Fern Privacy Policy

Last Updated: 7.28.2020

Fern’s mission is to build innovative technologies and compassionate services to help break down the barriers to managing pain, and to help guide people toward a pain-free life.

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to our Fern platforms, mobile applications, and any other related features, contents, applications, or websites we, Fern Health, Inc. (“Fern,” “we,” “us“), may offer from time to time (collectively, the “Fern Services“). This Privacy Policy explains Fern’s information practices, including:

  • What information we may collect through the Fern Services and how we collect it.
  • How we use the information we collect.
  • How we may share collected information.
  • What choices you have as to how we collect and use information.

This Privacy Policy is incorporated by reference into the Fern Terms of Use. We encourage you to review both documents carefully when using the Fern Services. If you have any questions about our privacy practices, please refer to the end of this Privacy Policy for information on how to contact us.

INFORMATION WE COLLECT 

In General. Fern’s mission is to help you manage your pain, and we cannot help you do that without collecting certain information, including Personal Information about you.

This Privacy Policy focuses on “Personal Information.” For purposes of this Privacy Policy, Personal Information is information that alone or in combination with other information may be used to readily identify, contact, or locate a specific person, such as: name, address, email address, phone number, medical records or certain other health data, insurance information, and financial information. Personal Information does not include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.

We collect information when you:

  • Create a Fern account or download our mobile application. In order to use the Fern Services, you must create an account, and you may choose to download our mobile application. To create a Fern account, you must provide Personal Information such as name, email address, phone number, date of birth, gender, and an account password. This information will help Fern and others that you collaborate with to identify and communicate with you. When you download our mobile application we also create an encrypted user ID so that we can analyze the performance and use of the application.
  • Build your profile and answer questionnaires. As a Fern member, you can add information to your account, including by answering questionnaires about your health, sleep, and exercise routine, your history, the impact of chronic pain on your activities, and how your pain, activity level, and enjoyment of life change over time as you progress through your personalized care plan. You may choose to provide Personal Information such as phone number, date of birth, pain stage and levels, visits to providers, and health conditions. We use the information you provide to tailor the Fern Services, collect your feedback, and to help you track your goals.
  • Interact with your health coach. You may communicate with an assigned health coach by phone, by in-app messaging, or other means when you use the Fern Services. If you do, we may collect the substance of those communications. For example, we may collect audio, video, and text files from your interactions with your health coach. Your exercise sessions may be recorded, but only after we obtain your explicit consent.
  • Link your Fern account to services or devices. If you choose to link your Fern account to certain other services or devices, such as mobile phones, electronic calendars, wearables, scales, fitness trackers, or other health monitoring devices, we may collect information related to your use of such services or devices. When these services or devices are administered by a third party, the information practices and policies for those services or devices are the responsibility of that third party.
  • Request Records. If you would like to request a copy of records maintained by us regarding your use of the Fern Services, we may ask you to provide Personal Information as needed to verify your identity and complete a request form to enable us to process your request. If you choose to request health records, we will ask you to provide Personal Information as needed to complete a request form that complies with the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Such Personal Information may include a Social Security number.
  • Seek assistance from Fern.  If you contact Fern with questions and requests, we may collect information from you in order to assist you.

Use of cookies and other technologies to collect information. We or our third-party service providers use cookies and related tools to provide features and services that enhance your Fern experience. For example, these technologies may allow the Fern Services to recognize your device and log you in automatically, remember your preferences, and analyze how you use the Fern Services so we can improve your experience.

  • Cookies and similar technology. A cookie is a small text file that may be stored on the hard drive of a computer or device when you access a website. When you use the Fern Services, we may assign your device one or more cookies or similar identifiers to facilitate access and to personalize your experience and collect technical information about the performance of the Fern Services. You may refuse the service of cookies to your device or delete any existing cookies by changing your browser and device preferences. As the means by which you can do this vary from browser to browser and device to device, please refer to your browser’s help menu and/or device settings for more information. If you refuse or delete cookies, you may not be able to take advantage of all features and functionality of the Fern Services. To learn more about cookies visit https://www.allaboutcookies.org.
  • Information collected automatically. We may automatically collect information from your browser or device when you use the Fern Services. This information may include an IP address, device identifier, your browser type, access times, the content of any undeleted cookies your browser received from us, and other non-personally identifiable information that can help us optimize the Fern Services.

