Rainbow Health Privacy Policy

This Privacy Policy is not a contract and does not create any contractual rights or obligations.

Your information is important to us. We carefully use your information in the context of the Application and do not sell or disclose your health or demographic information.

THIS POLICY AND NOTICE DESCRIBES HOW PERSONAL INFORMATION AND MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Point 01

This Privacy Policy, together with the Rainbow Health Terms of Use & End-User License Agreement (“Terms and Conditions”) and the Informed Consent for Rainbow Health Telemedicine Services (“Informed Consent”), describes our practices in connection with how we use and disclose information that we collect through software applications (including mobile applications) and websites (including the website currently located at https://rainbow.health) that we operate and that contain or link to this Privacy Policy (such applications and websites are collectively referred to as the “Applications”), and how you can get access to this information.

Rainbow Health respects and is committed to protecting your health information. We are also required by law to maintain the confidentiality of your protected health information, to give you this notice of our privacy practices and to abide by its terms. If we make any significant changes to this Privacy Policy, the new policy will be available at https://rainbow.health.

We may collect and process Personal Data, Non-Personal Data and Health Information (as defined in Point 4, below) in connection with the Applications.

This Privacy Policy does not address the privacy practices of any third party. Rainbow Health is not responsible for the privacy practices of any such third parties, including those to whom we disclose Personal Data in accordance with this Privacy Policy or to whom you submit Personal Data having accessed such third-party application or website via the Applications. We do not endorse any applications or websites which may be linked via the Applications.

We use and disclose your Personal Data to help with your treatment, payment for your treatment and our health care operations, and in other ways permitted or required by law. When the law requires us to get your permission before we disclose your information to another organization or person, or before we use it, we will do so as described below. You also have specific rights related to your privacy. Those rights, and how you may exercise them, are described below.

Point 02

Risks of using electronic communications and risk of Rainbow Health storing your health information electronically

Rainbow Health takes a number of steps to safeguard the security of all electronic communications that we send to you and you send to us through the Applications. We also take a number of steps to safeguard the security of your health information that we store in our various electronic systems. All of the information we store is held on servers within the continental United States of America. Your health information may be processed by our employees or by one of our carefully selected, third-party service providers. By using the Applications, you agree to this.

Despite the administrative, technical, and physical safeguards we take, there is a risk that these safeguards will not be sufficient. This means that there is a risk that unauthorized parties may read electronic communications that we send to you, and you send to us, and that unauthorized parties may gain access to and control over your health information that we store electronically. The fact that we store your information on separate electronic systems increases the risk. By using the Applications, you agree that you have read this Privacy Policy and accept this risk.

We do not share your Personal Data with third parties. We are not liable for the security and privacy of any information that you choose to print or email from our application. We recommend that you consider carefully whether you wish to share your personal data when you use the Applications.

Your personal data is retained by Rainbow Health as long as your account is active. You may close your account by visiting https://rainbow.health/contact.html and contacting us with the login email address. We will contact you to verify your identity and subsequently close the account and delete all of the personal data associated with the account as permitted by law. In the event that our Applications are discontinued by our licensor, prohibited by the government, or recalled by us, we will notify you by email and by posting on our website at https://rainbow.health prior to making our app inoperable.

Point 03

“Health Information” is data that relates to your physical or mental health history or conditions, to treatment you have received for those conditions, or to payments for those conditions. We treat Health Information as Personal Data, subject to some special rules as required by the Health Insurance Portability and Accountability Act (“HIPAA”). The categories below describe the different ways that we may use or disclose health information about you without your permission. Each of these categories of use or disclosure will be explained with an example provided. Not every use or disclosure in a category will be listed.

We may use Health Information about you to permit health professionals to provide you with healthcare treatment and services through the Application. We may disclose Health Information about you to doctors, nurses, or other personnel involved in your care. For example, a doctor treating you may need to know if you are allergic to a medication because it may affect management of your condition.

