WEconnect Privacy Policy

November 2018

 

Notice of Privacy Practices

This notice describes how Pala-linq Social Purpose Corporation, doing business as WEconnect, will collect and store information about you, and how that information is shared.

 

TL;DR

In summary, we collect sensitive personal information in order to support the core function of the application, which is to reduce relapse by making recovery routines accessible and increasing individual accountability. We do this by verifying your location at scheduled times and allowing approved individuals to review your adherence to your routines. We ask for permission before collecting this information, and we ask for permission before we share it. We do not use this information to create individual commercial profiles. We do not share information with unauthorized third parties. We recognize that the nature of this sensitive data requires that we protect and secure this information at every step to ensure that your privacy is respected.

The information we collect is not intended to be used for punitive purposes.

WEconnect can verify compliance with a treatment routine. WEconnect does NOT verify non-compliance.

 

Your Rights:

 

Laws in place to protect your privacy accord you certain rights. You have the right to request a copy of your personal data, the right to request deletion of your personal data, and the right to limit sharing and disclosure of your personal data or revoke your consent to share data at any time. You can do any of these things by emailing support@weconnectrecovery.com or privacy@weconnectrecovery.com.

 

Our Responsibilities:

 

WEconnect is subject to the investigatory and enforcement powers of the Federal Trade Commision (FTC), the Office of Civil Rights (OCR) and the Department of Health and Human Services.

Under certain conditions, individuals may invoke binding arbitration.

 

WEconnect may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements (for more information, see our “Disclosures to Law Enforcement” policy).

 

WEconnect accepts accountability for onward transfer of data, and does not share personal data with unauthorized third parties without notice and consent.

 

Statement of HIPAA Compliance:

As a Business Associate (BA) of HIPAA compliant Covered Entities, we are aware of our obligation to implement effective security and privacy policies that comply with these regulatory standards. To review the measures we have taken to ensure compliance, please see our Compliance and Security Overview.

 

Statement of 42 CFR Part 2 Compliance:

WEconnect is prepared to work with any entity requiring compliance with 42 CFR part 2. Our operating processes and security parameters are designed to protect individual data to the highest reasonable standard.

 

WEconnect requires explicit authorization and consent to share data within an individual’s support network. Support persons are added to this network by the client themselves. We do not share data on behalf of any client without explicit authorization to do so.

 

All data are input and reported by the account holder, with the exception of GPS location, which is collected by the mobile device independently of WEconnect, and is verified and reported by consent only. Auto check-in features can be disabled by the account holder.

 

Our application icon is discrete, and does not indicate by design, branding, or other external feature an affiliation with substance abuse treatment, addiction, or recovery.

 

Our HIPAA compliance training includes a review of 42 CFR 2, and all employees are educated on the importance and necessity of respect for persons and privacy.

 

Our application requires an individual login to view scheduled appointments, contacts, or any other data that might be considered sensitive, or identifying the individual as a current or former individual in long term recovery.

 

We don’t disclose information about our clients without their consent. They choose what is shared and with whom. In the event that a treatment center requests access to the data dashboard, we require a consent from our client that describes the data shared and the applications before the data dashboard can be viewed by the treatment center.

 

All disclosures to law enforcement are determined by the requirements set forth in 45 CFR 2, and our policy regarding these disclosures is available for review.

 

Statement of GDPR compliance:

 

Beginning on May 25th, 2018, The European Union will require much stricter protections for individually identifiable data. These new laws are intended to provide individuals with greater transparency, access and control over how their data are collected and used.

WEconnect believes that the data you share belong to you, and that you should be able to control what information we share about you. Consequentially, WEconnect has adopted the requirements of the General Data Protection Regulation (GDPR), since we believe that all individuals have to right to control their own narratives. This belief is reflected in our consent, collection and storage practices. Our policies have been updated to affirm this commitment.

 

This privacy policy reviews what specific information we collect, from whom these data are collected, the purpose of collection and the use to which the information will be put, including how these data are shared and how you can request that data be corrected or destroyed. For a more specific overview of how our processes comply with GDPR regulations, please review our GDPR Compliance Overview.

 

WEconnect is located in the United States, and uses cloud based storage. When you submit your personal information to our app, this information may be transferred to the United States in order for us to provide you with our services.

 

 

Introduction to Privacy at WEconnect

We at WEconnect know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.

 

The WEconnect website and all other products and services, including mobile applications, owned, controlled or offered by WEconnect, and all content offered as part of those products, services, and applications, are collectively referred to herein as the “services.” Subscribers, account holders, customers, and others who download, access, use, and/or subscribe to the Services (“you”) agree to the following privacy policy (the “Privacy Policy”).

 

By using or accessing our Services in any manner, you are acknowledging that you accept and are opting in to the practices and policies outlined in the Privacy Policy and Terms. By accessing the Services, you represent that you are over 13 years of age, and you hereby are giving full consent that WEconnect will collect, use, and share your information as described below.

