Pacifica

PRIVACY POLICY

Pacifica Labs, Inc. (“our,” “we” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, store, use and distribute information through our software, website, documentation, and related services (together, the “Services”).

If you are visiting us from the European Union or European Economic Area, please be sure to read to section entitled “Additional Information for European Union Users” for information on how we comply with privacy laws applicable to you.

1. Consent.

By using the Services, you consent to the use of your Personal Information as described in this Privacy Policy. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. We do not collect Personal Information for the purpose of sale of such information in a way that identifies the individual (i.e. we don’t sell customer lists). You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using some or all of the Services.

2. Collection of Information.

Personal Information
When registering to use the Services or if you express an interest in obtaining additional information about the Services, we may require or ask you to provide certain personally identifiable information (these are referred to below as your “Personal Contact Information”), The Personal Contact Information that we require you to provide may include, but is not limited to, the following:

  • E-mail
  • Full name or alias (can be fictitious)
  • Company name

Our Services are designed to provide tools for you to use to reduce stress, anxiety, and depression. In order to improve the value of the Services for you, we may give you the option of providing certain information about your mood and goals for using the Services when you register and as you use the Services. We may also give you the option to let us know whether you are working with a mental health professional. We refer to this information, together with any other information we request about your goals, mood, health habits, thoughts, and any responses to behavioral health assessments as Wellness Information.

Providing us with Wellness Information is always optional. You can refuse to provide any or all of such information to us. But providing us Wellness Information can help us tailor our Services to you and make them more effective.

When purchasing the Services, we will require you to provide financial and billing information, such as billing name and address, and credit card number (“Billing Information”).

Your Personal Contact Information, your Wellness Information, and your Billing Information are collectively referred to as your “Personal Information.”

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. We do not use your Wellness Information for this purpose. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

Data, Diagnostic & Login Information
You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Some of this Data may be stored and maintained on our servers. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).

Apple’s Health App and the Apple HealthKit API
Certain features of the Services may actively record information about yourself as you use the Services. This tracking is accomplished through integration with Apple’s HealthKit API and the Apple Health App. Such information is referred to as “Apple Health Data.”

Analytics Information
As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include standard information regarding your mobile device, browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. Collectively, this information is referred to as “Analytics Information.”

Geo-Location
We only collect your real-time geo-location in order to provide location-based search results in our Therapist Directory. We do not log this location or use your geo-location in any other way while using the Services. However, we may do so at some point in the future. We will request your permission before collecting such information.

3. Use of Information.

We use the information we collect in the following ways:

Personal Contact Information
We use this information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or provide feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services. We may also use Personal Contact Information for limited marketing purposes, namely, to contact you to further discuss your interest in the Services, and to send you information about us or our partners. Any use of your Personal Contact Information for these limited marketing purposes will comply with applicable federal and state laws, and, if applicable, any HIPAA Business Associate Agreement in place between Pacifica and your medical professional and/or health care provider (“Medical Professional”) who connects with you through the Services (see Section 8 of this Privacy Policy for more information regarding HIPAA).

Wellness Information
We use this information solely for the purpose of providing you with health-related feedback and self-care suggestions. This information is not used for advertising or other use-based data mining purposes. Your Wellness Information is not accessible by other users of the Services and we will not share such information with third parties without your consent, except as provided in the sections below.

Billing Information
We use credit card information to manage your account, to provide the Services, and to check the financial qualifications of prospective customers and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on our behalf.

Data, Diagnostic Information and Login Information
We use this information for the purpose of administering and improving our Services to you. We may also use this information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and for other legitimate business purposes.

Apple Health Data
We use this information solely for the purpose of providing you with health-related feedback and self-care suggestions. This information is not used for advertising or other use-based data mining purposes. Your Apple Health Data is not accessible by other users of the Services and we will not share such information with third parties without your consent, except as provided in the sections below.

Analytics Information
We use this information to provide you with the Services. We may also use your Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.

If we plan to use your Personal Information in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled “Amendment of this Privacy Policy”.

4. Disclosures & Transfers.

We have put in place contractual and other organizational safeguards with our agents and contractors (see further below) to ensure a proper level of protection of your Personal Information (see further “Security” below). In addition to those measures, we will not disclose or transfer your Personal Information to third parties without your permission, except as specified in this Privacy Policy (see further “Important Exceptions” below).

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

From time to time we may employ third parties as contractors to help us provide and/or improve the Services. These third parties may have limited access to Personal Information solely for the purpose of helping us to provide and/or improve the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is necessary to assist us. Wherever possible, these third parties will not be provided with access to your Apple Health Data.

We may disclose your Personal Information to your Medical Professional who you connect with through the Services.

We may also disclose your Personal Information with your consent.

5. Important Exceptions.

We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is permitted or required by and in accordance with the law.