We may use and disclose Health Information about you so that the treatment and services you receive from and through us may be billed to and payment collected from you. For example, we will need to share the credit or debit card details you provide with our bank and payment processor. Or we may share with the primary cardholder that the Medical/Healthcare related transaction on the bank statements is for a Rainbow Health charge.

We may use and disclose Health Information about you to manage and improve the health care services and operations provided through Rainbow Health. For example, we may use Health Information to conduct quality assessment reviews to evaluate performance in caring for you. We may also share your Health Information with our “business associates” that perform administrative services for us, such as billing services.

We may use your Health Information to give you appointments, reminders, information about treatment options and services, and information about other health-related products or services.

When you register for services through the Applications, we will send an email to the email address you provide for relevant health and applications updates. By giving us your email address, you are agreeing to us sending you these emails. By giving us your telephone number, you are agreeing to relevant texts and calls from your health professional directly or through Rainbow Health network (as requested while receiving care through the service).

We will disclose Health Information about you when required to do so by federal, state, or local law.

We may use and disclose Health Information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

IIf you are a member of the armed forces or are separated/discharged from military services, we may release Health Information about you as required by military command authorities or the Department of Veterans Affairs as may be applicable. We may also release Health Information about foreign military personnel to the appropriate foreign military authorities.

We may release Health Information about you for workers’ compensation or similar programs.

We may disclose Health Information about you for public health activities, which generally include: prevention or control of disease, injury, or disability; reporting births, deaths, and child abuse or neglect; to report reactions to medications or problems with products; to notify people recalls of products they may be using; to notify someone who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence (we will only make this disclosure if you agree or when required or authorized by law.

We may disclose Health Information to a health oversight agencies for activities authorized by law. These activities include but are not limited to audits, investigations, inspections, and licensure activities.

If you are involved in a lawsuit or a dispute, we may disclose Health Information about you in response to a valid court order or administrative order. We may also disclose Health Information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only after efforts have been made to notify you of the request and you have time to obtain an order protecting the information requested.

We may release Health Information if asked to do so by a law enforcement official in certain circumstances, such as in response to a court or administrative order, warrant or similar process; to identify or locate a witness, suspect or missing person; and to identify the victim of a crime or to report a crime.

We may release Health Information about you to a coroner, health examiner, or funeral director as permitted or required by law, such as to identify a deceased person or to determine the cause of death.

If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release Health Information about you to the correctional institution or law enforcement official when the release is necessary: for the institution to provide you with healthcare; to protect your health and safety or the health and safety of others; or for the safety and security of the correctional institution.

We will not share your Health Information with advertisers or other third parties. We will use your Health Information for marketing purposes only if you have opted in to receiving marketing communications. Marketing purposes include letting you know about products and services that we offer. If you opt in, you may opt out at any time by contacting us at https://rainbow.health/contact.html. We will not sell or rent your Health Information or Personal Data without your written authorization. Third parties may display advertisements on the Applications. These third parties may also place a cookie on your device in the course of you viewing their advertisements. California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding the disclosure of certain data to third parties for direct marketing purposes. To make such a request, please write to us at https://rainbow.health/contact.html

Point 04

• Server log files;
• Information collected through cookies and other technologies;
• Demographic information;
• De-identified Health Information and other de-identified Personal Data (i.e., information that has been stripped of details and can no longer identify you); and
• Browser information.

We may use and disclose Non-Personal Data for any purpose. In some instances, we may combine Non-Personal Data with Health Information or other Personal Data. If we combine any Non-Personal Data with Health Information or other Personal Data, the combined information will be treated by us as Health Information or Personal Data, as long as it is so combined.

