XOLTAR PRIVACY POLICY
XOLTAR
PRIVACY POLICY
Last modified: November
Xoltar Inc. and its affiliates (collectively, “Xoltar”, “us”, “our” or “we”) offer innovative AI-powered solutions for optimizing businesses’ customer experience and is committed to respecting its clients and users’ privacy rights (collectively, “you”, “your” or “user”).
This Privacy Policy (the “Policy”) applies to information we collect or process when you interact with us, including through our website, applications or other the services (“Services”), whether you interact with us directly or through Services in conjunction with your health professional caregiver or referring physician ,and describes how Xoltar collects, uses, shares and protects such information. We encourage you to read this Privacy Policy carefully and use it to make informed decisions.
By using our Services, you hereby agree to the data practices and processing activities described in this Privacy Policy. Capitalized terms used and not otherwise defined herein, shall have the respective meanings ascribed to them under our Terms of Service.
THE INFORMATION WE COLLECT
Xoltar collects information that identifies individuals or that may, with reasonable effort, identify individuals, including (the “Personal Information”):
Personal Identifiers and Demographic Information: including your name, gender, identification number, date of birth, age;
Contact Information: including postal address telephone numbers (including mobile numbers) and e-mail address;
Medical Information: including medical history, medical records, current medications and prescription information, medical conditions, diagnosis and medical treatment information, medical recommendations from your healthcare provider, and where relevant, name of referring physician;
Insurance Information: including provincial drug benefit program or private health insurance plan information, and other information you may provide to us when you use the Service;
Audio Visual Information: including recordings of your visual appearance and voice features;
Biometric Information: including facial and body scans to support interactive features (although these scans are not used to create a biometric identifier);
Internet or other electronic activity information: including your online browsing activities through the Service (for example, device, software or hardware that may identify them, such as online identifiers, device unique identifiers (e.g., UDID, MAC address), IP address and geolocation).
Your Account password(s) and usernames.
Social Media information: If you choose to set up an account when using the Service by logging through your Facebook or other social network account (Single Sign On), we may receive personal information about you from the social network.
Your, preferences, feedback and survey responses.
Your correspondence and communications with Xoltar.
Commercial and financial information: including records of products or services ordered or considered; other purchasing or consuming histories.
Professional Information: including job title and employment information
Sensitive Information: including health information, sexual orientation, race, ethnicity, religious or philosophical beliefs.
Deidentified or Aggregated Data. Xoltar may also collect or create deidentified aggregate information regarding use of our Services, as well as user information (including deidentified health information). We may use, disclose or even sell such aggregated or de-identified information for any lawful or legitimate purpose, and will take steps to prevent the data from being reidentified. This includes requiring any recipients of deidentified data to commit to not reidentify, or even attempt to reidentify, the data.
HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
Xoltar may collect Personal Information during your use of our Service, including your interactions and communications with the Service, in the following ways:
Information You Provide to Xoltar. Xoltar collects Information that you provide, for example, when you use the Services; when you answer questionnaires and surveys; send requests for customer support; or communicate with us for other purposes. Please be aware that the Information you choose to provide may reveal, or identify, information that is not expressly stated (for example, your name may reveal your gender). Accordingly, you should carefully consider which information you wish to share about yourself.
Information Collected Automatically. When you access or use the Services, we may automatically collect Information about you, including:
Usage Information. Xoltar monitors users’ activity in connection with the Services and may collect log information about you when you access and use the Services including your IP address, time of access, browser type and language, Internet Service Provider (“ISP”), information about the applications and features you use, the content you access, and any actions taken in connection with the access and use of your content in the Services.
Device Information. If you access the Services from a mobile device, Xoltar may collect information about the device, including the hardware model, operating system and version, unique device identifiers, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type).
Cookies and Other Tracking Technologies
Like most websites and online platforms, our Service uses “cookies” to collect Information. “Cookies” are small text files containing strings of letters and numbers that are downloaded onto your device (such as, computer, tablet or smartphone) when you use the Service. These files allow to store Information about you. Some “cookies” will expire when you exit the Service, and others will be saved in your device’s memory.
If you want to disable or change your “cookies” settings, you will have to remove the Service.
Other than “cookies”, when you use our Service, you consent to our use (and authorize third parties to use) of various technologies to collect Information, which may include web beacons (also known as “tracking pixels”), events and other technologies (collectively, “Tracking Technologies”). Such Tracking Technologies allow us to automatically collect Information about you, your device and your online behavior, in order to enhance your navigation and improve our Services’ performance, perform analytics and customize your experience. In addition, we may merge data we have with Information collected through these Tracking Technologies and data we may obtain from other sources and, as a result, such combined data may constitute Personal Information.
