This Privacy Policy (“Privacy Policy”) explains how Ceresti Health, Inc., a Delaware corporation (and any of its subsidiaries and affiliates) (“hereinafter referred to as “CERESTI,” “Ceresti,” or “We”) collects information and what type of information is collected from (a) the website with the uniform resource locator (URL) address www.ceresti.com and/or all other websites, web pages, and landing pages owned and/or operated by or on behalf of CERESTI (hereinafter referred to as “Ceresti’s Websites”), (b) our tablet-based “always-on” device (“Ceresti’s AOD”), and/or (c) all mobile applications owned and/or operated by or on behalf of CERESTI used on the AOD and/or any other device (“Ceresti’s Apps”). Ceresti’s Websites, Ceresti’s AOD and Ceresti’s Apps are referred to individually and collectively below as “Ceresti’s Websites, AOD and/or Apps.” This Privacy Policy also describes how CERESTI stores, uses, protects, and discloses the information collected.
Throughout this Privacy Policy, the terms “user”, “you,” “your” and “yourself” are used to refer to users of the Ceresti’s Websites, AOD and/or Apps. Given that users will most often be acting on behalf of a patient (hereinafter referred to as “the Patient”), this Privacy Policy will include how CERESTI collects, stores, uses, protects, and discloses the information about the Patient. In addition, wherever the term “Device” is used in this Privacy Policy, it shall be understood to include a computer, server, laptop, tablet, mobile phone, memory device and/or other device through or upon which information and data may be collected, stored, used, protected, and/or disclosed.
Ceresti’s Websites, AOD and/or Apps are intended for use by residents of the United States. If you are not a resident of the United States, you may not use Ceresti’s Websites, AOD and/or Apps. By accessing, visiting and/or using Ceresti’s Websites, AOD and/or Apps, you represent that you and the Patient are residents of the United States and are located in the United States.
CERESTI reserves the right at any time in its sole discretion to modify or change this Privacy Policy. You acknowledge and agree on behalf of yourself and the Patient that CERESTI shall have the right at any time in its sole discretion to modify or change the Privacy Policy, and notice of such modifications or changes shall be given as set forth in the applicable section below.
CERESTI may collect information about you and/or the Patient through your access to and/or use of Ceresti’s Websites, AOD and/or Apps and information that you input into any of them. CERESTI may collect information about you and/or the Patient from (i) the Patient’s health care provider and/or plan, (ii) other health care providers, (iii) the Patient, (iv) the Patient’s Primary Caregiver, (v) the Patient’s authorized family members and friends, and/or (vi) other persons authorized to provide CERESTI with information about the Patient. In addition, when you use CERESTI’s Websites, AOD and/or Apps, CERESTI collects information about your use of them. CERESTI may place “cookies” and/or other types of files and/or software code on the Device that you use to access Ceresti’s Websites and/or Apps, as well as Ceresti’s AOD. CERESTI may also collect technical information about your usage of Ceresti’s Websites, AOD and/or Apps. CERESTI may use various technologies to collect information about cookies, IP addresses, device type, device identifiers, browser types, browser language, pages accessed, URLs, platform type, the clicks, domain names, landing pages, the amount of time spent on particular pages, application state and the date and time of activity with our applications, and other similar information. CERESTI may associate this information with a user identifier number for our internal use. If you so desire, you can adjust settings on your web browser to limit the type of cookies allowed.
The categories and types of information that CERESTI collects and stores about the Patient may include, without limitation, the following:
In addition, Ceresti’s AOD and Apps enable the Patient’s Primary Caregiver and the Patient’s authorized family members and friends to communicate with each other and the Patient about the Patient (e.g. the Patient’s condition, treatment, and care), as well as to transmit photographs, images and videos of the Patient and of each other. CERESTI may collect and store these communications, photographs, images and videos.
