RK360 Privacy Policy

Effective December 1, 2018

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

Welcome to the RK360 Platform!

This Policy applies to the information processed through our public website (including any subdomains and mobile versions thereof, the “Corporate Site”), and our subscription-based RK360 Cloud Record Platform (the “Service”).

Please take a moment to read this Privacy Policy (the “Policy”) to understand how we collect, use, and share Personal Data of users of our Corporate Site and Service (“you” or “your”), as well as your choices and rights with respect to this information.

Who We Are

The Service and Corporate Site are owned and operated by Prosocial Applications, Inc. (RedKangaroo, “us,” “our,” or “we”), a Colorado corporation with an address of 1905 15th St. #4585 Boulder CO 80302-4585. Contact us for more information.

Acknowledgment

This policy is incorporated into the Terms of Service governing your use of the service. Any capitalized terms not defined in this Policy will have the definitions provided in our Terms of Service. Your use of our Corporate Site or Service indicates your acknowledgment of this Policy.

Third Parties

This Policy does not apply to information processed by third parties, for example, information created and stored by your health care provider, unless and until we receive your information from them. Please review these third parties’ privacy policies to learn more about how they process your Personal Data.

How we process Personal Data

Personal Data We Process

We may collect and process information that relates to identified or identifiable individuals (“Personal Data”). Note that certain Personal Data may include data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health information, or information relating to sex life or sexual orientation (“SpecialCategory Data”). We collect and process the following categories of Personal Data (note, specific Personal Data elements listed in each category are only examples and may change):

Identity Data: 

Personal Data used to identify a person, such as your name, photo/avatar, username, identification documents, and other Personal Data you may provide during account registration or to prove your identity.

Financial Data: 

Personal Data relating to financial accounts or services, e.g. a credit card or other financial account number, or other relevant information you provide in connection with a financial transaction.

Contact Data:

Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or usernames/handles, as well as a name or other salutation.

Device Data:

Pseudonymous Personal Data relating to your device, browser, or application e.g. IP addresses, MAC addresses, application ID, cookie identifiers, session navigation history, and similar browsing metadata, and other data generated through applications, browsers, cookies, and similar technologies.

Insurance Data:

Personal Data relating to your health insurance policy and coverage, including your insurance number. This information may be considered Special Category Data

Health Records:

Health care records, and any Personal Data in them, that we receive from health care providers, such as allergy records, vital statistics, lab tests and results, prescription/medication data, and information relating to medical procedures and medical conditions. This information includes Special Category Data.

Health Profile Data:

Personal Data you provide to us about you and your health including, blood type, race, ethnicity, religious affiliation, language, education, diet/digestion, lifestyle, known health conditions and certain medical history, allergies, and medications, and other information relating to your health. This information includes Special Category Data.

User Content:

Information that a user provides in a message, free text field, video/chat, in a file upload, scan or photo, or unstructured format, including any Personal Data or Special Category Data to the extent contained in or revealed by such content.

Processing of Personal Data: RK360 Services

Registration

Data:

An “RK360 Record” is a database account that stores Health Records and other health information of a patient or “Record Owner.” A Record Owner may manager their own RK360 Record as “Record Administrator”; may at any time delegate management to another person as Record Administrator; or, a Record Administrator with guardianship rights may manage the RK360 Record without record Owner authorization. Record Administrators may grant and control access permissions of “Authorized Users” to RK360 Records. By default, Record Owners and Record Administrators are Authorized Users of RK360 Records.

Please Note:

In certain cases, third parties (such as a Provider or other Distributor of the Service) may initiate registration of an RK360 Record (e.g. as part of a Providers own operations) on behalf of a Record Owner who appoints self or other as Record Administrator. The Record Administrator, may, in turn, appoint the initiating Provider or other Distributor of the Service as Authorized Users on the RK360 Record.

When you first register an RK360 Record as a Record Owner or Record Administrator or first access an RK360 Record as an Authorized User, we will request and process Identity Data, Device Data and certain Contact Data, such as a copy of driver’s license, passport or other ID, and email address.

We may also process certain Financial Data or Insurance Data if you choose to subscribe to our Service, or otherwise pay or seek payment for our subscription fees. This Financial Data may be processed by us, a service provider on our behalf, or may be completed outside of our Service (e.g. through the Apple App Store).

