI

‍We may use and disclose your PHI for the following purposes:

a. Treatment: We may use and disclose your PHI to provide, coordinate, or manage your healthcare and related services. This may include communication with other healthcare providers about your treatment and coordinating your care with other providers.

b. Payment: We may use and disclose your PHI to obtain payment for healthcare services provided to you. This may include contacting your insurance company to verify your coverage, billing and collection activities, and sharing PHI with other healthcare providers, insurance companies, or collection agencies.

c. Healthcare Operations: We may use and disclose your PHI for healthcare operations, including quality assessment, improvement activities, case management, accreditation, licensing, credentialing, and conducting or arranging for medical reviews, audits, or legal services.

d. As Required by Law: We may use and disclose your PHI when required to do so by federal, state, or local law.

e. Public Health and Safety: We may use and disclose your PHI to prevent or control disease, injury, or disability, to report child abuse or neglect, to report reactions to medications or problems with products, and to notify persons who may have been exposed to a communicable disease or may be at risk of spreading a disease or condition.

f. Health Oversight Activities: We may disclose your PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, and licensure.

g. Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.

h. Law Enforcement: We may disclose your PHI for law enforcement purposes, such as to report certain types of wounds or injuries, or to comply with a court order, warrant, or other legal process.

i. Research: We may use and disclose your PHI for research purposes when the research has been approved by an institutional review board and privacy protections are in place.

j. Organ and Tissue Donation: If you are an organ donor, we may disclose your PHI to organizations that handle organ procurement, transplantation, or donation.

k. Workers' Compensation: We may disclose your PHI for workers' compensation or similar programs that provide benefits for work-related injuries or illnesses.

l. Military and Veterans: If you are a member of the armed forces, we may disclose your PHI as required by military authorities.

m. Inmates: If you are an inmate, we may disclose your PHI to the correctional institution or law enforcement official having custody of you.

‍Your Rights Regarding PHI

You have the following rights with respect to your PHI:

a. Right to Inspect and Copy: You have the right to inspect and copy your PHI that we maintain, with certain exceptions. To request access, submit a written request to our Privacy Officer. We may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.

b. Right to Amend: You have the right to request an amendment to your PHI if you believe it is incorrect or incomplete. To request an amendment, submit a written request to our Privacy Officer, specifying the information you believe is incorrect and why. We may deny your request if we believe the information is accurate and complete, or if we did not create the information.

c. Right to an Accounting of Disclosures: You have the right to request an accounting of disclosures of your PHI made by us in the past six years, except for disclosures made for treatment, payment, or healthcare operations, and certain other disclosures. To request an accounting, submit a written request to our Privacy Officer.

d. Right to Request Restrictions: You have the right to request a restriction on our use or disclosure of your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request but will consider it. To request a restriction, submit a written request to our Privacy Officer, specifying the restriction you are requesting and to whom it applies.

e. Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. To request confidential communications, submit a written request to our Privacy Officer, specifying how or where you wish to be contacted.

f. Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice, even if you have agreed to receive it electronically. To obtain a paper copy of this Notice, contact our Privacy Officer.

g. Right to be Notified of a Breach: You have the right to be notified in the event that we discover a breach of your PHI.

‍Transmission of PHI

We are committed to protecting the privacy of your PHI and, to the extent the transmission of PHI is subject to HIPAA, will use best efforts to ensure that any electronic transmission of PHI complies with the HIPAA Privacy Rule (45 CFR 164). This includes the use of Secure-Socket Layer (SSL) or equivalent technology for the transmission of PHI, as well as adherence to all applicable security standards for online transmissions of PHI.

‍Changes to This Notice

We reserve the right to change this Notice and the revised Notice will be effective for PHI we already have about you, as well as any information we receive in the future. We will post a copy of the current Notice in our office and on our website. The Notice will contain the effective date on the first page.

‍Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the Secretary of the Department of Health and Human Services. You will not be retaliated against for filing a complaint.

‍Contact Information

To exercise any of your rights, or if you have any questions about this Notice or our privacy practices, please contact our Privacy Officer by email at legal@cobyhealth.com or by regular mail at: Coby Health LLC, Attn: Privacy Officer, 2501 Chatham Rd, Suite N, Springfield, IL 62704.

This Notice is provided in accordance with the Notice of Privacy Practices for Protected Health Information from the Department of Health and Human Services' Model and is applicable across all US states. Rights of Specific Jurisdictions within the US Certain states may have additional privacy protections that apply to your PHI. The following is an example of specific rights in the state of California. If you reside in a state with additional privacy protections, you may have additional rights related to your PHI.

‍California Residents:

a. Right to Access: In addition to the rights described above, California residents have the right to request access to their PHI in a readily usable electronic format, as well as any additional information required by California law. To request access, submit a written request to our Privacy Officer.

b. Right to Restrict Certain Disclosures: California residents have the right to request restrictions on certain disclosures of their PHI to health plans if they paid out-of-pocket for a specific healthcare item or service in full. To request such a restriction, submit a written request to our Privacy Officer.

c. Confidentiality of Medical Information Act (“CMIA”): California residents are protected by the CMIA, which provides additional privacy protections for medical information. To the extent that we are required to comply with HIPAA, we are required to comply with CMIA. 

d. Marketing and Sale of PHI: California residents have the right to request that their PHI not be used for marketing purposes or sold to third parties without their authorization. To request a restriction on the use of your PHI for marketing or the sale of your PHI, submit a written request to our Privacy Officer.

e. Minor's Rights: If you are a minor (under the age of 18), you have the right to request that certain information related to certain sensitive services, such as reproductive health, mental health, or substance use disorder treatment, not be disclosed to your parent or guardian without your consent. To request a restriction on the disclosure of such information, submit a written request to our Privacy Officer.

If you reside in a state other than California, please consult your state's specific privacy laws for information about any additional rights you may have regarding your PHI. You may also contact our Privacy Officer for more information about your rights under specific state laws.

Coby Health, LLC Privacy Policy: Notice of Privacy Practices for (PHI) - State-Specific Provisions

In addition to the privacy practices described in the Notice, to the extent your use of the Services is subject to HIPAA and/or any applicable state-specific policy, we use best efforts to comply with applicable state-specific privacy laws related to PHI.

The following are examples of a few states with additional privacy protections:

‍New York:

For residents of New York, the New York State Confidentiality of Information Law provides additional privacy protections for HIV-related information, mental health records, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations.

‍Texas:

For residents of Texas, the Texas Medical Privacy Act offers privacy protections beyond HIPAA, including requiring consent for certain disclosures of PHI, additional safeguards for electronic PHI, and specific requirements for the destruction of PHI. We adhere to Texas's specific privacy protections for mental health records and substance use treatment records.

‍Florida:

For residents of Florida, Florida's privacy laws offer additional protections for mental health records, HIV/AIDS-related information, and substance abuse treatment records. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. We implement specific security measures to protect electronic PHI, as required by Florida law.

‍Illinois:

For residents of Illinois, Illinois law provides for specific privacy laws related to mental health records, HIV/AIDS-related information, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. In addition, we will notify patients of any unauthorized access to their electronic PHI, as required by Illinois law.

‍Massachusetts:

For residents of Massachusetts, Massachusetts law provides for specific privacy laws related to mental health records, HIV/AIDS-related information, and genetic testing results. We will obtain written consent before disclosing such information, even for treatment, payment, or healthcare operations. We implement specific security measures to protect electronic PHI, as required by Massachusetts law.