If you are the Patient’s Primary Caregiver who uses the Ceresti Website, AOD and/or Ceresti App, the information that CERESTI collects and stores about you may include, without limitation, the following: (i) full name, (ii) physical addresses, (iii) telephone numbers, (iv) email addresses, (v) age, (vi) gender, (vii) ethnicity, (viii) marital status, (ix) responses to questionnaires, and (x) languages spoken. Also, CERESTI may collect and store general health information such as (i) medical conditions, (ii) mobility limitations, (iii) vision and hearing, (iv) exercise and nutrition, (v) sleep habits, (vi) current and past addictions, (vii) psychiatric conditions, and (viii) assessment results. In addition, Ceresti’s AOD and Apps enable the Patient’s Primary Caregiver and the Patient’s authorized family members and friends to communicate with each other and the Patient about the Patient (e.g. the Patient’s condition, treatment, and care), as well as to transmit photographs, images and videos of the Patient and of each other. CERESTI may collect and store these communications, photographs, images and videos. Also, CERESTI may collect and store information about your goals for the Patient in connection with Ceresti’s Services.
If you are one of the Patient’s authorized family members and friends who uses the Ceresti Apps, the information that CERESTI collects and stores about you may include, without limitation, the following: (i) full name, (ii) physical addresses, (iii) telephone numbers, (iv) email addresses, (v) age, (vi) gender, (vii) ethnicity, (viii) marital status, and (ix) languages spoken. In addition, Ceresti’s AOD and Apps enable the Patient’s Primary Caregiver and the Patient’s authorized family members and friends to communicate with each other and the Patient about the Patient (e.g. the Patient’s condition, treatment, and care), as well as to transmit photographs, images and videos of the Patient and of each other. CERESTI may collect and store these communications, photographs, images and videos. Also, CERESTI may collect and store information about your goals for the Patient in connection with Ceresti’s Services.
When CERESTI collects, stores, maintains, uses and/or discloses “Protected Health information” (“PHI”) on behalf of a “Covered Entity” health care provider or health plan (both as defined by HIPAA), we do so (i) as a direct or subcontractor “Business Associate” (as also defined by HIPAA) pursuant to a Business Associate Agreement. Our uses and disclosures of PHI are made in accordance with (i) a Master Services Agreement, (ii) a direct or subcontractor Business Associate Agreement, and/or (iii) HIPAA. We cannot use or disclose such PHI in a way that the Covered Entity health care provider or plan may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the PHI we store, maintain, use and/or disclose on behalf of the Covered Entity health care provider or plan and to comply with HIPAA Security Rule requirements. If the above-described agreements permit and/or if not prohibited by applicable law, we may also de-identify such PHI so that it does not identify the individual (in accordance with HIPAA) for certain purposes. In addition, to the extent provided by applicable law, CERESTI may permit other persons or entities to gain access to collections and/or compilations of PHI that have been de-identified in accordance with applicable laws.
CERESTI may collect and store the information you provide, and may send text-based messages directly to the Ceresti AOD and/or your Device. Text-based messages are encrypted and may be handled though a third-party service provider. CERESTI may send push notifications to the Ceresti AOD and/or your Device to provide information. You may be able to manage push notifications from the applicable application or from your Device’s settings.
CERESTI may collect and store information about your Device, including MAC address, IP address and mobile device ID. CERESTI may also collect usage statistics about your interactions with Ceresti’s Website, AOD and/or Apps. This information is typically collected through the use of server log files or web log files (“Log Files”), mobile device software development kits and tracking technologies like browser cookies to collect and analyze certain types of technical information. Cookies are alphanumeric identifiers that we transfer to your Device through your browser to enable our systems to recognize your browser and tell us how and when pages are visited and by how many people. CERESTI uses cookies to enhance users’ experiences by understanding how users engage with and navigate Ceresti’s Websites, AOD, and/or Apps. Some of the cookies CERESTI places on your Devices may be linked to an identification number. Regular cookies may generally be disabled or removed by tools that are available as part of most commercial browsers and in some but not all instances can be blocked in the future by selecting certain settings. Each browser that you use will need to be set separately, and different browsers offer different functionality and options in this regard. Also, these tools may not be effective with regard to certain types of cookies (e.g., Adobe Flash or HTML5 cookies). Please be aware that if you disable or remove cookies on your Device, some parts of Ceresti’s Website, AOD, and/or Apps and/or Ceresti’s Services may not function properly, and when you revisit them your ability to limit cookies is subject to your browser settings and limitations. There may be other tracking technologies now and later devised and used by us in connection with Ceresti’s Websites, AOD, and/or Apps and/or Ceresti’s Services.
