Pathfinder Innovation Portal LLC (“Company”), a limited liability company established in the United Arab Emirates, owns and maintains that Chearful.com is a wellness counselling website (the "Platform").

The Company is dedicated to maintaining privacy protections that provide users a feeling of confidence and clarity whenever using the Platform. Respecting each User’s privacy is one of the most important pillars of Chearful’s operations. 

This Privacy Policy describes the basis upon which any personal data Chearful collects from the User or that the User will provide in using the Platform (collectively, “Personal Data”, further defined below) will be processed in connection with the User’s use of the Platform and the Services (defined below).

Please read this Privacy Policy carefully before using the Platform, to understand our views, policies and practices regarding the User’s Personal Data and how we will treat it.

The Platform will not store, sell, share, rent or lease credit/debit cards’ details and personally identifiable information with any third parties. Chearful will not pass any debit/credit card details to third parties.

Privacy Policy and the User Agreement

The User Agreement, which all Users voluntarily and knowingly agree to enter into by accessing the Platform, and this Privacy Policy constitute all terms and conditions for the use of the Platform. You agree to the handling of your Personal Data in accordance with this Privacy Policy by using the Platform to obtain counselling services. If you do not understand any aspect of the Privacy Policy and/or have any queries in relation to it, please email contact@chearful.com.

The Platform may include links to third-party websites, plug-ins and applications, including those of Counsellors whose services are offered through the use of the Platform. Clicking on those links or enabling those connections may allow third parties to collect or share data about you (the User). The Company does not control these third-party websites and applications; hence, the Company is not responsible for their privacy policies or their use of your personal data. You are encouraged to read the privacy policy of every website and application you visit when you leave the Platform.

Restricted Use of the Platform By Minors - Parent/Guardian Consent

People under the age of 18 are not to use the Platform; parents or guardians shall restrict minors' access to the Platform. The Company does not knowingly collect Personal Data from persons under the age of 18. If you are under the age of 18, you are not authorised to use the Platform, and you shall not provide any information about yourself to us (the Platform). By accessing, using and/or submitting information to or through the Platform, you represent you are not under the age of 18. If the Platform learns we have collected or received Personal Data from a person under the age of 18, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child (or his/her parent or legal guardian) that he/she cannot use the Platform, and we will subsequently delete that information. If you believe we might have any information from or about a person under 18, for which there is no legal parental or guardian consent, please contact us immediately at contact@chearful.com.

Personal Information

Personal Data (or, Personal Information) means any information about an individual from which they can be identified. We may collect, transfer, use and store different kinds of Personal Data about you, which includes but is not limited to -

1. Identity and Contact Data, which includes but is not limited to, billing address, delivery address, email address, and/or telephone numbers;
2. Communications Data, which includes your interactions with The Company via social media platforms, electronic messages, email and other electronic and non-electronic communication;
3. Practitioners’ Data, which includes but is not limited to - title and full name; languages spoken; clinic locations; education and qualifications; relevant expertise, symptoms, and procedures;
4. Financial Transaction Data, which includes but is not limited to, bank account and payment card details, history of payments to and from you and other details of online consultations with Counsellors you have booked through the Platform;
5. Technical Data, which includes but is not limited to, internet protocol (IP) address, browser type and version, login data, make and model (mobile phones only), hardware version, operating system, platform, device settings and other technology identification on the devices used to access the Platform, file and software names and types, time zone setting and location(s), device identifiers, device locations such as through GPS, Bluetooth or Wi-Fi signals, browser plug-in types and versions, browser type, operating system and Platform, connection information such as the name of your mobile operator or ISP, language and time zone, mobile phone number and IP address.
6. Profile Data, which includes but is not limited to, your password and username, bookings or transactions made by you (the User), your interests, feedback, preferences and survey responses.
7. Usage Data, includes but is not limited to, information about how you (the User) use the Platform, how you use your devices to access the Platform (including the searches you make and the screens you visit);
8. Marketing and Communications Data includes but is not limited to, your preferences in receiving marketing from us (the Platform) and our third parties, as well as your communication and communication-related preferences.

