Your Privacy Rights
Effective Date: 2/1/2020
Previous version: 4/1/2019
Regardless of where our servers are located, your personal data may be processed by us in the United States, where data protection and privacy regulations may or may not be to the same level of protection as in other parts of the world. BY VISITING THE SITE AND USING THE SERVICE, YOU UNEQUIVOCALLY AND UNAMBIGUOUSLY CONSENT TO THE COLLECTION AND PROCESSING IN THE UNITED STATES OF ANY INFORMATION COLLECTED OR OBTAINED BY US THROUGH VOLUNTARY SUBMISSIONS, AND THAT U.S. LAW GOVERNS ANY SUCH COLLECTION AND PROCESSING.
We collect two types of information about persons who use the Service: voluntarily provided personal information and non-personal information.
Personal Information Collected
We collect certain personal information that can identify you, which may be supplied when you sign-up for the Service, when you create or update an account, when you use the Service, when you request services or otherwise when you submit such information. The personal information that may be collected includes:
- Phone number;
- Health/medical information;
- First party cookies;
- Third party cookies;
- Location information; and
- Device identifiers
We also collect personal information that can identify your Journal Designee, which may be supplied when you sign-up for the Service, or when you create or update an account. The personal information that may be collected includes:
- Name; and
The personal information that can identify you and the personal information that can identify your Journal Designee are referred to as the “Personal Information”. You may choose not to provide Personal Information, but then you might not be able to take advantage of some of the features of our Service.
The Service may record photos if you permit such access in order to use certain features of the Service, such as adding a photo to the digital diary. The Service may also request permission and access to your photo gallery, camera roll or other device storage area holding your images, in order for you to upload and transmit them through the Service.
The Service may access the internet or use your mobile data plan in order to use certain features of the Service, such as uploading to the digital diary.
Although it may appear that the Service collects credit card information, it is collected and processed through a third-party provider. We do not hold your credit card information.
We also collect non-personally identifiable, public or anonymous information about you (“Non-Personal Information”), including but not limited to keystrokes while using the Service, enrollment history, purchase history, the type of device you used and its operating system, the pages accessed most frequently, how pages are used, referring/linking pages, location information, and similar non-personal data.
Non-Personal Information Automatically tracking Internet Protocol (IP) addresses is one method of automatically collecting information about your activities online and information volunteered by you. An IP address is a number that is automatically assigned to your device whenever you surf the internet. Further, the Service may utilize web beacons, pixel tags, cookies, embedded links, and other commonly used information-gathering tools.
Although it may be possible to turn off the collection of cookies through your device, that may interfere with your use of the Service.
Use of Information
Internal Use of Collected Information
We collect information in order to provide the Service to you. We may also use this information to help us develop and improve our Service and other offerings, fulfill your requests, track usage trends, conduct experiments and perform research and analytics, send you or your device push notifications related to the Service from time-to-time, communicate with you regarding administrative matters, tailor our Service and offerings to meet your interests and those of others, and for other purposes permitted by law.
We may use anonymous, aggregate information, of which your information may be a part, without restriction.
Information will be retained for use and processing no longer than is necessary for the realization of the purpose for which it was collected, except as necessary for EBinRA’s internal purposes and compliance with legal obligations.
Sharing Collected Information with Third Parties, Consultants, and Affiliates
As part of the Service, we may share your information, which shall consist of all uploads via the digital diary function of the Service and which may include Personal Information, with an individual that you specify (“Records Recipient”) upon your request made in accordance with the instructions on the Service.
In addition, as part of the Service we may share your information, which shall consist of uploads selected by you that you have uploaded via the digital diary function of the Service (in read-only format) which may include Personal Information, with third parties that you select in accordance with the instructions on the Service.
We may share information with our business associates, consultants, service providers, advisors and affiliates in order for them to provide services to us that enable us to provide the Service. For example, our host and internet service provider may have access to this information.
Further, we may disclose collected information to the extent we believe it necessary to comply with the law, such as in response to a subpoena or court order, to defend a legal claim or otherwise as permitted by applicable law. We may disclose any information in our possession in the event that we believe it necessary or appropriate to prevent criminal or illegal activity, personal injury, property damage or bodily harm.
Additionally, we may transfer your information, including any and all Personal Information that we have collected, to a successor in interest, which may include but may not be limited to a third-party in the event of an acquisition, sale, asset sale, merger or bankruptcy.
We employ procedural and technical safeguards to secure your personal information against loss, theft, alteration, and unauthorized access, use and disclosure. We also employ security procedures to protect your information from unauthorized access by users inside and outside the company.
Regardless of the precautions we take, no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under our control to intercept or access transmissions or private communications unlawfully. While we strive to protect personal information, we cannot ensure or warrant the security of any information you transmit to us.
Access and Control
Uploads to the digital diary are neither retrievable nor changeable by you on the Service. User profile information will be editable through the Service. Some other information collected about you may be retrievable and changeable through your username login. To do so, follow the instructions on the Service.
Do Not Track
At this time, the Service does not specifically respond to do-not-track signals.
Children and Privacy
We do not knowingly permit users to register for our Service if they are under 13 years old, and therefore do not request Personal Information from anyone under the age of 13. If we become aware that a customer is under the age of 13 and has registered without prior verifiable parental consent, we will remove his or her personally identifiable registration information from our files. If you are the parent or guardian of a person under the age of 13 who has provided Personal Information to us without your approval, please inform us by contacting us at the e-mail address below and we will remove such information from our database.