We may also disclose your Personal Information in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

6. Security.

The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. Communications between the mobile applications and our servers takes place over secure HTTPS connections and your data is encrypted when it is stored on our servers. We also use commercially reasonable technical, administrative, and physical safeguards to preserve the integrity and security of the Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.

If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may also post a notice on our website if a security breach occurs. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

7. Sharing Information with Other Users and Services.

You may be able to share Personal Information with third parties, including other Pacifica Labs users and with other services, through use of the Services.

Our Services provide social networking features that allow you to share information with other users through message boards and chat groups. Any information you share through our social networking features will be made available to all users of our Services. We cannot control how our other users will use this information. We strongly recommend that you think carefully about what information you provide through our social networking features. For example, please do not share any information that other users could use to identify you personally, such as your real name, email address, telephone number, or social security number. You are welcome to share Wellness Information through the social networking features of our Services. But remember that any such information will be available to all of our other users who will be free to use it in any way they desire.

You may also be able to use the Services to share information, including Personal Information, with third-party services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.

8. HIPAA

If you connect with your Medical Professional through the Services, we are required to comply with the Health Insurance Portability and Accountability of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) as a “business associate” of your Medical Professional. We enter into a HIPAA Business Associate Agreement with each Medical Professional that is subject to HIPAA as a “covered entity.” We will comply with our HIPAA Business Associate Agreements and this Privacy Policy with respect to your Personal Information that is also “protected health information” as defined in HIPAA.

9. Retention.

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, de-identified data, or account recovery. All retained Personal Information will remain subject to the terms of this Privacy Policy. Please note that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all of your Personal Information due to technological, legal, or contractual constraints.

10. Amendment of this Privacy Policy.

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on http://thinkpacifica.com/privacy/ or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

If applicable law requires your opt in consent to any particular amendment to this Privacy Policy, the amendment will not apply to your Personal Information until we receive such consent from you. To the extent we cannot provide some or all of the Services without your consent to such amendment to the Privacy Policy, your decision not to consent may result in our having to limit your ability to use certain aspects of the Services.

11. Access and Accuracy; Correcting Personal Information.

You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to correct, amend, delete, or limit the use of your Personal Information. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.

In certain circumstances, you have the right:

  • To access and receive a copy of the Personal Information we hold about you
  • To rectify any Personal Information held about you that is inaccurate
  • To request the deletion of Personal Information held about you

You have the right to data portability for the information you provide to us. You can request to obtain a copy of your Personal Information in a commonly used electronic format so that you can manage and move it.

Please note that we may ask you to verify your identity before responding to such requests.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: info@thinkpacifica.com.

12. Service Providers.

We may employ third party companies and individuals to facilitate our Services (“Service Providers”), to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

A list of our current Service Providers can be found at the following URL: http://thinkpacifica.com/serviceproviders (the “Service Provider List”). The Service Provider List will be updated from time-to-time, as Service Providers are added and removed. The Service Provider List contains instructions on how to sign up to receive an email from us when updates are made the Service Provider List.

13. Contact Us.

You can help by keeping us informed of any changes such as a change of email address or telephone number. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at:

Pacifica Labs, Inc.
1521 Guerrero St.
San Francisco, CA 94110
info@thinkpacifica.com

If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.

Last Updated: May 20th, 2018




ADDITIONAL INFORMATION FOR EUROPEAN UNION USERS

Personal Information
References to “Personal Information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Data Protection Officer
Pacifica Labs is the controller of your personal information for purposes of European data protection legislation. You can contact our Data Protection Officer at info@thinkpacifica.com.

Lawful Basis for Data Processing
We will only collect, store, and process your personal information where a lawful basis for such processing exists, which will typically fall under one of the following scenarios:
(1) You, the Data Subject, have given consent to the processing of your personal information for one or more specific purposes, for example by consenting to terms and conditions on our website, and consenting to the terms of this privacy policy;
(2) Processing is necessary for the performance of a contract to which you, the Data Subject, are party;
(3) Processing is necessary for compliance with a legal obligation to which Pacifica Labs as a Controller is subject;
(4) Processing is necessary for the purposes of the legitimate interests pursued by us as the Controller, or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you, the Data Subject, which require protection of your personal information.

Use for new purposes
We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it.

Retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Information) for six years after they cease being customers for tax purposes.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights
European data protection laws give you certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:

  • Opt-out. Stop sending you direct marketing communications. You may continue to receive Service-related and other non-marketing emails.
  • Access. Provide you with information about our processing of your personal information and give you access to your personal information.
  • Correct. Update or correct inaccuracies in your personal information.
  • Delete. Delete your personal information.
  • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
  • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to info@thinkpacifica.com. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described in Section 13 of our Privacy Policy or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer
Whenever we transfer your personal information out of the EEA to countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on one of the safeguards recognized by the European Commission as providing adequate protection for personal information, where required by EU data protection legislation.