Aggregated Data

We collect, share and use aggregated data such as demographic or statistical data for any purpose. Aggregated data may be derived from your Personal Data, but is not considered Personal Data as this data does not directly or indirectly reveal your identity. We may aggregate your usage data to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

If You (the User) Fail to Provide Personal Data

If you fail to provide Personal Data we (the Platform) need to collect by law or under the terms of the agreements we have with you, we cannot perform the agreement we have or are trying to enter into with you. In this case, we may cancel an appointment you have booked through the Platform , but we will notify you about the cancellation.

How is Your (the User’s) Personal Data collected?

To collect data from and about you, we use different methods, including through -

1. Information provided to us through Direct interactions - You (the User), by using the Platform, filing in forms or by corresponding with us via email, phone, in person or otherwise may give us your Identity and Contact Data, Financial Transaction Data, Profile Data and Marketing and Communications Data. This includes Personal Data provided when you apply for or purchase our services; fill in forms or create an account on the Platform; enter a survey; request further information to be sent to you; request marketing materials to be sent to you; give us feedback; contact the support team; subscribe to our services or publications; use our services with a Platform Practitioner; etc.
2. Information we collect about you (the User) through automated technologies or interactions - As you interact with the Platform, we may automatically collect Technical Data about your equipment, patterns and browsing actions. We collect this Personal Data through using server logs, cookies and other similar technologies. If you visit Websites employing our cookies, we may also receive Technical Data about you. Please see our Cookie Policy for further details.
3. We may collect the following information regarding each of your visits to our Platform - Data provided by your Insurer; Information obtained from video consultation; Communications with us through social media platforms, electronic messages, email and other electronic and non-electronic communications; Your networks and connections made available to us from your mobile and desktop devices’ address book contacts and social media platforms (i.e. Facebook, Instagram, Twitter, etc.), depending on the permissions you have granted.
4. Information we receive from publicly available sources and/or third parties - We may receive Personal Data about you from various third parties and public sources such as - Technical Data from analytics providers, advertising networks and search information providers; Contact, Financial or Transaction Data from providers of technical and payment services.

How We Use Your Personal Data

The Platform will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data when it is necessary -

1. For performance of the User Agreement we are about to enter into or have entered into with you - i.e. for processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
2. For our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Legitimate Interest means the interest of our business in managing and conducting our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Please feel free to contact us to obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities.
3. To comply with a legal obligation - Complying with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation we are subject to.

The following are some of the most common purposes or activities for which the Data may be processed -

1. We keep a record of the Services provided to you to be used for billing purposes.
2. If you are seeking to recoup the expense of the Services from your chosen insurance company, information may be provided to the insurance company.
3. We may be required to provide your Personal Data to regulators as and when necessary.
4. When a court order has been issued, we will pass on your Personal Data to a court of law.
5. To provide you, or permit selected third parties to provide you, with information about services we feel may interest you. If you are an existing Client, we will only contact you by electronic means (SMS, e-mail or push message) with information about services similar to those which were the subject of a previous sale or negotiations of a sale to you. Kindly note, if you are a new user, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
6. To ensure content from the Platform are presented in the most effective manner for you your device;
7. To notify you about changes in our service;
8. To improve the Platform to ensure content is presented in the most effective manner for you and your electronic device; 
9. To administer the Platform for internal operations, including data analysis, troubleshooting, research, testing, statistical and survey purposes;
10. To allow you to participate in interactive features of our service (when you choose to do so), as part of our efforts to keep the Platform safe and secure;
11. To measure or understand the effectiveness of advertising and/or marketing we serve to you and others, and to deliver relevant advertising and/or marketing to you;
12. To comply with a legal or regulatory obligation;
13. To make suggestions and recommendations to you and other users of the Platform about services that may interest you or them;

Withdrawal of Consent

As specified in this Privacy Policy, we do not rely on consent as a legal basis for processing your Personal Data, although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us. 