HOW WE USE YOUR PERSONAL INFORMATION AND PURPOSES FOR COLLECTION
Xoltar collects and uses the above identified categories of Personal Information for the purposes described below :
Personal Identifiers and Contact Information: Provide, operate, maintain, improve, promote and audit the Service, including by Xoltar, or any third party, from time to time.
Personal Identifiers, Contact Information, Commercial and financial information; and Internet or other electronic activity information: Send you transactional messages, technical notices, updates, security alerts and support and administrative messages.
Personal Identifiers, Contact Information, Commercial and financial information; and Internet or other electronic activity information: Identify you, so that we can interact with you, provide and deliver the services and features you request, process and complete transactions, and send you related information .
Personal Identifiers, Contact Information, Commercial and financial information; Internet or other electronic activity information: Insurance Information; and Audio Visual Information: Respond to your comments, complaints or disputes, queries, questions, and requests and provide customer service and support, internal record-keeping, managing insurance claims by customers.
Personal identifiers; Commercial or financial information; and Internet or other electronic activity: Communicate with you about services, features, surveys, newsletters, offers, promotions, contests and events, and provide other news or information about Xoltar and our select partners, including responding to your comments, questions, and requests.
Personal identifiers; Commercial or financial information; and Internet or other electronic activity; Audio Visual Information: Personalize and improve the Service, and provide content, features, and/or advertisements that match your interests and preferences or otherwise customize the Services.
Personal identifiers; Commercial or financial information; and Internet or other electronic activity; Audio Visual Information: Monitor and analyze trends, usage, and activities in connection with the Services for research, marketing or advertising purposes.
Personal Identifiers; Professional Information: To engage in business transactions with the entity you represent and market to or engage in diligence with the entities you represent.
Personal identifiers; Commercial or financial information; and Internet or other electronic activity: For crime and fraud prevention, detection and related purposes, including cybersecurity needs such as fraud detection and misuse of our website.
Personal identifiers; Commercial or financial information; and Internet or other electronic activity: Where it has a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
Please note that where we rely on your consent to process any of your Personal Information, you have the right to withdraw your consent at any time. In certain jurisdictions, we rely on our legitimate interests to process your Personal Information under the applicable laws, and where we do, you have the right to object. If you have any questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us through the contact details available below.
Sharing your Information with Third Parties
We may use and share your Information with certain third parties that help us operate our Service, (e.g., deliver customer support, monitor and analyze the performance of our Services, provide recording and storing solutions, etc.), such as newsletter distribution, cloud providers and other service providers. When Xoltar uses such third parties, it restricts them from using or disclosing the Information, except as required to perform the services on behalf of Xoltar or to comply with legal requirements. Third parties with which we may share your Information will be required to meet our standards on processing information and security. Personal Information we provide them will only be provided in connection with the performance of their function.
In addition, we will share your Information with third parties at your direction, such as your healthcare provider, as well as our family of companies and other third parties in order to coordinate your care where necessary or appropriate depending on the Services you receive from us. For example, we may share a video/audio recording of your interactions with Xoltar’s virtual representative with your healthcare provider so that any information you provide it can be documented on your medical record.
We may share your data with: credit reference agencies and payment card issuers (such as Visa, Mastercard and American Express) where necessary for card payments, payment facilitators (such as Stripe or PayPal).
We also may share infomration with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers (a) to comply with our legal obligations or respond to a governmental request; (b) to exercise our legal rights (for example in court cases); (c) for the prevention, detection, investigation of crime or prosecution of offenders; and (d) for the protection of our employees and customers.
If Xoltar becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, or other corporate restructuring, we may transfer all or some the Information that was collected from users in connection with such a transaction.
We work with third party providers that help us operate, provide, improve, understand, customize, support, and market our Service. For example, we work with companies that provide our infrastructure and other systems, supply map and sites information, help us understand how people use our Service, etc.
Our cloud service providers. The server(s) on which the Service and the Service are hosted and/or through which any of the Service are processed are within the State of Israel, United States, Europe and UK, however, some of the Information may be managed by third parties, including, Amazon Web Service (AWS) technology, whose mailing address is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, ATTN: AWS Legal. You can find more details on AWS’ Privacy Policy here. We have configured our data to be stored in London, UK.