California Privacy Rights under the California Consumer Privacy Act
The California Consumer Privacy Act of 2018 (“CCPA”) applies to EBinRA’s practices with respect to personal information of California residents. According to the CCPA, California residents (“consumers”) have certain rights regarding their personal information.
Description of Consumers’ Rights under the CCPA
California consumers have the right to request that we disclose to them the personal information that we have collected about them in the previous twelve (12) months including, but not limited to, the categories and specific pieces of information collected by us, the source(s) of such information by category, and the purpose for collecting such information. This right may not be exercised more than twice in a twelve (12) month period. In the previous twelve (12) months, we have collected the following categories of personal information about consumers:
- Identifiers: Identifiers includes your name, mailing address, phone number and similar information. We collect Identifiers from consumers themselves and by automatic means. We collect Identifiers in order to provide you the Service, to improve your experience on the Service, and to provide customer service to, and communicate with, you.
- Internet Activity Information: Internet Activity Information includes browsing history, cookies, and a consumer’s interaction with the Service. We collect Internet Activity Information from consumers by automatic means. We collect Internet Activity Information in order to improve your experience on the Service, and to provide customer service to, and communicate with, you.
- Commercial Information: Commercial Information includes records of services purchased, or other purchase or consuming histories or tendencies. We collect Commercial Information from consumers by automatic means. We collect Commercial Information in order to improve your experience on the Service, and to provide customer service to you.
- Geolocation Data: Geolocation Data includes location data and IP address. We collect Geolocation Data from consumers by automatic means. We collect Geolocation Data in order to improve your experience on the Service, and to provide customer service to you.
- Customer Service Data: Customer Service Data includes customer service request and resolution history. We collect Customer Service Data from consumers themselves and by automatic means. We collect Customer Service Data in order to provide you the Service, to improve your experience on the Service, and to provide customer service to, and communicate with, you.
- Diary Information: Diary Information is any content, information, or data that you upload to the Service via the digital diary functionality. It may include any type of personal information that you choose to upload, in any number of categories. We collect Diary Information from consumers when they upload it to the Service via the digital diary functionality. We collect Diary Information solely in order to provide the Service to you.
California consumers also have the right to request that we disclose to them the personal information that we have disclosed for a business purpose or sold in the previous twelve (12) months. For personal information being sold, this includes the categories of information being sold and the categories of third parties to whom it is being sold. With respect to personal information being disclosed for a business purpose, the categories of information being disclosed will be provided to the consumer. This right may not be exercised more than twice in a twelve (12) month period. In the past twelve (12) months, we have disclosed the following categories of personal information about consumers:
- Diary Information: We have disclosed Diary Information to third-parties solely for the purpose of carrying out any consumer requests to use to disclose such Diary Information (in read-only format), with specific third parties that you select in accordance with the instructions on the Service.
California consumers also have the right to request the deletion of personal information. Consumers have the right to request that we delete, and that we direct any service providers to delete, such consumer’s personal information. We may satisfy this request by either deleting or by irretrievably de-identifying such consumer’s personal information. However, we may not be required to comply such request under several circumstances including, but not limited to, when the data is necessary for the underlying transaction, to comply with applicable law, to detect security incidents, to debug glitches, and for our internal purposes.
In the event that a consumer exercises any of its rights under the CCPA, such consumer will not be discriminated by us in any way, whether it is through the denial of goods or services, providing a different level of goods or services, or charging (or suggesting that we will charge) different prices or rates for the goods or services. We may, however, charge such a consumer a different rate or different level of good/service if such difference is reasonably related to the value received from receipt of personal information. This difference in price or quality would not be considered a discriminatory practice under the CCPA. We may also offer consumers incentives in exchange for the collection, sale, or deletion of their personal information. If a consumer later requests to opt-out of the sale or deletion of personal information for which he or she receive a financial incentive, it will not discrimination if we discontinue that incentive.
Exercising Consumers’ Rights under the CCPA
We offer our Service exclusively online. Because of this, you may submit your requests to exercise your rights under the CCPA to us via Privacy@EBinRA.com, please include “Request for Privacy Information” in the subject line. You can also submit requests by following the instructions on the Service.
We will acknowledge receipt of your request within ten (10) days of receiving it, and will do our very best to respond within forty five (45) days of receipt of your request. However, if circumstances exist that make it impossible or impractical to respond to your request within forty five (45) days, we may extend our response time by an additional forty five (45) days (a total of 90 days from our receipt of your request). If this is the case, we shall notify you as soon as we become aware of the possible delay and provide an explanation of why additional time is needed to respond.
Before we respond to any CCPA based requests relating to your personal information, we will take steps to reasonably verify the identity of the person making the request to make sure it’s you, or someone you have authorized to act on your behalf. We do this to this avoid disclosing your information to third parties and bad actors, not to inconvenience consumers in anyway. To do this, we will ask the person making the request to confirm at least two pieces of information that we have in our files. As the sensitivity of the information being requested increases, we will ask the requestor to confirm more pieces of information. If an agent is acting on behalf of the consumer, we will need to also verify the agent’s identity and their authority to act on the consumer’s behalf. For requests to delete information, after verification, we will confirm the consumer’s desire to delete one final time before actually deleting the information. If the identity of the requestor cannot be reasonably verified, either as the consumer or their agent, then in order to protect that consumer, EBinRA shall not disclose the personal information requested.
Health Insurance Portability and Accountability Act