Uses:

We use the Identity Data and Contact Data as necessary to authenticate Users and to provide you with important information about your RK360 Record. Financial Data provided at registration will be used only as necessary to process transactions at your request, or to store your information for use in future payments. Subject to Your Rights & Choices, we may also use Identity Data and Contact Data in connection with Marketing Communications, for Product and Service Improvement, and Information Security.

RK360 Records

Data:

Our Service allows Authorized Users, consistent with their permissions, to request an import of Health Records and other health information into RK360 Records from diverse external sources including the electronic health records of healthcare providers (“Providers”). In connection with such requests, our Service will process any designated Identity Data, Health Profile Data, Health Records, Insurance Data, and User Content.

Please note:

Our Service enables Authorized Users to request from Providers via intermediary technology services such as Apple Health the import of Health Records, which are generated and controlled by Providers or their business associates. Therefore, data we import into RK360 Records may be inaccurate or incomplete depending upon the content of source records, and the quality of intermediary technology services. See Your Rights & Choices for information regarding data accuracy and correction.

Uses: 

Our Service generally processes Identity Data, Health Profile Data, Health Records, Insurance Data and User Content as necessary to provide the Service, and in accordance with each Authorized User’s consent, requests, preferences, and permissions.

Our Service may collect and process Identity Data, which may include driver’s license, passport, or insurance information when you provide patient authorizations and medical power of attorney or upload your insurance information to the Service. This Identity Data is stored by our Service, which offers you tools, consistent with your permissions and preferences, for you to disclose this information to third parties. This Identity Data is not processed for any purpose other than for the operation of the Service, the disclosures you authorize, and subject to Your Rights & Choices, in connection with Audit Logs and Information Security.

Subject to Your Rights & Choices, and where permitted by law, we may also use Identity Data and Contact Data in connection with Marketing Communications, Product and Service Improvement, and Information Security.

Get in Touch

Data:

Our Service allows Authorized Users, consistent with their permissions and subscription status, to contact our customer support agents. When you contact us, our Service will process Identity Data, Device Data, as well as any User Content you choose to provide.

Uses:

Subject to Your Rights & Choices, our Service will process any Personal Data collected from our communication functionality (via text, chat, email or phone) in order to respond to your request, provide you with relevant information, or if appropriate, and in connection with Marketing Communications, Product and Service Improvement, and Information Security.

Processing of Personal Data: Corporate Site

Data:

Our Service may process Identity Data, Contact Data, and User Content when you contact us through the Corporate Site.

Uses:

Subject to Your Rights & Choices, our Service will process any Personal Data we collect from our “contact us” form to respond to your request, provide you with relevant information, or if appropriate, in connection with Marketing Communications, Product and Service Improvement, and Information Security.

Marketing Communications

Data:

Our Service may process Identity Data and Contact Data in connection with email and social media marketing communications if you register for an RK360 Record, choose to receive marketing communications or interact with our marketing communications.

Uses:

Our Service processes identity Data and Contact Data as necessary to provide marketing communications you request, and consistent with our legitimate business interests, we may send you certain marketing and promotional communications if you sign up for these communications or register for our Service. See Your Rights & Choices for information about how you can limit or opt out of this processing.

Cookies and Similar Tracking Technologies

Data: 

Our Service and certain third parties may process Identity DataContact Data, and Device Data when you interact with cookies and similar technologies on our Corporate Site. Our Service may receive this data from third parties to the extent allowed by the applicable partner. Please note that the privacy policies of third parties may apply to these technologies and information collected.

Uses: 

Subject to Your Rights & Choices, we use this information as follows:

(i) for “essential” or “functional” purposes, such as to enable various features of the Corporate Site such as remembering passwords, or staying logged in during your session; and

(ii) for “analytics” purposes, consistent with our legitimate interests in how the Corporate Site is used or performs, how users engage with and navigate through the Corporate Site, what sites users visit before visiting our Corporate Site, how often they visit our Corporate Site and other similar information.

Note: Some of these technologies may be used by us and/or our third-party partners to identify you across platforms, devices, sites, and services.

Information about Specific Processing Operations

In order to help secure our Service, meet our legal obligations, and help track access to and disclosures of your Personal Data, our Service creates logs that record Device Data, and if available, Identity Data when Health Records and other Personal Data are accessed, viewed, disclosed, modified, or deleted. These logs are subject to Your Rights & Choices.