CERESTI may collect and store Ceresti’s AOD and/or your Device’s location, your characteristics and certain other Device data. CERESTI may use these tracking technologies for a variety of purposes, including but not limited to, (i) uses deemed to be necessary or useful to assess the performance of, and to improve, Ceresti’s Websites, AOD, and/or Apps and/or Ceresti’s Services, and/or (ii) uses required to offer you enhanced functionality when accessing Ceresti’s Websites, AOD, and/or Apps and/or Ceresti’s Services (including identifying you when you sign in or keeping track of your specified preferences).
You may be able to communicate and share information about you and/or the Patient with: (i) CERESTI, (ii) the Patient’s health care provider and/or plan, (iii) the Patient’s other health care providers, (iv) other applicable Business Associates of the applicable Covered Entity health care provider and/or plan, (v) the Patient’s Primary Caregiver, (vi) the Patient, (vii) the Patient’s authorized family members and friends, and/or (viii) other authorized persons or entities you designate on behalf of the Patient. The Patient, the Patient’s Primary Caregiver, and the Patient’s authorized family members and friends may be able to take and share photographs, images and videos of the Patient and each other using the cameras on their Devices. Also, Ceresti’s AOD and/or Apps may access the calendar and other functions of Ceresti’s AOD and/or your Devices. CERESTI may record and store these communications, photographs, images and/or videos. On behalf of yourself and the Patient, you acknowledge and consent to the access of these Device functions and the recording and storage of these communications, photographs, images and/or videos.
On behalf of yourself and the Patient, you consent to the collection and storage of all of the categories and types of information about you and/or the Patient as described above to the fullest extent not prohibited by any applicable law.
All or some portion of the information about you and the Patient as described above may be stored on (i) the AOD, (ii) your Device that you use to access and use Ceresti’s Websites and/or Apps, (iii) the Patient’s health care provider’s and/or plan’s Devices (and/or those of their Business Associates), (iv) the Devices used by the Patient’s Primary Caregiver, (v) the Devices used by the patient’s authorized family members and friends and/or other authorized persons or entities that you designate on behalf of the Patient, (vi) CERESTI’s Devices, and/or (vii) the Devices owned and/or operated by other persons or entities at the direction and/or on behalf of CERESTI. On behalf of yourself and the Patient, you consent to the storage of the information about you and/or the Patient described above to the fullest extent not prohibited by any applicable law.
CERESTI uses the information collected and stored about you and/or the Patient for the following purposes to the fullest extent not prohibited by applicable law:
On behalf of yourself and the Patient, you consent to how CERESTI uses the information about you and/or the Patient described above to the fullest extent not prohibited by any applicable law.
CERESTI may disclose all or some information, including PHI, about you and/or the Patient as described above as permitted by, required by, and/or in accordance with its Master Services Agreement, an applicable Business Associate Agreement, and/or applicable law, including, without limitation, (a) to the Covered Entity health care provider and/or plan, (b) to the Patient’s other health care providers, (c) to other applicable Business Associates of the applicable Covered Entity health care provider and/or plan, (d) to the Patient’s sponsor or to the Patient’s or sponsor’s third party administrator or insurer, (e) to the Patient’s Primary Caregiver, (f) to the Patient, (g) to the Patient’s authorized family members and friends, (h) to other authorized persons or entities you designate on behalf of the Patient, and/or (i) to third parties who perform services on our behalf, for some or all of the purposes set forth above, including, without limitation, for payment and/or health care operations, to the fullest extent not prohibited by applicable law.