International transfer of information. Xoltar is a private company incorporated under the laws of the State of Delaware, USA. To provide you with our Service, it will be necessary for Xoltar to grant its fully owned subsidiary, Xoltar Ltd., a private company incorporated under the laws of the State of Israel, with access to your data. By agreeing to these Terms, you to Xoltar sharing your data outside of the European Economic Area. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.
Those clauses can be accessed here.
We reserve the right to disclose your Information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, or court order.
Also, as noted above, we may disclose aggregated and other deidentified about our users to potential business partners, investors, or the public for any reason.
USE OR DISCLOSURE OF SENSITIVE PERSONAL INFORMATION
We do not use or disclose sensitive personal information to create profiles about or infer characteristics about individuals, or for any purposes other than providing our Services.
CATEGORIES OF THIRD PARTIES TO WHOM WE DISCLOSE PERSONAL INFORMATION
We disclose personal information to the following categories of entities that do not operate as our processors and are not our affiliates: Advertising companies and data brokers that process personal information for purposes of providing advertising and marketing services to us and other parties; other third parties, including your healthcare provider, at your direction.
HOW LONG DO WE KEEP YOUR DATA?
Xoltar will retain your Information for as long as needed to provide you and our clients with our Service, or to comply with legal and regulatory obligations (e.g., audits, accounting and statutory retention terms), enforcing our Terms of Service, dispute resolutions and for the establishment, exercise or defence of legal claims in the countries where we do business.
While different retention periods may apply with respect to different types of data, the longest we will normally hold any Personal Information is ten (10) years. We may retain facial and body scans for Services Support for no longer than 1 year after the close of your account.
When you send an email or other communication to [email protected], or any other correspondence that you have with us, we may retain those communications in order to process and respond to your requests and improve our Service.
Please DO NOT send us any communication which contains confidential or sensitive information, since we are unable to evaluate whether your content constitutes as confidential or sensitive information, or not, and we may retain or use such communication as described hereinabove, and such retention or use shall not be deemed as a breach of any of our obligations pursuant to this Policy.
INFORMATION SECURITY
Xoltar uses reasonable industry standards designed to protect against unauthorized access to, or unauthorized alteration, disclosure or destruction of data which is stored in our records. These measures include internal reviews of our data collection, storage and processing practices and standard measures.
Nonetheless, we cannot guarantee a perfect and absolute security measure, as no method of transmission over the Internet and or electronic storage is perfectly secure or invulnerable. However, should we become aware of a security breach, we will notify any affected user as required by applicable law.
HOW CAN YOU HELP TO PROTECT YOUR DATA?
First, please remember that Xoltar will never ask you for any password, bank account or credit card details. If you receive such communicating asking you to provide such information, please ignore it and do not respond. You can let us know that you have received such communication via [email protected].
If you are using a computing device in a public location, we highly recommend that you always log out and close the browser after completing your session.
WHAT RIGHTS YOU HAVE IN CONNECTION WITH YOUR INFORMATION?
Consumer Rights Under Comprehensive U.S. State Data Privacy Laws
Depending on your state of residence, you may have certain qualified data privacy rights based on state privacy laws. The rights provided under these laws are similar in many respects, with some differences from state to state. We list below the rights that may be applicable to our business under these laws, noting that not all rights are available under each state’s law:
Exercising Your Rights
We will respond to requests from residents of states with data privacy laws that apply to us and will do so with respect to the rights that are provided under the requestor’s state law as of the effective date of that law.
To exercise rights to know, access/copy, delete, correct, or know third parties to whom personal information is disclosed, submit a request through our webform or by contacting us at [email protected]. We will provide a substantive response to these requests within 45 days of the date on which we receive your request. If we require additional information or time to process your requests, we will contact you.
To exercise the right to limit the use of sensitive personal information, submit a request to [email protected]
To exercise opt-out rights, submit your request to [email protected].
Xoltar shall not charge you for requesting to exercise any of the aforementioned rights.
Opt-out Preference Signals and Do Not Track
An opt-out preference signal is sent by a platform, technology, or mechanism on behalf of individuals and communicates an individual’s choice to opt out of the sale and sharing of personal information for cross-context behavioral advertising with all businesses that recognize the signal, without having to make individualized requests. The signal can be set on certain browsers or through opt-out plug-in tools.