Information Security

Subject to Your Rights & Choices, we may also process any Personal Data we possess in order to monitor the use of our Service and Corporate Site for malicious activity, detect systems vulnerabilities, and as otherwise appropriate to maintain the integrity and security of our Service and Corporate Site and the Personal Data we process.

Product and Service Improvement

Subject to Your Rights & Choices, we may process any Identity Data, Contact Data, Financial Data, Device Data, and User Content in order to analyze how users interact with our Service or Corporate Site, in connection with market research, for product and Service improvements, and as necessary to monitor and maintain the integrity and security of our Service, Corporate Site and the data we process.

Research and Public Health

We may also process and disclose your personal Data for uses related to medical research, public health, product recalls and other medical product liability/safety matters, and for other research and public health/safety grounds, to the extent and under the conditions allowed by applicable law.

Additional Processing

Note that we may, without your consent, also process your Personal Data on certain public interest grounds. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest. Please see the Data Sharing section for more information about how we disclose Personal Data in extraordinary circumstances.

If we process Personal Data in connection with our Service or Corporate Site in a way not described in this Policy, this Policy will still apply generally (e.g. concerning Your Rights & Choices) unless otherwise stated when you provide it.

Data Sharing

Information we collect may be shared with a variety of parties, depending upon the purpose of and context in which that information was provided. We generally transfer data to the following categories of recipients:

Record Administrators and Other Authorized Users

A Record Administrator, whether appointed by the Record Owner or acting as personal representative, guardian or medical power of attorney for the Record Owner, may have access to any Personal Data in the RK360 Record of the Record Owner, including Medical Records and Medical Profile Data. Record Administrators may also disclose that information to third parties or grant access to other subordinate Authorized Users, to the extent such functionality is made available through the Service and the Record Administrator is appropriately authorized.

Providers

Our service enables the exchange of medical information and other contents of RK360Records with external sources and recipients of designated information such as healthcare providers. When Authorized Users, consistent with their permissions, utilize tools in RK360 Records to exchange Personal Data in RK360 Records through the Service, the Service may share any designated information including health Record Data, Health Profile Data and any Sensitive Personal Data.

Service Providers

In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests, we may share any Personal Data with service providers or sub-processors who provide certain services or process data on our behalf.

Treatment, Payment, and Healthcare Operations

To the extent we process personal data subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we may disclose such Health Record Data and Health Profile Data, Contact Data, Identity Data, and Insurance Data where authorized for Treatment, Payment, and Healthcare Operations. These include activities such as disclosing information to Providers, for our Product and Service Improvement, or if necessary to bill patients or insurance providers.

Affiliates

In order to streamline certain business operations and develop products and services that better meet the interests and needs of our Users, and inform our customers about relevant products and services, we may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies.

Corporate Events

Any Personal Data may be processed without your consent in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.

Legal Disclosures

In limited circumstances, we may, without notice or your consent, access and disclose your Personal Data, any communications sent or received by you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, or for other law enforcement and national security reasons, to investigate violations of our Terms of Service, or when the disclosure is in the vital interests of us or any person. Note, these disclosures may be made to governments or other authorities in jurisdictions that do not ensure the same degree of protection of your Personal Data as to your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Data to such parties on any lawful grounds we may have.

Other Disclosures

We may disclose any Personal Data without your consent on certain public interest grounds. For example, we may process information as necessary to fulfil our legal obligations, for public health and other matters in the public interest, to medical providers or healthcare organizations, medical examiners, in connection with organ and tissue donor requests, or where otherwise allowed by applicable law.

Your Rights and Choices

Access

You may access the Personal Data that we process to the extent required and permitted by law. Further, our Service offers you tools (e.g. through the account services menu), consistent with your permissions as a User, for securely accessing your personal data, including Health Records, Health Profile Data, data from Audit Logs, and other information about your RK360 Record.

Your Rights

Applicable law may grant you some or all of the following rights in your Personal Data. To the extent applicable law grants you these rights, you may exercise these rights using the methods set forth below, or by contacting us. Please note: we may require that you provide additional Personal Data to exercise these rights, e.g. Identity Data that is necessary to prove you are authorized to make a request.

Rectification

Our Service offers you tools, consistent with your permissions as a User, for correcting any Personal Data that the Service holds about you to the extent required and permitted by law. You may be able to make changes to Personal Data, such as Account Registration Data and Medical Profile Data through the user account settings menu provided through the Service.

