Privacy

LAST UPDATED: August 31, 2024

Carebox Healthcare Solutions Inc. (“Carebox“, “We”, “Our” or “Us“ provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use and disclosure of information we receive when you visit Our website or use Our applications or any part of Our services (together with Our website and Our applications, the “Service”). We may change the terms of this Policy from time to time by posting notice on Our website at careboxhealth.com, with a five (5) day advance notice. Your continued use of the Service shall constitute your consent to any changes made. If you do not agree to the new or different terms, you should not use the Service. This Policy is an integral part of the Our General Terms and Conditions (the “Terms and Conditions”). We may post on Our website at careboxhealth.com additional ancillary privacy notices with respect to specific portions of the Service.

Privacy Matters

Carebox understands that health is a very personal, private subject, and we want you to feel as comfortable as possible visiting our website and using its services. This statement sets forth our Privacy Policy and advises you about the information we collect, how we collect it, how we secure and protect it, and what choices you have about how that information is used.

Privacy Officer

Our Privacy Officer is Brian Weiss.

If you have questions about this privacy policy or wish to register an inquiry or complaint, please contact the Carebox Corporate Privacy Officer toll free (in the United States) at 1.877.601.8601 or at +1.212.679.0072 or via email at privacy@careboxhealth.com.

Note that for purposes of compliance with the requirements of the General Data Protection Regulation (GDPR), the Carebox Corporate Privacy Officer also serves as the Data Protection Officer.

Information Collection

We collect information from you in distinct areas, as outlined below:

  1. Non-Personally Identifying Information about visitors to our Sites and Applications
  2. Personally Identifiable Information
    1. Information you supply when you create an account with user name and password
    2. Responses to questions you answer in matching / pre-screening questionnaires
    3. Your requests to be contacted by us and your interaction with our Clinical Trial Navigators
    4. Only at your request, we will share your referral information with a trial site so they can contact you about a trial you’ve matched

Personally Identifiable Information.

Carebox is solely responsible for collecting and storing all personally identifiable information provided by visitors to our trial information, matching and referral services, through any of our partner web sites, mobile applications, or services (our “Sites and Applications”).

Personally Identifying Information provided by you or a third party that may personally identify you, including without limitation your medical data shall be used only pursuant to this Policy. We do not claim ownership of the Personally Identifiable Information provided to Us in the use of the Service.

Non Personally Identifiable Information.

Non-Personally Identifying Information may be collected by Us in the following ways:

  • Information that your browser sends when you visit a website or online service (“Log Data”). This Log Data may include, but is not limited to, your computer’s Internet Protocol address, location, browser type, the web page you were visiting before you access the Service and information you search for using the Service.
  • Like many services, We use “cookies” to collect information. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service and to monitor web traffic routing and aggregate usage of the Service. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service.
  • We may use GIFs in order to collect information. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages.
  • We may use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We use these tools to help us improve our Services, performance and user experience. We may also engage third parties to track and analyze Service data or provide other services on Our behalf. Such third parties may combine the information that We provide about you with other information that they have collected. This Policy does not cover such third parties’ use of the data.
  • Other websites and applications may also place or read cookies on your computer’s browser. Please see below the section “Links to Third Party Sites”.

Links to Third Party Sites

Our Service may contain links to third party websites and applications. However this Policy applies only to the Service. We do not exercise control over providers of information, or over banners, other advertisements or links from within the Service. These other sources may place their own cookies or other files on your computer, collect data or solicit personal information from you, and they follow different rules regarding the use or disclosure of the information that you submit. We encourage you to read the privacy policies and other terms of the other sources before using their services.

How We Use Personally Identifiable Information

Personally Identifiable Information is used for the following purposes: (i) to provide the Service, (ii) monitor and analyze use of the Service and for the technical administration and troubleshooting of the Service, (iii) to personalize your experience, (iv) to provide to you service announcements, (v) to provide us with statistical data, (vi) to enforce our Terms of Use, (vii) to better understand your needs both on an aggregated and individualized basis in order to improve our service, (viii) to communicate with you and contact you to obtain feedback from you regarding the Service, and (ix) disclose to third party vendors, service providers, contractors or agents who perform functions on Our behalf. We will disclose Personally Identifiable Information only in accordance with the U.S. Health Insurance Portability and Accountability Act (HIPAA).