We recognize the Global Privacy Control signal [for California and Colorado residents based on IP address] and do so at the browser level [and it does not apply to personal information we may collect offline or that we may associate only with your name or email address]. This means that if the signal is sent through a specific browser, we will recognize it for that browser only, and only with respect to the identifiers for that browser. If you would like more information about opt-out preference signals, including how to use them, please refer to the Global Privacy Control website (https://globalprivacycontrol.org/).
We will respond to opt-out requests [and requests to limit the use of sensitive information] as soon as feasibly possible, but no later than 15 business days after receipt of your request. If we require additional information or time to process your requests, we will contact you.
We do not respond to the DNT or “Do Not Track” signal.
Exercising Your Rights Using Authorized Agents
Agents may submit opt-out requests on behalf of individuals under several state data privacy laws; this is not an option that is available under laws in certain states (for example, Texas, Utah, or Virginia). California residents can designate an agent to submit all other types of requests. If the agent submits an opt-out request on your behalf, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the opt-out request on your behalf. Agents can submit opt-out requests [[email protected]].
If you are a California resident and you use an agent to submit other types of requests, the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. You will also be required to verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request. Agents can submit requests on behalf of California residents (other than opt-out requests) [[email protected]].
Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with state law pertaining to powers of attorney.
Verification of Requests
When you exercise rights other than opt-out rights [and the right to limit collection of sensitive personal information], we will take steps to verify your identity. [We will ask you for at least two pieces of personal information], depending on the nature of the request, and attempt to match those to information that we maintain or collect about you.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request and will deny it. We will notify you to explain the basis of the denial.
When We Do Not Act on a Request – Appeal Process
In some cases, we may not act on your requests (for example, if we are prohibited from acting on your request under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action (for example, correcting data) you requested.
Additionally, you have the right to appeal our decision by contacting us at [same method used to submit requests] within 30 days after your receipt of our decision.
Non-Discrimination
If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly. If you exercise your rights under this Privacy Policy, you will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services than others.
SPECIFIC PROVISIONS FOR EU-RESIDENTS
This Section applies to residents of the European Union. Xoltar adopted the following provisions, to comply with the EU 2016/679 Directive General Data Protection Regulation (“GDPR”), pursuant to which Xoltar will be considered as a “Data Controller” with respect to our use of Personal Information of residents of the European Union.
Legal Basis. We base our processing of any personal data as “Data Controllers” based on the following lawful grounds:
Xoltar relies, primarily, on your consent to the terms of this Policy and the terms set forth under our Terms of Service, as a legal basis for processing any Personal Information related to you or communicating any other promotional material.
Xoltar may collect and use your Personal Information when it is necessary for one of the legitimate uses set out in Section 3 above, which we believe are not overridden by your fundamental rights.
We may process your Personal Information to comply with a legal obligation and to protect our users’ vital interests.
If, at any time, you wish to exercise your rights in accordance with the provisions provided by law (including as provided under Section 7 of this Policy) you may send us an email to via [email protected], and request:
Please note that you have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the European Economic Area (EEA) .
If you have any concerns with respect to our methods of processing any Personal Information related to you, or if wish to withdraw your consent, for any reason, kindly let us know by sending an email to [email protected].
Xoltar shall not charge you for requesting to exercise any of the aforementioned rights.
COMPLIANCE
If you believe that we have not adhered to our Policy as outlined herein, please notify us by email to [email protected]. Xoltar will examine any query and make commercially reasonable efforts to resolve any existing or potential dispute. Note that when you send us a request to exercise your rights, we will need to reasonably authenticate your identity and location, and therefore we may ask you to provide us credentials to make sure that you are who you claim to be and will further ask you questions to understand the nature and scope of your request.
ACCESSIBILITY
If you need access to this policy in an alternative accessible way, or to make other accessibility-related requests or report barriers, please contact us at [email protected].
CHANGES TO THIS POLICY
We reserve the right to change this Policy from time to time, so please review it frequently. If we make material changes to this Policy, and you are a registered user of the Service, we will notify you by email when we make any changes.
GOVERNING LAW
This Policy shall be construed in accordance with and governed for all purposes by the substantive laws of the State of Delaware, USA without regard to conflicts of law provisions. You agree that any claim or dispute you may have against the Company and its affiliates, directors, officers, employees, and representatives must be resolved by a court located in Delaware, USA and waive any jurisdictional, venue or inconvenient forum objections to such courts.
CONTACT US
If you have any questions about this Policy, please contact us via [email protected] or via post at: 3500 South Dupont Highway, City of Dover, County of Kent, Delaware 19901, USA, Attn: Privacy Officer.