HOW WE USE INFORMATION WE COLLECT

We use information, including Personal Information, to deliver and improve the Fern Services.

We may use information, including Personal Information, to:

  • Communicate with you. We may send email to the email address you provide us to verify your account and for informational and operational purposes, such as account management, customer service, system maintenance, or to provide information we think may be of interest to you. We may also communicate with you through the Fern Services or other means enabled by the Fern Services, such as through text messages, telephone calls, push notifications, or in-app messaging. You may adjust your communications preferences in your Fern account settings at any time or by unsubscribing from our marketing emails using the link provided at the bottom of those emails or by changing your communications preferences in our mobile application.
  • By using the Fern Services or providing a phone number or email address to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Fern Services.
  • Communicate with others at your request. If you choose to use Fern to share information with others, including communicating with your assigned health coach at the beginning of or during your personalized care program, we may require Personal Information such as names, email addresses, telephone numbers, or other contact information. You may also communicate through in-app messaging in our mobile application.
  • Customize your Fern experience. We use information we collect through the Fern Services to customize your Fern experience.
  • Organize and analyze your information. When you share information or we receive it from others, our employees and service providers may review that information to categorize and organize it for you. For example, we analyze the information you share with us to shape your personalized care program.
  • Provide and improve the Fern Services.  We use information, including Personal Information, for internal and service-related purposes. For instance, when users download our mobile application, we keep track of how many people have downloaded the application and the number of active sessions and users so that we can make sure the application runs smoothly for all users and so that we can analyze and improve the Fern Services.

We may de-identify data collected through the Fern Services and use such de-identified data for any purpose.

HOW WE MAY SHARE INFORMATION

We do not rent, sell, or share Personal Information. We do not share your Personal Information with other people or non-affiliated companies for their direct marketing purposes, unless we have your permission. We may share de-identified data with third parties for any purpose.

We may share information, including Personal Information, as follows:

  • With your permission.  We may share your Personal Information or other information about you with third parties when we have your permission or at your direction, including when you direct us to send information to a health care provider or employer.
  • With our subsidiaries and affiliates. We reserve the right to disclose your information to our subsidiaries and affiliates, primarily for business and operational purposes. As part of this sharing of information, this means that once you provide us with information, any one of our related entities may use your information including for marketing purposes, pursuant to the terms of this Privacy Policy.
  • With our vendors and service providers. We may share any information we receive from you with our vendors and service providers to the extent reasonably necessary to enable us to operate, provide, and/or improve the Fern Services. For instance, we store data associated with the service using a third-party cloud storage provider. We also work with an analytics provider who helps us analyze how many people are actively using our mobile application so we can make better decisions about how to improve the Fern Services provided through our mobile application. We will only share your information with vendors and service providers that have agreed to abide by obligations of non-use and confidentiality that are at least as restrictive as those undertaken by us as part of this Privacy Policy and our Terms of Use.
  • As required by law and similar disclosures. We may access, preserve, and disclose your Personal Information, other account information, and content if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; defend against legal claims; respond to your requests; protect the rights, property, and safety of you, Fern, or others; or as otherwise required by law.
  • In connection with a merger, sale, or other asset transfer. If we are involved in a merger, acquisition, financing, reorganization, or other substantial corporate transaction, or in the unlikely event of bankruptcy, any information we possess, including Personal Information, may be shared, sold, or transferred as part of such a transaction as permitted by law and/or contract. In such cases, we cannot control how other entities may use or disclose such information.

YOUR CHOICES 

Fern offers you a number of ways to control collection and use of your information when you use the Fern Services. Your options include:

  • Modifying your account information. You can review the information you or others have shared by logging into your Fern account through our mobile application.  You can modify or delete any information that you have provided us at any time.  You may also choose to modify and delete information that others have shared with you.

  • Modifying your account settings.  Fern account settings are designed to provide you with control over the information that you share.  We encourage you to review your account settings and adjust them in accordance with your preferences. You may adjust your communications preferences in your Fern account settings at any time or by unsubscribing from marketing emails using the link provided at the bottom of those emails.