CERESTI may disclose PHI and/or other information about you and/or the Patient after it has been de-identified to third parties to the extent permitted by and/or in accordance with applicable law. CERESTI may permit other persons or entities to gain access to collections and/or compilations of such PHI and/or other information that has been de-identified in accordance with applicable law. CERESTI may also disclose de-identified PHI and/or other information about you and/or the Patient to any person or entity for any of the purposes described above and/or any other purpose not prohibited by any applicable law.
CERESTI may disclose or report information about you and/or the Patient as permitted by, required by, and/or in accordance with applicable law: (i) if we have a good faith belief that we are required to disclose the information in response to legal process (for example, a court order, search warrant or subpoena); (ii) to satisfy applicable laws, (iii) if we believe that Ceresti’s Websites, AOD and/or Apps are being used to commit a crime, including, without limitation, to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction, (iv) if we have a good faith belief that there is an emergency that poses a threat to the health or safety of a person or the general public, and/or (v) in order to protect the rights or property of CERESTI. If CERESTI sells all or a portion of our business, we may transfer all of your and/or the Patient’s information that we collect and store as described above, including PHI, to the successor organization.
On behalf of yourself and the Patient, you consent to the disclosures described above to the fullest extent not prohibited by any applicable law.
CERESTI protects the information it collects and stores about you and the Patient by using industry standard security precautions against loss and unauthorized access, destruction, use, modification or disclosure of that information. CERESTI complies with HIPAA security requirements applicable to CERESTI as a Business Associate (as defined in HIPAA). Information transmitted to and from Ceresti’s AOD or through Ceresti’s Apps is encrypted and secure. Information transmitted via email or SMS (standard text messaging) is not secure. However, even though CERESTI takes appropriate precautions to maintain the confidentiality of your information, it is important to keep in mind that any information that you input or message that you send using CERESTI’s Websites, AOD and/or Apps or by e-mail, SMS or other means may be susceptible to unauthorized third party interception. As a result, you transmit information to CERESTI at your own risk, subject to CERESTI’s obligation to comply with the HIPAA Security Rule.
You may be required to register for an account to access Ceresti’s Websites, AOD and/or Apps. You are responsible for securing the confidentiality of your user name, password and/or other login credentials, as well as for the physical security of Ceresti’s AOD and your Devices upon which you use Ceresti’s Apps. When choosing a password, select a combination of letters and numbers that isn’t able to be guessed or discovered by someone who knows you. It is important that you protect and maintain the security of your account, and that you immediately notify us of any unauthorized use of your account.
To help prevent unauthorized access, maintain data accuracy, and protect against the inappropriate use of the information we collect, store, and transmit, CERESTI has implemented a range of technical, physical and administrative safeguards. Under our Business Associate Agreement and applicable laws, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of personal health information (PHI) we use, maintain, store and/or disclose as part of the services we provide.