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose of personal data collection. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at contact@chearful.com. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. Please note we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Location Information

Through the device’s Privacy Settings, you can choose whether or not to allow the Platform to collect and use real-time information about your device’s location. If you block the use of location information, some parts of the Platform may not function properly or be inaccessible.

Links to Third-Party Sites

From time to time, the Platform may contain links to and from the websites of our partner networks, affiliates and advertisers. If you follow a link to any of these websites, please note these websites have their own privacy policies - we do not accept any responsibility or liability for these policies. Before you submit any Personal Data to these Websites, please check these policies carefully.

Where We Store Your Personal Data

At all times, we will comply with the applicable laws, regulations, policies and decrees issued by relevant authorities in the UAE (collectively, “Local Laws”) and will take all steps reasonably necessary to ensure your data is treated securely and in accordance with this Privacy Policy. We store all your personal counselling data (including your primary and secondary care information, medication information and diagnostic information) on secure servers. Any payment transactions will be encrypted. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Payment Card Industry (PCI) data security standards. SSL technology encrypts any payment transactions. Once we have received your information, we will use strict procedures, industry standard physical, technical and administrative safeguards and security features to try to prevent unauthorised access.

Disclosures of Your Personal Data

You (the User) agree we (the Platform) have the right to share your Personal Data, with the exception of your personal health records, with any employee or contractor of The Company.
We may disclose your Personal Data to third parties in the following scenarios, with third parties being -
a) Our users through the Platform, in the case of Practitioners Data
b) Practitioners with whom you have booked appointments through the Platform (in the case of Contact Data and Identity Data);
c) Practitioners with whom you have booked appointments for online consultations through the Platform (in the case of Identity, Financial Data, Contact and Transaction Data);
d) Service providers acting as processors who provide IT, payment processing services and system administration services.
e) Professional advisers acting as processors or joint controllers including lawyers, auditors, bankers and insurers who provide consultancy, legal, banking insurance and accounting services.
f) Regulators and other authorities acting as joint controllers or processors who require reporting of processing activities in certain circumstances.

Other Third Parties Disclosure

• If we (the Platform) are under a duty to disclose or share your Personal Data to comply with any legal obligation, court order, regulation, subpoena, legal process or government request or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of us, our Clients, or others.
• In good faith, if we believe it is necessary to protect the rights, property, or safety of us, our Clients, or others, to investigate fraud or respond to a government request;
• To notify or assist in notifying a family member, personal representative or another person responsible for your care of your location and general condition.
• To whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy policy.
• Contractors, physicians, mental-health professionals, psychologists, counsellors, business associates, service providers our staff and any third parties we use to support our business and to provide health care services;
• Advertisers that require the data to select and serve relevant adverts to you and others;
• Analytics and search engine providers that assist us in the optimisation and improvement of the Platform;
• Other Service providers, health plans or their related entities for their treatment or payment activities or health care activities.

We require all Third Parties and Other Third Parties to respect the security of your Personal Data and to treat it in accordance with the laws of the United Arab Emirates. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

Data Privacy

The Personal Data we collect from you (the User) is stored in the UAE, but may be shared within The Company by The Company employees/agents/contractors. This may involve your data being transferred to and stored at a destination outside of your country of residence, or outside of the jurisdictions in which the persons to whom such Personal Data relates. The Personal Data may also be processed by staff operating outside such jurisdictions who work for The Company or a vendor. Such staff may be engaged in, among other things, the provision of support services and the fulfilment of your booking/appointment. Your Personal Data may be transferred, stored, processed and used by our affiliated companies and/or non-affiliated service providers in one or more countries outside your country. In such cases, we ensure your Personal Data is protected by requiring all our group companies to follow the same rules when processing your Personal Data. Whenever we transfer your Personal Data out of such jurisdictions or to third parties, we use contractual obligations to aim to ensure a similar degree of protection is afforded to it. Where we use certain service providers, we may use specific contracts that give Personal Data the same protection it has in such relevant jurisdiction. In the event of a conflict between applicable laws, regulations, decrees and policies issued by relevant authorities in the UAE (collectively, “Local Laws”) and any legal authorities issued by foreign governments, kindly note the Local Laws will prevail.