 

As noted in the Terms of Service, WEconnect does not knowingly collect or solicit Personal Information from anyone under the age of 13 in the United States, or under the age of 16 in the European Union without parental consent. If you do not meet the age requirements, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under the legal age of consent, we will delete that information as quickly as possible. If you believe that a child under the legal age of consent may have provided us with Personal Information, please contact us at legal@weconnectrecovery.com.

 

WEconnect RECOVERY PRIVACY POLICY

 

Privacy Policy Overview

WEconnect gathers information from customers for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a subscriber, to create an account and profile, to contact you, to help you fulfill rehabilitation requirements, to provide and improve the Services, and to learn more about how you use the Services. We may share some de-identified Information with third parties, who might help us learn how to provide better support to you. WEconnect will not access your camera, your contacts, your location, your files, or any other device content without your permission. WEconnect will never contact others or post to social networks on your behalf without your permission. The following sections explain what information we collect and how we use it.

 

THE INFORMATION WE COLLECT

 

The Information WEconnect Collects

WEconnect collects both Personal Information and Anonymous information through the standard operation of the Services. This information is used to identify you as a WEconnect subscriber, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services. These types of information are defined in the subparts below and used as described in the corresponding sections.

 

You may request access to all your personally identifiable information that we collect online and maintain in our database, by emailing us at privacy@weconnectrecovery.com.

 

Some information is collected automatically when you access our Services. Some information we will ask you for, and some information you may provide voluntarily. We will not ask you for information for which there is no relevant purpose, and we will not share your information with unauthorized third parties. The following section will explain what types of information we collect, and why we collect it.

 

  • Information you give us.
    • In order to use our services, you must sign up for an account. We will ask you for some personal information when you are activating this account, such as your name, your phone number, and your email address. We will also ask you for personal information such as your sobriety date. We use this information to help tailor our service to you in the following ways:
      • To verify your identity
      • To reach out to you in the event of a security incident
      • To assist in creating your account and populating the fields
      • To add events to your calendar
      • To connect to your treatment network
      • To verify your location during scheduled check-ins
      • To redeem your rewards

 

If you are signing up through a treatment center, we will ask you for information about your center to confirm your dashboard account. Some of the information that we collect is considered PHI, if you provide us with dates and times of appointments, the names of your providers, or any other information provided in the context of your recovery. We understand that this information is sensitive. We protect it using the same standards as your health care providers to ensure your security.

 

We will ask for your permission before collecting or sharing this information, and we do not share this information with anyone outside of your approved support network. To add contacts within the Services, we ask for some contact information, such as an email or phone number. We do not share your contacts with anyone. We do not save this information.

 

  • Information we get from your use of our services
    • We collect information about the services that you use and how you use them. do not share this information with any unauthorized third party.
    • We also may use cookies when you visit our website on your computer or mobile device. Cookies may uniquely identify your browser or device, and give us insight into how you use our services. We use this information to improve the way we design our services. This information is not used to create commercial or advertising profiles for third parties. Individually identifiable information will never be shared without permission.
    • We also collect information that verifies your adherence to your treatment plan, such as your location (discussed below) and your connection routines. When you schedule a call or text with a connection through the app, WEconnect will simply verify that the interaction took place. WEconnect will not record, transmit, copy, review, retain or access any content (text messages, voice recordings, etc.) of these transactions. We respect your confidentiality and your right to privacy.

 

  • Location information and GPS tracking
    • The WEconnect app can use location data to allow you to check-in to your activities and support routines. The WEconnect app will ask you to opt in to this service when you sign up. When you check-in to an activity, we verify your location using the location services on your device, and the length of your stay. This helps you to stay accountable, and may be required for your support program. WEconnect will not collect or retain any location data not relevant to your routines or activities.
    • This function can be turned on or off in the settings menu of the application. Please be aware that disabling the location services may impede the function of the application, and may prevent you from complying with certain terms of your treatment program. You can learn more about how verification works in our Location Services FAQ.

 

  • Information we get from your care providers or treatment centers

 

The Information WEconnect Shares

 

  • Aggregate Data: Aggregate data are data that are no longer personally identifiable. WEconnect may share these aggregate statistics with our associates to determine the ways in which our services are used, and how we can improve. We store aggregate and anonymized data indefinitely.
  • Personally Identifying information: WEconnect will share your personal information ONLY with those entities you have authorized to view it. WEconnect stores this information as long as your profile is active. All personal data can be deleted upon request by contacting privacy@weconnectrecovery.com.

 

Coordinating with your Treatment Center:

When you activate your account with us through your treatment center, you are provided with a treatment center code, which connects you to your treatment center and allows your recovery support professionals to keep current with your progress and your adherence to your routine. This will not happen without your consent. If you are using WEconnect as part of your recovery routine, you will be asked to sign a separate authorization explicitly allowing this connection. If you are not using WEconnect in connection with a specific treatment center, your progress will not be shared with any third party without your knowledge or consent.