While CERESTI makes appropriate efforts to protect the information about you and the Patient that CERESTI collects and stores, we cannot guaranty, ensure or warrant the security and confidentiality of any information that you transmit to us or receive from us via Ceresti’s Websites, AOD, and/or Apps, or when using any of Ceresti’s Services, by Internet or wireless connection, including email, text messaging and/or other forms of communication, or the appropriateness or success of the measures we use to safeguard such information. Unauthorized entry, access, or use, loss, hardware or software failure, and/or other factors, may compromise the security of your information at any time. This is especially true for any information that you transmit to us via email or standard text messaging (as opposed to CERESTI secure messaging) since we have no way of even attempting to protect that information until it reaches us. Email and text message and the communication lines they travel over do not have the security features that are built into Ceresti’s Websites, AOD, and/or Apps and may not be secure. In addition, by downloading Ceresti’s Apps from a digital distribution platform such as the Apple App Store or Google Play (“Mobile App Provider”), the Mobile App Provider and its agents may be able to identify you as a user. Unauthorized access, hacking, data loss, and/or other data breaches or other type of misuse may always occur. Any transmission of information about you and/or the Patient to CERESTI and/or in using Ceresti’s Websites, AOD and/or Apps is at your and the Patient’s own risk, and on behalf of yourself and the Patient, you acknowledge and agree that CERESTI will not be liable for any harm, injury or damages to you, the Patient and/or anyone else for any unauthorized access, hacking, data loss, and/or other data breaches or other type of misuse that results in an unauthorized disclosure of any information about you and/or the Patient and/or anyone else and/or any other type of harm, injury or damages to the fullest extent not prohibited by applicable law.
If you have reason to believe that your data or your interactions with us are no longer secure, you may contact CERESTI at the email address, mailing address or telephone number listed at the end of this Privacy Policy. In addition, if you have privacy or data security related questions, please feel free to contact us.
CERESTI will attempt to comply with Web browser “do not track” signals or other mechanisms that may provide you with the ability to exercise choice regarding the collection of personally identifiable information about your online activities over time and across third-party Websites or online services to the extent that CERESTI engages in that collection. Presently, however, CERESTI does not intentionally collect personally identifiable information about your online activities over time and across third-party websites or online services. CERESTI utilizes Google Analytics applicable to Ceresti’s Website to collect what CERESTI believes to be de-identified information about use of Ceresti’s Website. However, CERESTI is unable to control how Google Analytics responds to “do not track” signals or other such mechanisms.
The process for you to review and request changes or revisions to any of the personally identifiable information about you and/or the Patient that CERESTI collects is to send your request for review and/or changes in writing via email to CERESTI at privacy@ceresti.com. Please note that as a direct or subcontractor Business Associate of a Covered Entity under HIPAA, any request to change or revise PHI may have to be referred to the Covered Entity, and CERESTI has no control over changes or revisions to PHI that require the Covered Entity’s consent. CERESTI may continue to store the information as it existed prior to any changes or revisions. In addition, if you wish to have all or any portion of the information about you and/or the Patient deleted and/or to delete the CERESTI account of you and/or the Patient, you may send your request in writing to privacy@ceresti.com. Please be advised that certain information about you and/or the Patient may remain in CERESTI’s records after deletion of your and/or the Patient’s account, including, without limitation, any information that we are legally required to retain. CERESTI will endeavor to process requests described above within a reasonable time, and may need to communicate with you further about the request before completion. On behalf of yourself and the Patient, you acknowledge and agree to accept CERESTI’s response to any above-described requests in CERESTI’s sole discretion.
You may choose to not provide information about you and/or the Patient to CERESTI. However, if you decide not to provide all or part of the information requested by CERESTI, you and/or the Patient may be unable to use and receive all or a portion of the benefits and services of Ceresti’s Websites, AOD, and/or Apps and/or Ceresti’s Services.
Ceresti’s Websites, AOD, and/or Apps and Ceresti’s Services are not intended for use by children under the age of 18, and we do not knowingly collect any personal information from such children, unless a parent or guardian provides such information on behalf of their child. Children under the age of 18 should not use Ceresti’s Websites, AOD and/or Apps at any time, and only a parent or legal guardian should use Ceresti’s Websites, AOD and/or Apps on their behalf. If we learn that we have collected personal information, personally identifiable information and/or health care information from a child under the age of 18 without having received it from such child’s parent or legal guardian, we will delete such information.