GDPR - The Company makes all reasonable efforts to comply with applicable existing European Union (EU) data privacy regulations. In particular, the General Data Protection Regulation (2016/679) is a regulation in EU law on data protection and privacy applicable and available to all individuals within the European Union and the European Economic Area. This body of regulations, which also addresses the export of personal data outside the EU and EEA and is commonly referred to as “GDPR.” The basic tenants of the promulgated GDPR regulations include, but are not limited to, disclosure when The Company can sell, transfer or third party marketing of User’s data.

You already have the ability to access your Personal Data and use it as you wish at The Company. This Privacy Policy and User Agreement is clear on what consent we seek with regards to your data and prior to your engagement with your Provider. We will provide our Clients notice of any data breach involving Personal Data that may occur.

The GDPR takes into account what has been termed the right “to forget,” effectively providing for you to request the deletion of your data once you cease using the Platform. Kindly note this particular tenant of the GDPR may conflict with other applicable medical records retention laws. However, applicable individual country medical retention laws are generally considered an acceptable exception to the GDPR regulations regarding the right to deletion of certain data. In the United States, this requires at least seven (7) years of retention, which is common globally. In other countries, retention of ten (10) years or more is usually required. Consequently, The Company will not erase private health data directly upon a Client’s request, because of legal duties making it essential for medical file retention purposes.

Data Security

The Platform uses a highly secure and encrypted backend system to ensure optimal functionality, security and privacy; however, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to the Platform - any transmission is at your own risk. The only risk of jeopardising the User’s privacy would be as a result of having their own personal email account hacked (and that would have no relation to the Platform).

Passwords and Confidentiality

If you are provided with a password or any other piece of information as part of our security procedures for a registration-only section of the Platform, you are solely responsible to maintain the confidentiality of your password and username for the Platform and you are also solely responsible for all activities that are carried out under them. It is important you safeguard yourself against unauthorised access to your password and to the devices used to access our Services. You are solely responsible for keeping your password confidential at all times. We urge you to take necessary steps to keep your personal information safe by not disclosing your password with anyone and by immediately logging out of your account after each use, especially when you have finished using a shared device. It is your sole responsibility to control the dissemination and use of your password and to control access to and use of your user ID and password. We (the Platform) do not have the means to check the identities of people using the Platform and we will not be liable where your password or user name is used by someone else. You (the User) agree to immediately notify us of any unauthorised use of your password or user name or any other breach of security of which you become aware. We (the Platform) have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion, you have failed to comply with any of the provisions of these terms or the Terms of Use. Please promptly inform us if you need to deactivate your account.

Data Retention

We (the Platform) will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory, tax or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, sensitivity and nature of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, tax, accounting, regulatory or other requirements. Usually, the retention periods for different aspects of your Personal Data will be six years. We may retain your Personal Data for a longer period of time in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. In some circumstances, we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without any further notice to you. In some circumstances you can ask us to delete your data (please see your legal rights below for further information).

Cookies

The Platform may use "Cookies" to personalise your online experience. Cookies are small computer text files placed on your computer’s hard drive by a web page server transferred to your hard drive that contain information such as user ID, lists of pages visited, user preferences and lists of activities conducted while browsing the Platform. Cookies cannot be used to deliver viruses to your computer or to run programs. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. Cookies provide a convenience feature to save you time - its purpose is to improve user-experience. Cookies tell the Platform you have returned to a specific page. For example, if you register an account with The Platform, a cookie helps us recall your specific information on subsequent visits. Cookies simplify the process of recording your personal information. When you return to the Platform, the information you previously provided can be retrieved, so you can easily use the features you customised.

At your option, responsibility and expense, you may accept or decline cookies. You may block cookies or delete cookies from your hard drive. By disabling cookies, however, you may not have access to the entire set of features of this Platform and some parts of them may either become inaccessible or not function properly. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies (if you prefer so). If you choose to decline cookies, you may not be able to fully experience the interactive features of the Platform. The Platform uses cookies to distinguish you from other users to provide you with a good user-experience when you browse the Platform and it also allows us to improve our services. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. For more information about the cookies we use, please see our Cookie Policy.