How We Use Non Personal Identifiable Information

We use information that is Non-Personally Identifiable Information for the above purposes and in addition in order to (i) take anonymous or aggregate personal information and disclose such data only in a non-personally identifiable manner to organizations approved by Us for marketing, advertising, research, or similar purpose, and (ii) disclose to third party vendors, service providers, contractors or agents who perform functions on Our behalf.

Information Sharing and Disclosure

We may share the information about you, including any information provided by you, as follows:

  • Authorized Disclosure. We may make your Personal Content available to third parties that are authorized by you to receive such content.
  • Aggregate Information and Non-Identifying Information. We may share aggregated information, including queries and offers generated as a result of your use of the Service, that includes non-identifying information and Log Data, with third parties for industry analysis, demographic profiling and other commercial purposes. Any aggregated information shared in these contexts will not contain your Personal Identifiable Information.
  • Combined Information. We may combine certain Personal Identifiable Information with Non Personal Identifiable Information in order to allow us to create information packages and services that are better tailored to your interests and preferences. Among other things, linking this information may allow us generally to improve and personalize the Service. If we combine or link any information with your Personal Identifiable Information, the resulting combination will be treated as Personal Identifiable Information under this Policy.
  • Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect our or a third party’s property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.
  • Other Transfers. In connection with a merger, acquisition, reorganization or sale of all or substantially all of our shares or assets, or in the event of our bankruptcy, We may transfer some or all of our assets, including among others any Personal Content, subject to Our Privacy Policy as in effect immediately prior to such a transfer (except if We notify you otherwise).

Deleting Your Personal Content

Personally Identifiable Information may be maintained in our system for seven years from your last interaction with our Sites and Applications or our services. However, we may delete your Personally Identifiable Information at any time as per our policies.

You may at any time review and delete your Carebox account by sending a request to privacy@careboxhealth.com, and We will delete your account except if required to be retained by applicable law.

Security

We are concerned with safeguarding your Personal Content. We employ a variety of measures designed to protect your Personal Content from unauthorized access and disclosure. However, we do not promise that any information or private communications will be protected from unauthorized disclosure or use.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.

If you receive an e-mail asking you to update your information with respect to the Service, do not reply and please contact us at privacy@careboxhealth.com.

Processing or Transfer

We use third party services in delivery of the Service, such as cloud or internet-based storage and data processing solutions. Such third party services are subject to confidentiality obligations and may use your Personal Content only for fulfilling their obligations to Us.

Your Personal Content may be processed, maintained or transferred outside of your state or country, where the privacy laws may not be as protective as those in your jurisdiction.

Our Policy Toward Children

We do not knowingly collect personal information from minors aged 13 or younger. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at privacy@careboxhealth.com.

GDPR

This Policy was updated in alignment with the General Data Protection Regulation (GDPR) as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. Carebox is a Data Controller as defined in the GDPR and is responsible for ensuring that appropriate GDPR-compliant agreements are in place with all Data Processors that we engage. Carebox has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.

Compliance with the Data Privacy Framework

We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, we commit to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

Under the DPF Priniciples, you have the right to obtain from us confirmation of whether or not we are processing personal data relating to you, to have communicated to you such data so that you can verify its accuracy and the lawfulness of the processing, and to have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Principles. To exercise these rights, write to privacy@careboxhealth.com.

Under the DPF Pricinples, we must offer you the opportunity to choose (opt out) whether your personal information is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. We thus always explicity request your explicit consent before sharing or using or disclosing your personal information in any way. If you have not explicitly consented, we will not use or disclose your personal information. You can opt out of the future use or disclosure of your personal information at any time by writing to privacy@careboxhealth.com.

Under the DPF Principles, in the event of an onward transfer of your information, we remain liable if an agent of ours processes such personal information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.

You may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. For additional details, you can click here to access the DPF Annex on this topic.

Contacting Us

If you have any concerns or questions about this Policy, please contact us at privacy@careboxhealth.com or by phone at +1-877-601-8601 or by writing to:
Privacy Officer (Brian Weiss)
Carebox Healthcare Solutions Inc.
500 Westover Drive, Suite #19356
Sanford, NC 27330