CERESTI is not responsible for the privacy practices, security, or the content of any websites, online services or mobile apps that are linked to Ceresti’s Websites, AOD and/or Apps or otherwise. If you have any questions about how these other websites, online services, or mobile apps use your information, you should review their policies and contact them directly. We are not responsible for the actions of third-party advertisers, service providers and/or any other third parties. Accordingly, on behalf of yourself and the Patient, you acknowledge and agree that CERESTI has no responsibility or liability for the acts, omissions, privacy policy, terms of use and/or other practices or policies of any third-party websites, online services and/or mobile apps. When you access them, you do so at your own risk, and you understand and agree that you are solely responsible for reading and understanding any terms of use and/or privacy policies that apply to them.
CERESTI may make modifications or changes to this Privacy Policy from time to time. You should check the Date of Last Revision at the top of this Privacy Policy prior to using Ceresti’s Websites, AOD and/or Apps to see if there has been a revision after the last time you used Ceresti’s Websites, AOD and/or Apps. By continuing to use Ceresti’s Websites, AOD and/or Apps after the Date of Last Revision, you agree on behalf of yourself and the Patient to all of the terms of the revised Privacy Policy with all such modifications and/or changes.
CERESTI does not knowingly disclose to third parties any personal information about you as defined in Cal. Civ. Code Section 1798.83 for their use for direct marketing purposes. Here is the URL to Cal. Civ. Code Section 1798.83, which sets forth your California privacy rights applicable to disclosures to third parties for direct marketing purposes: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.83.&lawCode=CIV.
If you have any reason to believe that CERESTI may have made such a disclosure, you may contact CERESTI and request the information required by Section 1798.83 by mail, email or phone as follows:
Privacy Officer
Ceresti Health, Inc.
2888 Loker Avenue East, Suite 110
Carlsbad, CA 92010
Phone: 760-453-0999
Email: privacy@ceresti.com
Certain uses or disclosures of information about you and/or the Patient may require your specific written authorization, which you agree on behalf of yourself and the Patient may be effectuated by use of your electronic signature (including your electronic expression of your agreement on Ceresti’s Websites, AOD and/or Apps) to the fullest extent permitted by applicable law. If you change your mind after authorizing such a use or disclosure, you may submit a written revocation of the authorization. However, your decision to revoke the authorization will not affect or undo any use or disclosure of information that occurred before you notified CERESTI of your decision to revoke your authorization. In addition, on behalf of yourself and the Patient, you acknowledge and agree that all communications between CERESTI and you and/or the Patient may be by electronic communications to the fullest extent permitted by applicable law.
If you would like to submit a comment, correction, or complaint that your privacy rights have been violated, you may do so by sending a letter outlining your concerns by email to: privacy@ceresti.com and/or by regular mail to:
Privacy Officer
Ceresti Health, Inc.
2888 Loker Avenue East, Suite 110
Carlsbad, CA 92010
Phone: 760-453-0999
You will not be penalized or otherwise retaliated against for filing a complaint. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections. Should you have questions or concerns about this Privacy Policy, please call us at 760-453-0999, or send us an email at privacy@ceresti.com.
If you are the Primary Caregiver, the Patient’s legal representative or other authorized person, by accessing, visiting and/or using Ceresti’s Websites, AOD and/or Apps, and/or by accepting all or any portion of Ceresti’s Services, you represent and warrant that you have the legal authority from either the Patient or the Patient’s legal representative to agree to this Privacy Policy on behalf of the Patient, and that you have read, understood, agreed to, and accepted all of the terms and conditions set forth above in this Privacy Policy on behalf of yourself and the Patient. If you are an authorized family member or friend of the Patient using Ceresti’s Apps, by accessing, visiting and/or using Ceresti’s Websites, AOD and/or Apps, and/or by accepting all or any portion of Ceresti’s Services, you represent and warrant that you have read, understood, agreed to, and accepted all of the terms and conditions set forth above in this Privacy Policy. With respect to all other users, by accessing, visiting and/or using Ceresti’s Websites, AOD and/or Apps, and/or by accepting all or any portion of Ceresti’s Services, you represent and warrant that you have read, understood, agreed to, and accepted all of the terms and conditions set forth above in this Privacy Policy.