 

Our Third Party Associates

WEconnect will work with other entities only under conditions permitted by laws such as HIPAA and the GDPR. All entities with whom sensitive data are shared are required by law to abide by the conditions of collection, storage and dissemination set forth in those laws, and this requirement is ratified by contracts known as Business Associate Agreements or Data Processing Addendums.

This means that only authorized entities such as your treatment center or medical record storage company will ever access your personal information, and that we make sure all the companies we work with, such as our email provider and development tools, agree to protect these data to the same standards as required by law.

 

Rewards Program

Tango’s privacy policy can be viewed here.

 

The Information WEconnect Retains:

Once you have ended your WEconnect App subscription, your identifying information will be removed from our database of active subscribers. Data that have been collected about you that have been anonymized cannot be removed from aggregate banks, but THESE DATA CANNOT BE USED TO IDENTIFY YOU. De-identified data such as usage history, location data, and other information stored in your account may continue to be used internally for quality improvement research to enhance efficacy, accuracy, development of features and customer experience. Data that are requisitely retained will be retained securely only for the duration of the retention requirement .

 

The Right to be Forgotten:

WEconnect recognizes that individuals have the right to ask that their personal information be excised from our records, and we respect that right. You can ask to have all PII deleted by emailing us at privacy@weconnectrecovery.com.

 

Please be aware that WEconnect must retain some data (such as a record of consent) to meet regulatory obligations under and beyond the GDPR, and that when these separate regulatory and compliance obligations carry different lifetimes on collected and stored data, WEconnect is required to observe the longest lifetime of the conflicting regulations.

 

Text Messaging and WEconnect:

The WEconnect service allows you to send text messages to your contacts by using your phone’s text messaging application. Text messages are not stored by WEconnect. Text messages you send or receive through the WEconnect services are stored within your phone’s text message application and are not subject to the same protections as data stored within the app. Standard text messaging rates will apply.

 

Your Account Security

We make every effort to ensure that your data are retained confidentially and securely. We require an account to access our services. Each username is connected to a unique password which allows you to log in to your account. DO NOT SHARE YOUR PASSWORD AND USERNAME WITH ANYONE. You should never allow anyone to access our Services under your username, or share your account with another individual. You are responsible for the uses of the Service associated with your username. We reserve the right to revoke or deactivate your username and password at any time. If you have security concerns, questions, or need to reset your password, contact us at privacy@weconnectrecovery.com.

 

WEconnect places a premium on protecting your information, but you should remain aware that any information you share online may be accessed by others. WEconnect is not responsible for the actions of those who obtain your content in this manner. WEconnect cannot guarantee your safety and security and you should be aware that submitting any information and using the Services is done at your own risk. DO NOT INCLUDE INFORMATION IN YOUR PUBLIC PROFILE THAT YOU WOULD PREFER TO KEEP PRIVATE. WEconnect is not responsible for the voluntary disclosure of personal information or personally identifying information on any public forum.

Information stored or transferred electronically is never completely secure, so while we at WEconnect do our best to protect you and your privacy, please be aware that absolute security cannot be guaranteed by WEconnect.

 

WEconnect Subscription

All payments for subscriptions and accounts are processed by Stripe, Inc., which ensures safe transactions using Secure Sockets Layer (SSL). Stripe, Inc. provides WEconnectwith the details of each purchase. These details include name and email address (this information is retained by WEconnect for future contact and support), but do not include specifics such as credit card or routing numbers.

 

Downloads of the WEconnect application are processed by Google Inc., Apple Inc. and TestFlight. WEconnect’s privacy policies and practices are not extensible to these entities. Please refer to Google’s privacy policy for questions about downloading Android Apps, and Apple’s Privacy Policy for questions about iTunes and TestFlight. These entities do not share any personal data with WEconnect.

 

Safety, Security, and Compliance with Law.

We may disclose any information, including personal information, we deem necessary to comply with any applicable law, regulation, legal process or governmental request, to enforce our rights, or to protect the safety and security of our Applications or other subscribers. For more information, please see our Disclosure to Law Enforcement Policy.

 

Jurisdiction

This agreement will be governed solely by the internal laws of the State of Washington, without reference to any principles of conflicts of law. The parties consent to the personal and exclusive jurisdiction of the federal and state courts in King County, Washington.

 

Complaints

If you believe that our policies or practices have been inconsistent with the Privacy law, you may submit complaints to the HHS or to privacy@weconnectrecovery.com.

 

Severability

This agreement will be enforced to the fullest extent permitted by applicable law. If for any reason any provision of this agreement is held to be invalid or unenforceable to any extent, then (a) the provision will be interpreted, construed, or reformed to the extent reasonably required to render the provision valid, enforceable, and consistent with the original intent underlying such provision; (b) the provision will remain in effect to the extent that it is not invalid or unenforceable; and (c) the invalidity or unenforceability of the provision will not affect any other portion of this agreement.

 

Notification of Changes

WEconnect reserves the right to change and update this Privacy Policy. We will notify you of material changes to this privacy policy, and significant changes may require you to re accept this policy in order to continue to use the services. We will summarize the changes to our policies in these communications.