Promotional Offers from Us

We (the Platform) may use your Identity, Technical, Usage, Contact and Profile Data and Special Categories of Personal Data to form a view on what we think you may want or need and/or what may be of interest to you. This is how we decide which products, offers and services may be relevant for you. This is what we call marketing. You will receive marketing communications from us if you have - a) requested information from us, b) created an account, c) purchased services from us or d) provided us with your details when you entered a competition or registered for a promotion (and, in each case, you have not opted out of receiving that marketing).

Marketing and Opt Out

We strive to provide you with choices regarding certain usage of Personal Data, particularly around marketing and advertising. We will always give you the option to choose not to receive marketing communications from us. Contact us to opt out from having your Personal Data used by us to promote our own or third parties’ products or services. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time by sending us an email. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions.

Third-Party Marketing

Before we share your Personal Data with any third-party company for marketing purposes, we will get your opt-in consent. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. Contact us to opt-out of using information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences.

Your Legal Rights

We (the Platform) may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information regarding your request to speed up our response. You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, excessive or repetitive (alternatively, we may refuse to comply with your request in these circumstances). We try to respond to all legitimate requests within one month, however, it may occasionally take us longer than a month if your request is particularly complex or you have made a number of requests. We will notify you and keep you updated in this case.

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data, such as the right to make the following requests at any time (for which you can contact us at contact@chearful.com) -
a) Request access to your Personal Data (commonly known as a “data subject access request”) to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
b) Request correction of the Personal Data we hold about you to have any incomplete or inaccurate data we hold about you corrected (we may need to verify the accuracy of the new data you provide to us). The correction of medical records will only be done as a time-stamped addendum. Kindly note, previous notes written by our doctors will never be changed or erased.
c) Request erasure of your Personal Data – with the exception of medical records – where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with Local Law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d) Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground if you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. We may demonstrate, in some cases, we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
e) Request restriction of processing of your Personal Data - this enables you to ask us to suspend the processing of your Personal Data in the following scenarios - If you want us to establish the data's accuracy; Where our use of the data is unlawful but you do not want us to erase it; You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it; Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
f) Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
g) You (the User) may withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you (we will advise you if this is the case at the time you withdraw your consent).
h) You may request a copy of your information to be provided to another person.

Changes to This Privacy Policy

Periodically, the Privacy Policy is reviewed and adjusted. Any changes made to the Privacy Policy will be posted on this page and, where appropriate, it may be notified to you via email. It shall be your obligation to regularly check the Privacy Policy for updates. Continued use of the Platform following notice of such changes will indicate your acknowledgment of such changes and agreement to be bound by the terms and conditions of such changes.

Please feel free to contact us with any questions at contact@chearful.com

Effective Date: 15TH SEPTEMBER 2022

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

• The terms of this Notice of Privacy Practices applies to Chearful.com, an online well-being platform.
• Chearful.com will share protected health information of clients as necessary to carry out treatment, payment, and health care operations as permitted by law. 
• We are required by law to maintain the privacy of our clients’ protected health information and to provide clients with notice of our legal duties and privacy practices with respect to protected health information. 
• We are required to abide by the terms of this Notice for as long as it remains in effect. 
• We reserve the right to change the terms of this Notice as necessary and to make a new notice of privacy practices effective for all protected health information maintained by Chearful.com. 
• We are required to notify you in the event of a breach of your unsecured protected health information. 
• We are also required to inform you that there may be a provision of the local law that relates to the privacy of your health information that may be more stringent than a standard or requirement under the Federal Health Insurance Portability and Accountability Act (“HIPAA”). 
• A copy of any revised Notice of Privacy Practices or information pertaining to it may be obtained by mailing a request to the Privacy Officer at contact@chearful.com

USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION: 

Authorization and Consent: Except as outlined below, we will not use or disclose your protected health information for any purpose other than treatment, payment, or health care operations unless you have signed a form authorizing such use or disclosure. 