Please Note

Our Service stores and displays copies of Health Records that are maintained in Providers’ systems; we do not control and cannot alter the content of your Health Records. Please contact the relevant Provider to exercise your right to correct Health Records. Updated Health Records will be reflected in the Service when updated by the Provider and only if the Service is authorized to receive the updated Health Record.

Erasure

Our Service offers you tools, consistent with your permissions as a User, for deletion of Health Records, Health Profile Data, account registration data and contents of RK360 Records. You may not, however, delete the Audit Logs that document User activities on the Service and in RK360 Records. We will explain how to use these tools but cannot utilize these tools on your behalf.

Please Note

We store and display copies of Health Records that are maintained in Providers’ systems if they are shared with us; we do not control and cannot delete Health Records stored in Providers’ systems. Please contact the relevant Provider to exercise your right to delete your primary Health Records.

Data Portability

To the extent required by applicable law, our Service will enable you to export and send to yourself, to Providers or other third parties, copies of certain Personal Data in your RK360 Record in a common portable format of our choice. Before you delete Data, our Service will remind you to export a copy of your Data to a destination storage location you control. To export data, you may use the data sharing functionality that our Service offers, and you may employ as destinations your personal email or fax, or the email or fax of the appropriate third party. We will explain how to use these tools but cannot utilize these tools on your behalf.

Complaints

You have the right to contact or file a complaint with us, as well as regulators or supervisory authorities, about our processing of Personal Data. To file a complaint with us, simply contact us. To file a complaint with governmental bodies, please contact your local data protection or consumer protection authority. In the US, you may be able to file a complaint with the Federal Trade Commission, or if appropriate, the Department of Health and Human Services, in each case, by submitting a complaint through their online complaint processes. We will not retaliate against you for filing a complaint.

California Rights

Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year (if any). Please contact us to make this request.

HIPAA

To the extent required by applicable law, we will provide you with an accounting of the disclosures of your Health Data or Health Profile Data (if any). To do so, please contact us.

Your Choices

It is possible to use portions of our Corporate Site without providing any Personal Data, but you may not be able to access certain features or view certain content. You have the following choices regarding the Personal Data we process, however, please note that we may not be required to agree to a requested restriction to the extent permitted by law.

Data Collection and Sharing

You may generally control how Personal Data is shared with us, and how we share your Personal Data. You can control what Personal Data we collect by modifying your permissions with your Providers or modifying your authorizations to share data with third parties. Additionally, you may change your authorization for our Service to receive continuous updates of your Health Records through the account settings menu. You may also limit the sharing of any Health Records and Health Profile Data, as well as any other Personal Data (including data shared with third parties and subordinate Users) through the account settings menu. Note, only Account Administrators may directly limit the rights and permissions of subordinate Users. You may contact us for guidance about how to employ the account settings menu.

Direct Marketing

You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You have the choice to opt-out of or withdraw your consent to direct marketing communications you receive. You may exercise your choice via the links in our communications or by contacting us re: direct marketing.

Consent

If you consent to any other processing of your Personal Data, you may withdraw your consent at any time. Please note, as the primary function of the Service is to collect, aggregate, store and share copies of your Health Records and Health Profile Data, your sole means of revoking consent may be to delete data from the Service or delete your account.

Cookies and Similar Tech

If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu. You must opt-out of certain third-party services directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Service, the Google Privacy Policy, or Google Analytics Opt-out. Please note, at this time, our Service does not respond to your browser’s do-not-track request.

Security

We are required by law to maintain the privacy of your Health Records and Health Profile Data, and we implement reasonable and appropriate security measures to safeguard the Personal Data you provide us. However, we sometimes share Personal Data with third parties as noted above, and we do not have control over third parties’ security processes. Further, certain methods of sharing your Health Records you may choose to use may present risks to the confidentiality of Sensitive Personal Data. We do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure, nor will we be liable for any unauthorized disclosures that occur following your choice to share Personal Data with Authorized Users or recipients you designate, such as Providers. We will notify you if there is a breach of the security of unsecured Personal Data we may process, where such notice is required by law.

Data Retention

Our service keeps the Medical Records and Profile Data of Authorized Users until those users employ the tools the Service offers, consistent with their permissions, to delete that data at which point we retain only Audit Logs of user activity in accordance with Your Rights & Choices. Otherwise, our Service retains Personal Data for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. To the extent our Service retains any Personal Data, we will review retention periods periodically, and may pseudonymize or anonymize data held for longer periods, if appropriate.

