Previdence respects the privacy of its online visitors and clients of its products and services and complies with applicable laws for the protection of your privacy, including, without limitation, the United States of America Bill of Rights, the European Union General Data Protection Regulation ("GDPR") and the Swiss and EU Privacy Shield Frameworks.
Wherever we talk about Personal Data below, we mean any information that can either itself identify you as an individual ("Personally Identifying Information") or that can be connected to you indirectly by linking it to Personally Identifying Information. Previdence also processes anonymous data, aggregated or not, to analyze and produce statistics related to the treatment, behavior, and demographics of patients as a group or as individuals. Such anonymous data does not allow the identification of the patients to which it relates. Previdence may share anonymous data, aggregated or not, with third parties.
2. Why Previdence Collects and Processes Data
Previdence collects and processes Personal Data for the following reasons:
- where it is necessary for the performance of our agreement with you to provide a full-featured patient assessment and treatment service and deliver associated content and services;
- where it is necessary for compliance with legal obligations that we are subject to (e.g. our obligations to keep certain information under tax laws);
- where it is necessary for the purposes of the legitimate and legal interests of Previdence or a third party (e.g. the interests of our other customers), except where such interests are overridden by your prevailing legitimate interests and rights; or
- where you have given consent to it.
- to continually improve the assessment and treatment of all patients interfacing with our software.
These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a user (section 6. below).
3. What Data We Collect and Process
3.1 Basic Account Data
When setting up an Account, Previdence will collect your email address and country of residence. You are also required to choose a user name and a password. The provision of this information is necessary to register a Previdence User Account. During setup of your account, the account is automatically assigned a number (the "Privacy ID") that is later used to reference your user account without directly exposing Personally Identifying Information about you. This “Privacy ID” number is not the same your customer number if you have an account with us.
3.2 Transaction and Payment Data
In order to make a transaction on with Previdence(e.g. to purchase Subscriptions for Content and Services, etc…), you may need to provide payment data to Previdence to enable the transaction. If you pay by credit card, you need to provide typical credit card information (name, address, credit card number, expiration date and security code) to Previdence, which Previdence will process and transmit to the payment service provider to enable the transaction and perform anti-fraud checks. Likewise, Previdence will receive data from your payment service provider for the same reasons.
3.3 Other Data You Explicitly Submit
We will collect and process Personal Data whenever you explicitly provide it to us or send it as part of communication with us. This data includes, but is not limited to:
- Information you provide when you complete a mental health assessment.
- Information you provide when you request information or support from us or purchase content and services from us, including information necessary to process your orders with the relevant payment merchant or, in case of physical goods, shipping providers;
3.4 Data Submitted by Your Clinician (if you are a patient)
If you are a patient, your clinician submits a variety of information through your general interaction with them during therapy or other communications with them. This information is used to assess current mental health and to formulate an appropriate treatment plan for you.
3.5 Your Use of Previdence Products and Other Services
In order to provide you with products and services, we need to collect, store and use various information about your activity in our content and services. "Content-Related Information" includes your Previdence ID, as well as what is usually referred to as "usage statistics". By usage statistics we mean information about your preferences and progress, as well as information about the device you are using, including what operating system you are using, device settings, unique device identifiers, and error data.
3.6 Tracking Data and Cookies
When you visit any of our services, our servers log your global IP address, which is a number that is automatically assigned to the network your computer is part of.
3.7 Web Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on visitors' computers, to help the website operators analyze how visitors use the site. The information generated by the cookie about the visitors' use of the website will generally be transmitted to and stored by Google on servers in the United States.
On behalf of the website operator, Google will use this information for the purpose of evaluating the website for its users, in order to compile reports on website activity, and to provide other services relating to website activity and internet usage for website operators.
Furthermore, users can prevent the collection of data about their use of the website (including their IP address) generated by the cookie, and the processing of data by Google, by downloading and installing the browser plug-in through the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
3.8 Content Recommendations
We may process information collected under this section 3 so that content, products and services shown on the pages shown to you on Previdence.com and in update messages displayed when using our products and services can be tailored to meet your needs and populated with relevant recommendations and offers. This is done to improve your customer experience.