You have the right to revoke such authorization in writing, with the revocation being effective once we actually receive the writing; however, such revocation shall not be effective to the extent that we have taken any action in reliance on the authorization, or if the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself.

Uses and Disclosures for Treatment: We will make uses and disclosures of your protected health information as necessary for your treatment. Healthcare professionals involved in your care will use information in your medical record and information that you provide about your symptoms and reactions to your course of treatment that may include psychological history, procedures, medications, tests, medical,  etc. 

Uses and Disclosures for Payment: We will make uses and disclosures of your protected health information as necessary for payment purposes. During the normal course of business operations, we may forward information regarding your medical procedures and treatment to your insurance company to arrange payment for the services provided to you. We may also use your information to prepare a bill to send to you or to the person responsible for your payment.

Uses and Disclosures for Health Care Operations: We will make uses and disclosures of your protected health information as necessary, and as permitted by law, for our operations, which may include clinical improvement, professional peer review, business management, accreditation, and licensing, etc. For instance, we may use and disclose your protected health information for purposes of improving clinical treatment and client care.

Individuals Involved in Your Care: We may from time to time disclose your protected health information to designated family, friends and others who are involved in your care or in payment of your care in order to facilitate that person's involvement in caring for you or paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited protected health information with such individuals without your approval. We may also disclose limited protected health information to a public or private entity that is authorized to assist in disaster relief efforts for that entity to locate a family member or other persons that may be involved in some aspect of caring for you.

Business Associates: Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, accreditation, outcomes data collection, legal services, etc. At times it may be necessary for us to provide your protected health information to one or more of these outside persons or organizations who assist us with our operations. In all cases, we require these associates to appropriately safeguard the privacy of your information

Appointments and Services: We may contact you to provide appointment updates or information about your treatment or other health-related benefits and services that may be of interest to you. You have the right to request, and we will accommodate reasonable requests by you to receive communications regarding your protected health information from us by alternative means or at alternative locations. For instance, if you wish appointment reminders to not be left on voice mail or sent to a particular address, we will accommodate reasonable requests. With such a request, you must provide an appropriate alternative address or method of contact. You also have the right to request that we not send you any future marketing materials and we will use our best efforts to honor such requests. You must make such requests in writing, including your name and address, and send such writing to the Privacy Officer at this address contact@chearful.com

Research: In limited circumstances, we may use and disclose your protected health information for research purposes. In all cases where your specific authorization is not obtained, your privacy will be protected by strict confidentiality requirements applied by an Institutional Review Board which oversees the research or by representations of the researchers that limit their use and disclosure of your information.

Fundraising: We may use your information to contact you for fundraising purposes. We may disclose this contact information to a related foundation so that the foundation may contact you for similar purposes. If you do not want us or the foundation to contact you for fundraising efforts, you must send such a request in writing to the Privacy Officer at this address contact@chearful.com

Other Uses and Disclosures: We are permitted and/or required by law to make certain other uses and disclosures of your protected health information without your consent or authorization for the following:

• Any purpose required by law; Public health activities such as required reporting of immunizations, disease, injury, birth, and death, or in connection with public health investigations
• If we suspect child abuse or neglect; if we believe you to be a victim of abuse, neglect, or domestic violence
• To the Food and Drug Administration to report adverse events, product defects, or to participate in product recalls
• To your employer when we have provided health care to you at the request of your employer
• To a government oversight agency conducting audits, investigations, civil or criminal proceedings
• Court or administrative ordered subpoena or discovery request
• To law enforcement officials as required by law if we believe you have been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law
• To coroners and/or funeral directors consistent with law
• If necessary to arrange an organ or tissue donation from you or a transplant for you
• If you are a member of the military, we may also release your protected health information for national security or intelligence activities; and 
• To workers' compensation agencies for workers' compensation benefit determination.