• Through the device you use to access the Applications: e.g., your operating system name and version, device manufacturer, device model and identifier etc. We may use this data to analyze how the Applications are being used.
• Using cookies: Cookies are small text files which are placed on the device on which you are using the Applications. We use cookies to better serve you with more tailored information and facilitate your ongoing access to and use of the Applications, as well as for online tracking purposes. You can disable cookies via your browser settings, however, this may mean that some of the features of the Applications are no longer available to you. To learn more about cookies, please visit http://www.allaboutcookies.org/.
• Through server log files: An Internet Protocol address (“IP Address”) is a numerical label assigned to the device that you are using by your Internet Service Provider. Your IP Address is identified and logged in our server log files whenever you use the Applications, along with the time of the use. We use IP Addresses for purposes such as helping to calculate usage levels of the Applications.
• Using web beacons: Web beacons may be used in connection with the Applications to track the actions of users, and to measure the success of our marketing campaigns.
• From you: We may collect information from you which you volunteer, such as your location. Unless combined with Personal Data, this information does not personally identify you.
• Location data: We may establish the physical location of your device, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with location-based services and content tailored to you.

Point 05

Your rights regarding health information about you: State and federal laws give you rights related to the privacy of your Health Information. Each of these rights is described below. If you want to exercise these rights, you must notify us in writing. For more information on these rights, see the Contact Information in Point 9.

• Right to Inspect and Copy. You have certain rights to inspect and copy Health Information that may be used to make decisions about your care. Usually this includes health and billing records but would not include psychotherapy notes. To exercise this right, you must submit a request in writing to the contact identified below. If you request a copy of your Health Information, we may charge a reasonable fee for the costs of locating, copying, mailing, or other supplies and services associated with your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to Health Information, you may in certain instances request the denial be reviewed.
• Right to Amend. You have the right to ask us to amend the Health Information that we have about you if you feel it is incorrect or incomplete. You have this right to request an amendment for as long as we keep the Health Information. You must make your request in writing and provide a reason for your request. We may deny your request if, among other reasons, the information was not created by us or if we believe it is otherwise accurate and complete. If we deny your requested change, you have the right to ask us to keep a copy of your request to amend in your records. Any amendment we make to your Health Information will be disclosed to those with whom we disclose information as previously specified.
• Right to an Accounting of Disclosures. Subject to certain exceptions, you have the right to receive from us, upon your written request, an accounting (or listing) of instances when we disclosed your Health Information as described in Point 3 of this policy and of any unauthorized disclosures.
• Right to Request Restrictions. You have the right to request a restriction or limitation on the Health Information we use or disclose about you for treatment, payment or health care operations. We will consider your request, but we are not required to agree if it is not feasible for us to ensure our compliance with law or we believe it will negatively impact the care we may provide you. To request a restriction, you must make your request in writing and identify what information you want to limit and to whom you want the limits to apply.
• Right to Request Confidential Communications. You have the right to request that we communicate with you about confidential matters by alternative means or at alternative locations. For example, you can request that we only contact you at work. We will make reasonable efforts to accommodate your request.
• Right to Receive a Paper Copy of This Notice. You have the right to obtain a paper copy of this Notice at any time upon request. You may also obtain a copy of this Notice on the App.
• Right to be Notified of a Breach. We are required by law to notify you following a breach of unsecured protected health information.
• Right to Complain about our Privacy Practices. If you believe we have violated your privacy rights, you may complain to us directly (see Contact Information in Point 9) or to the Office for Civil Rights of the United States Department of Health and Human Services. You may file a complaint without fear of reprisal.

Point 06

Your rights regarding health information about you: We reserve the right to change this Privacy Policy at any time. Please look at the “Effective Date” at the bottom of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we make the revised Privacy Policy publicly available through the Applications. Your use of the Applications or the submission of any information in connection with the Applications following such changes means that you accept the revised Privacy Policy.

If you have any questions in relation to this Privacy Policy, please contact Rainbow Health at https://rainbow.health/contact.html.

Point 07

Third party service providers: We may use a variety of third-party vendors to help us provide our services, understand the use of our services, and advertise our Application, website, products and services. Third party vendors may include but are not limited to Google Analytics. These third-party service providers may use cookies or other methods to collect, store, and share information as further dictated by the privacy policies and disclosures of those third parties.