Subject to your separate consent or where explicitly permitted under applicable laws on email marketing, Previdence may send you marketing messages about products and services offered by Previdence to your email address. In such a case we may also use your collected information to customize such marketing messages as well as collect information on whether you opened such messages and which links in their text you followed. This allows us to better understand what are and are not interested in.
You can opt out or withdraw your consent to receive marketing emails at any time by either withdrawing the consent on the same page where you previously provided it or clicking the "unsubscribe" link provided in every marketing email.
3.9 Information Required to Detect Violations
We may collect certain data that is required for our detection, investigation and prevention of fraud, cheating and other violations of the SSA and applicable laws ("Violations"). This data is used only for the purposes of detection, investigation, prevention and, where applicable, acting on of such Violations and stored only for the minimum amount of time needed for this purpose. If the data indicates that a Violation has occurred, we will further store the data for the establishment, exercise or defense of legal claims during the applicable statute of limitations or until a legal case related to it has been resolved. Please note that the specific data stored for this purpose may not be disclosed to you if the disclosure will compromise the mechanism through which we detect, investigate and prevent such Violations.
4. How Long We Store Data
We will only store your personally identifiable information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. After that your Personal Data will be deleted, blocked or anonymized, as provided by applicable law.
- If you terminate your Previdence Patient or Customer Account, your Personal Data will be marked for deletion except to the degree legal requirements or other prevailing legitimate purposes dictate a longer storage.
- In certain cases, Personal Data cannot be completely deleted in order to ensure the consistency of the of assessments or testing you participated in. In this situation your connection to these items will be permanently anonymized.
- Please note that Previdence is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years or more.
- If you withdraw your consent on which a processing of your Personal Data or of the Personal Data of your child is based, we will delete your Personal Data respectively the Personal Data and/or of your child without undue delay to the extent that the collection and processing of the Personal Data was based on the withdrawn consent.
- If you exercise a right to object to the processing of your Personal Data, we will review your objection and delete your Personal Data that we processed for the purpose to which you objected without undue delay, unless another legal basis for processing and retaining this data exists or unless applicable law requires us to retain the data.
5. Who Has Access to Your Data
5.1 Previdence and its subsidiaries may share your Personal Data with each other and use it to the degree necessary to achieve the purposes listed in section 2. above. In the event of a reorganization, sale or merger we may transfer Personal Data to the relevant third party subject to applicable laws.
5.3 In accordance with internet standards, we may also share certain information (including your IP address and the identification of Previdence content you wish to access) with our third-party network providers that provide content delivery network services and product server services in connection with Previdence. Our content delivery network providers enable the delivery of digital content you have requested, e.g. when using Previdence, by using a system of distributed servers that deliver the content to you, based on your geographic location.
5.4 If you are participating in our community platform and your profile or parts of your profile are set to public. We make the public data you have exposed related to your Previdence User Account available to other users and our partners through the Previdence API. This information can be accessed by anyone querying your Previdence ID or public persona name. At a minimum, the public persona name you have chosen to represent you on Previdence and your Avatar picture are accessible this way, as well as whether you have received a ban for misconduct in the community. The accessibility of any additional info about you can be controlled through your Previdence Community user profile page; data publicly available on your profile page can be accessed automatically through the Previdence API.
In addition to the publicly available information, service providers and members of the Previdence Professional Network access to certain information from the Previdence API directly relating to the users of the services they provide and operate. This information includes as a minimum your subscription or purchase of the product or service in question. Depending on which Previdence services are implemented in the subscription or product it may also include additional personal information, such as your health progress, achievements you have completed, communication information with other Previdence users utilizing the same service, and digital items and other information needed to operate the service or product and provide support for it. For more information on what Previdence services a specific subscription or product has implemented, please review its store page.
While we do not knowingly share Personally Identifying Information about you through the Previdence API such as your real name or your email address, any information you share about yourself on your public Previdence Profile can be accessed through the Previdence API, including information that may make you identifiable. This is always your choice and must done with your discretion. Previdence cannot be responsible for the public consumption and use of information you willingly share on your public Previdence profile.