DISCLOSURES REQUIRING AUTHORIZATION:

Psychotherapy Notes: We must obtain your specific written authorization prior to disclosing any psychotherapy notes unless otherwise permitted by law. However, there are certain purposes for which we may disclose psychotherapy notes, without obtaining your written authorization, including the following:

(1) to carry out certain treatment, payment, or healthcare operations (e.g., use for the purposes of your treatment, to defend ourselves in a legal action or other proceeding brought by you)

(2) to the government health sector entity to determine our compliance with the law

(3) as required by law

(4) for health oversight activities authorized by law

(5) to medical examiners or coroners as permitted by state law

(6) for the purposes of preventing or lessening a serious or imminent threat to the health or safety of a person or the public.

Genetic Information: We must obtain your specific written authorization prior to using or disclosing your genetic information for treatment, payment, or health care operations purposes. We may use or disclose your genetic information, or the genetic information of your child, without your written authorization only where it would be permitted by law.

Marketing: We must obtain your authorization for any use or disclosure of your protected health information for marketing, except if the communication is in the form of 

(1) a face-to-face communication with you,

(2) a promotional gift of nominal value. 

Sale of Protected Information: We must obtain your authorization prior to receiving direct or indirect remuneration in exchange for your health information; however, such authorization is not required where the purpose of the exchange is for:

• Public health activities
• Research purposes, if we receive only a reasonable, cost-based fee to cover the cost to prepare and transmit the information for research purposes
• Treatment and payment purposes
• Health care operations involving the sale, transfer, merger or consolidation of all or part of our business and for related due diligence
• Payment, we provide to a business associate for activities involving the exchange of protected health information that the business associate undertakes on our behalf (or the subcontractor undertakes on behalf of a business associate) and the only remuneration provided is for the performance of such activities; 
• Providing you with a copy of your health information or an accounting of disclosures
• Disclosures required by law
• Disclosures of your health information for any other purpose permitted by and in accordance with the Privacy Rule of HIPAA, if the only remuneration we receive is a reasonable, cost-based fee to cover the cost to prepare and transmit your health information for such purpose or is a fee otherwise expressly permitted by other law

RIGHTS THAT YOU HAVE REGARDING YOUR PROTECTED HEALTH INFORMATION:

Access to Your Protected Health Information: You have the right to copy and/or inspect much of the protected health information that we retain on your behalf. For protected health information that we maintain in any electronic designated record set, you may request a copy of such health information in a reasonable electronic format, if readily producible. Requests for access must be made in writing and signed by you or your legal representative. 

Amendments to Your Protected Health Information: You have the right to request in writing that protected health information that we maintain about you be amended or corrected. We are not obligated to make requested amendments, but we will give each request careful consideration. All amendment requests, must be in writing, signed by you or legal representative, and must state the reasons for the amendment/correction request. If an amendment or correction request is made, we may notify others who work with us if we believe that such notification is necessary.

Accounting for Disclosures of Your Protected Health Information: You have the right to receive an accounting of certain disclosures made by us of your protected health information. Requests must be made in writing and signed by you or your legal representative. 

Restrictions on Use and Disclosure of Your Protected Health Information: You have the right to request restrictions on uses and disclosures of your protected health information for treatment, payment, or health care operations. We are not required to agree to most restriction requests but will attempt to accommodate reasonable requests when appropriate. You do, however, have the right to restrict disclosure of your protected health information to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the protected health information pertains solely to a health care item or service for which you, or someone other than the health plan on your behalf, has paid in full. If we agree to any discretionary restrictions, we reserve the right to remove such restrictions as we appropriate. We will notify you if we remove a restriction imposed in accordance with this paragraph. You also have the right to withdraw, in writing or orally, any restriction by communicating your desire to do so to the individual responsible for medical records.

Right to Notice of Breach: We take very seriously the confidentiality of our patients’ information, and we are required by law to protect the privacy and security of your protected health information through appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving your unsecured health information and inform you of what steps you may need to take to protect yourself.

Complaints: If you believe your privacy rights have been violated, you can file a complaint in writing with the Privacy Officer. There will be no retaliation for filing a complaint.