  • Closing your account.  If you no longer desire to use the Fern Services, you may close your account by sending us an email to support@fernhealth.com and you may remove our mobile application from your device.  After you close your account, you will not be able to sign in to our mobile application or access any of your information. If you close your Fern account, we have no obligation to retain your information and may delete any or all of your account information without liability.  We may retain and use your information as described in “Data Retention” below.  Please note: if you have provided or shared information to third parties, retention of that information will be subject to those third parties’ policies and practices.
  • Do Not Track. “Do Not Track” is a privacy preference that users can set in their web browsers and mobile devices. When a user turns on the Do Not Track signal, the browser or device sends a message to online services requesting them not to track the user. At this time, we do not respond to Do Not Track browser and device settings or signals. For information about Do Not Track, please visit: www.allaboutdnt.org.

INFORMATION SECURITY

We take steps to ensure that information is treated securely and in accordance with this Privacy Policy. Unfortunately, neither the Internet nor any form of electronic storage can be guaranteed to be 100 percent secure, and we cannot ensure or warrant the security of any information provided to us. We do not accept liability for any unintentional disclosure.

CHILDREN’S PRIVACY

We do not knowingly collect, maintain, or use Personal Information from children under 13 years of age, and no part of the Fern Services are designed for or directed to children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us at support@fernhealth.com. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate any account created by such children.

If you are the parent or guardian of a child under the age of 13, you may choose to manage your child’s health information through your Fern account.

YOUR CALIFORNIA PRIVACY RIGHTS

We do not meet the conditions as outlined in Section 1798.140 of the California Consumer Privacy Act of 2018 (the “CCPA”) and therefore are not subject to CCPA requirements. Because we value your privacy and promise to protect your personal information, you can learn about the personal information we collect in the Information We Collect section above. For specifics about how and when we share your personal information with third parties, please see the How We May Share Information section above.

GDPR NOTICE

In compliance with GDPR, we may rely upon one or more legal bases defined in the GDPR to collect, use, share and otherwise process the Personal Information of individuals located in the European Union, including where:

  • Necessary to perform a contract we have with you, such as our terms of engagement, and to provide services;
  • You have consented to the processing (in which case you may revoke your consent at any time);
  • Necessary for us to comply with a legal obligation, or to establish, exercise or defend legal claims;
  • Necessary to protect your vital interests or those of others;
  • Necessary in the public interest; and
  • Necessary for the purposes of Fern or a third party’s legitimate interests, such as those of clients, partners, staff or others, provided that those interests are not overridden by your interests or fundamental rights and freedoms.

Where we collect, use, disclose and otherwise process your information based on legitimate interests, we may rely on the following interests:

  • Provision of services: We use your information to provide services to you and others.
  • Keeping our services safe and secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our services, such as our domains, websites, apps, offices and events, safe and secure. For example, we collect IP addresses and process log files to ensure our Fern Services are not subject to fraudulent access.
  • Marketing the Fern Services: We use your information as necessary to pursue our legitimate interests in marketing the Fern Services.
  • Providing, improving and developing services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our services. For example, if you are a customer, we may send you a survey or questionnaire to understand your experience in obtaining services from Fern.
  • Providing seamless services with affiliates of Fern: In some cases, the services require the engagement of, or sharing of your information with, other companies affiliated with Fern.

If you are located in the EU, under certain circumstances, you may have certain legal rights under the GDPR, including:

  • To access the Personal Information we maintain about you
  • To receive information about how we process your Personal Information
  • To correct your Personal Information
  • To have your Personal Information erased
  • To object to or restrict how we process your Personal Information
  • To request your Personal Information be transferred to a third party
  • To withdraw any consent you may have given us to process your Personal Information

If you are an EU resident, you have the right to object to our processing that is based on legitimate interests by contacting us at the address or number below. If you are located in the EU and you believe that Fern has infringed your rights under the GDPR, please contact us by sending an email to support@fernhealth.com.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to our information practices. If we decide to change this Privacy Policy, we will post the changes on this page so that you are aware of our practices and update the “Last Updated” date above. If we make a material change in how we collect, use, or disclose Personal Information, we will make reasonable efforts to provide notice through the Fern Services and obtain consent to any such uses as may be required by law. We encourage you to periodically review this page for the latest information on our privacy practices.

CONTACT US

If you have questions or comments about this Privacy Policy, please email us at support@fernhealth.com.