5.5 The Previdence community includes message boards, forums and/or chat areas, where users can exchange ideas and communicate with each other. When posting a message to a board, forum or chat area, please be aware that the information is being made publicly available online; therefore, you are doing so at your own risk. If your Personal Data is posted on one of our community forums against your will, please use the reporting function and the Previdence help site to request its removal.
5.7 Previdence may release Personal Data to comply with court orders or laws and regulations that require us to disclose such information.
6. Your Rights and Control Mechanisms
The data protection laws of the European Economic Area and other territories grant their citizens certain rights in relation to their Personal Data. While other jurisdictions may provide fewer statutory rights to their citizens, we make the tools designed to exercise such rights available to our customers worldwide.
If you are a resident of the European Economic Area you have the following rights in relation to your Personal Data (Previdence also provides these same services to all of our customers and software users outsice of the European Economic Area):
6.1 Right of Access.
You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge (i) information whether your Personal Data is retained, (ii) access to and/or (iii) duplicates of the Personal Data retained. You can use the right to access to your Personal Data through the Privacy Dashboard. If the request affects the rights and freedoms of others or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.
6.2 Right to Rectification.
If we process your Personal Data, we shall endeavor to ensure by implementing suitable measures that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided via the Privacy Dashboard.
6.3. Right to Erasure.
You have the right to obtain deletion by us of Personal Data concerning you by deleting your Previdence User Account.
As a result of deleting your Previdence User Account, you will lose access to Previdence services, including the Previdence User Account, Subscriptions and related information linked to the Previdence User Account and the possibility to access other services you are using the Previdence User Account for.
We allow you to restore your Previdence User Account during a grace period of 30 (thirty) days from the moment you request deletion of your Previdence User Account. This functionality allows you not to lose your account by mistake, because of your loss of your account credentials or due to hacking. During the suspension period, we will be able to finalize financial and other activities that you may have initiated before sending the Previdence User Account deletion request. After the grace period, Personal Data associated with your account will be deleted subject to section 4. above.
In some cases, deletion of your Previdence User Account, and therefore Personal Data deletion, is complicated. Namely, if your account has a business relationship with Previdence, such as due to your work for our Professional Network, you will only be able to delete your Previdence User Account after you have transferred this role to another user or have dissolved the business relationship. In some cases, considering the complexity and number of the requests, the period for Personal Data erasure may be extended, but for no longer than two further months.
6.4 Right to Object.
You also have the right to lodge a complaint at a supervisory authority.
The minimum age to create a Previdence User Account is 13. Previdence will not knowingly collect Personal Data from children under this age. Insofar as certain countries apply a higher age of consent for the collection of Personal Data, Previdence requires parental consent before a Previdence User Account can be created and Personal Data associated with it collected. Previdence encourages parents to instruct their children to never give out personal information when online.
Previdence does not allow the clinical assessment of children under the age of 18 without parental consent, unless otherwise required by law.
Children over the age of 13 are allowed to take non-clinical assessments without parental consent.
8. Contact Info
You can contact Previdence's data protection officer at the address below.
While we review any request sent by mail, please be aware that to combat fraud, harassment and identity theft, the only way to access, rectify or delete your data is through logging in with your Previdence User Account.
Att. Data Protection Officer
5685 South 1475 East 2B
Ogden, UT 84406
9. Additional Information for Users from the European Economic Area
In compliance with the Privacy Shield Principles, Previdence commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Previdence here. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. As explained in the Privacy Shield documentation (https://www.privacyshield.gov/article?id=ANNEX-I-introduction) certain residual claims not resolved by other means may be subject to binding arbitration. In such event, an arbitration option will be made available to you.
The Privacy Shield Principles describe Previdence's accountability for Personal Data that it subsequently transfers to a third-party agent. Under the Principles, Previdence shall remain liable if third party agents process the personal information in a manner inconsistent with the Principles, unless Previdence proves it is not responsible for the event giving rise to the damage.
The Federal Trade Commission has jurisdiction over Previdence's compliance with the Privacy Shield.