Google, Inc. may utilize the data collected to track and examine the use of the website or Application, to prepare reports on its activities and share them with other Google, Inc. services. Google, Inc. may also use the data collected to contextualize and personalize the ads of its own advertising network, such as by using cookies to serve ads based on a user’s prior visits to the Site or other websites. You may view Google’s privacy policy here: https://policies.google.com/privacy?hl=en, with more information located here: https://www.google.com/policies/privacy/partners/ (including information regarding how to control how information is shared through your Ads Settings) and here: https://support.google.com/analytics/answer/6004245?hl=en.

You can prevent the collection of the data generated by Google Analytics in relation to your use of the website (including your IP address) and the processing of this data by downloading and installing the browser plug-in, with more information regarding how you can opt out of Google Analytics data collection as instructed here: https://tools.google.com/dlpage/gaoptout.

This link provides instructions for installing an opt-out cookie on your device. As a result, the collection of data by Google Analytics is prevented in future for the website and for this browser as long as the opt-out cookie remains installed in your browser.

Point 08

Special situations and other information practices: In addition to the situations described above, we may use and disclose visitor information (except Health Information, which may only be disclosed as otherwise set forth in this Privacy Policy) in special instances when we have reason to believe disclosing this information is necessary to investigate, identify, contact, or bring legal action against someone who may be causing injury to or interfering with our rights or property, other website visitors or Application users, or anyone else. We may disclose visitor information when subpoenaed, if ordered or otherwise required by a court of law, arbitrator, or other similar proceeding or the rules governing such a proceeding, for government investigations, with government agencies if required by law, to exercise, establish, or defend United Sugars’ legal rights, to protect your vital interests or those of any other third party, and when Rainbow Health otherwise believes in good faith that any applicable law requires it.

If you wish to discuss this Privacy Policy and the information we collect, you may contact us at https://rainbow.health/contact.html. At this time, we may not be able to specifically identify and provide you with all of the information we have collected about you for your review, editing, or removal from our databases. In order to provide you with any information, Rainbow Health may, but is not required to, request that you prove your identity to the satisfaction of Rainbow Health.

Protecting the privacy of children is very important to us. For that reason, our website and Application does not solicit, collect or maintain personally identifiable information from users we actually know are under age 13. If you are a parent or guardian, please contact us at https://rainbow.health/contact.html if you believe information regarding a child has been collected by us through our Site.

In the event that we are involved in a bankruptcy, merger, acquisition, reorganization or sale of assets or change in our ownership or control, your information may be sold or transferred as part of that transaction to actual or prospective transaction partners and their consultants, advisors, counselors, and agents, and otherwise shared to facilitate that transaction before, during, and after that transaction is completed. The promises in this Privacy Policy will apply to your information as transferred to the new entity.

Presently the website does not honor “do not track” settings on web browsers and does not offer you the opportunity to request that we not track your use of its services except as otherwise stated in this Privacy Policy.

We may revise this Privacy Policy from time to time. By continuing to access or use the Site after those changes become effective, you agree to be bound by the revised Privacy Policy.

Point 09

In-App Permissions and Data Usage

The Rainbow Health patient application uses the device camera to send images and video to healthcare providers. This permission can be revoked at any time.

The Rainbow Health patient application uses the device microphone during video healthcare encounters. This permission can be revoked at any time.

We may collect and process images that you upload to our app. This information may be used to improve our app, provide patient care, or for other purposes as described in our privacy policy.

Point 10

Contact Information
All questions and concerns about your privacy can be sent to info@rainbow.health or by mail to:
Rainbow Health
Location 1
24 Greenway Plaza Suite 1800, Houston, TX 77046
Location 2
77 Sugar Creek Center Blvd, Sugar Land, TX 77478, USA
Attention: Privacy Officer

Effective Date: June 07, 2023