Minors

Our Service and Corporate Site are neither directed at nor intended for use by minors under the age of majority in the relevant jurisdiction. Further, we do not knowingly collect Personal Data from such individuals unless we receive the consent of the minor’s parent or guardian. If we learn that we have inadvertently done so, we will promptly delete it. Do not access or use the Service or Corporate Site if you are not of the age of majority in your jurisdiction unless you have the consent of your parent or guardian.

International Transfers

We operate in and use Internet service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. does not provide the same legal protections guaranteed to Personal Data in the European Union. Accordingly, your Personal Data may be transferred to the U.S. pursuant to the EU-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law. Contact us for more information regarding the specific mechanism used to ensure adequate protection of Personal Data subject to EU Law.

Information for Users in the EEA

Controller

Prosocial Applications, Inc. is the data controller for Personal Data collected under this Policy.

Legal bases for processing

The legal bases of our processing of your Personal Data is described in the table below. If you have questions about the legal basis of how we process your Personal Data, contact us at privacy@redkangaroo.us.

Processing purpose

Use:

RK360 Service
Contacting Us

Disclosure:

Service Providers

Legal Basis:

Processing  is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service. This may include processing that is necessary to provide the Service.

The following processing activities constitute our legitimate interests. We balance any potential impact on you when we process your Personal Data for our legitimate interests. You may object to this processing as described in the Rights of EU Users section below.

For example, our legitimate interests include:

Processing purpose

Use:

Marketing Communications

Disclosure:

Service Providers

Legal Basis:

Direct Marketing

Processing purpose

Use:

Marketing Communications

Disclosure:

Service Providers

Legal Basis:

Determining the effectiveness of marketing campaigns

Processing purpose

Use:

Audit Logs
Information Security
Product and Service Improvement

Disclosure:

Service Providers
Treatment, Payment, and Healthcare Operations
Affiliates
Corporate Events

Legal Basis:

To create, provide, support, maintain, and improve our products and Service, or to improve the efficiency of our Service, and operate our business

Processing purpose

Use:

Audit Logs
Information Security
Product and Service Improvement

Disclosure:

Service Providers
Legal Disclosures
Processing is necessary to comply with our legal obligations, for example, tax laws, fraud reporting, etc.

Legal Basis:

To secure our platform and network, investigate suspicious activity or violations of our terms or policies; and to protect the safety of Personal Data, including to prevent exploitation or other harms to which Users may be particularly vulnerable.

Processing purpose

Use:

Our Service

Disclosure:

Medical Power of Attorney
Providers
Marketers

Legal Basis:

Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime by contacting us at privacy@redkangaroo.us

Processing purpose:

All Personal Data

Legal Basis:

Note, we may process and disclose Personal Data where it is in the vital interests of a data subject, to comply with a legal obligation to which we are subject, in the public interest, for public health purposes and medical or scientific research, or other appropriate legal ground which may apply under applicable law.

Rights of EU Users

Right to Object: Where we process data based on our legitimate interests, you can object to that processing to the extent allowed by law. Note that we must only limit processing where our interests in processing do not override an individual’s interests, rights, and freedoms, or the processing is not for the establishment exercise or defense of a legal claim.

Right to Restrict: You may have the restrict processing of your Personal Data where the accuracy of the Personal Data is contested, the processing is unlawful but you object to deleting the Personal Data, or we no longer require the Personal Data, but it is still required for the establishment, exercise, or defense of a legal claim, or while we assess an objection to processing.

UPDATES TO THIS POLICY

We are required to comply with the effective version of this Policy. We may change this Policy from time to time, and when we do so, the changes will apply to all Personal Data we maintain, to the extent allowed by applicable law. Changes will be posted on this page with an effective date. Please visit this page regularly so that you are aware of our latest updates. Your use of the Service following notice of any changes indicates acceptance of any changes. You may download and print a paper copy of this notice from the Corporate Site.

Contact Us

Feel free to contact us with questions or concerns using the appropriate address below.

General inquires:

info@redkangaroo.us

Data rights & privacy:

RK 360 Privacy Office
privacy@redkangaroo.us

Physical address:

Prosocial Applications
1905 15th St. #4585
Boulder CO80302-4585

We Flow Data between Any Patient and Any Provider, Solving their Last-Mile Problems