MaskCount™ Privacy Policy

Updated: September 21, 2020

We at Regenstrief Institute, Inc. (“Regenstrief” or “Company”), have a long history of protecting data privacy as the stewards of healthcare and medical research data for several decades, and we are committed to protecting your privacy. This privacy policy (“Privacy Policy”) applies to our Citizen Scientist applications (e.g. MaskCount™) and associated APIs, websites and services (each a “Site”, “Service”, or “Mobile App” or collectively, the “Services”), owned and controlled by Regenstrief. This Privacy Policy applies to the Services, regardless of the medium by which the Services are accessed.

This Privacy Policy governs our data collection, processing and usage practices. If you do not agree with the data practices described in this Privacy Policy, you should not use our Services.

Specifically, this Privacy Policy covers:

Information we collect about you

We may collect some Personal Information, Usage and Device Information (collectively, “information”, defined in detail below) about you in connection with your (or your organization’s) use of our Services that link to this Privacy Policy. See “Information we collect about you” section below for more details.

How we use your information

We use the information we collect only in compliance with this Privacy Policy. We may use your information to report anonymized findings through our research network; provide services; respond to inquiries and provide customer support and technical assistance; communicate with you; improve, develop, provide content for, operate, deliver and market our Services; implement social networking features; comply with our company policies and procedures and with applicable law; ensure proper and authorized use of the Services; perform Services tracking and analysis; and, as otherwise permitted by applicable law.

How we share your information

We may share your information with our Regenstrief business units, affiliates, subsidiaries, business partners, service providers and/or your representatives, in order to provide or improve our Services to you. We do not share information with third parties so that they can independently market their own products or services to you. We will never sell your Personal Information to any third party.

Retention of your information

We keep your display name, and email address, for as long as your account is in existence because we need it to operate your account. If you elect to stop using our Services, we will keep information about your account and your use of the Services for as long as necessary for our legitimate research and business interests, for legal reasons, and to prevent harm, including as further described in the “How We Use Your Information” and “How We Share Your Information” sections.

Security of your information

We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to protect the confidentiality, integrity and availability of your data.

All information submitted via the Mobile App is encrypted, using industry-standard encryption algorithms (e.g., TLS 1.2) while being transmitted between the user device and the Services’ servers.

No method of transmitting or storing data is completely secure, however.

If you have a security-related concern, please contact Customer Support.

International Data Transfers

Regenstrief Institute, Inc., is a U.S.-based non-profit company that often partners with and offers our Services to U.S. and international partners. As a result, information that we collect may be transferred to our data centers or service providers in the U.S. By providing your personal information to us, you are consenting to the transfer of your personal information to the U.S. and to our (and our services providers’) use and disclosure of your personal information in accordance with this Privacy Policy.

Cookies and Similar Technologies

Our technology partners (e.g., Google) may use “cookies” and similar technologies to help deliver our Services. This technology may involve placing small files/code on your device or browser that serve a number of purposes, such as keeping sessions open, remembering your preferences and to offer you a more personalized user experience.

Analytics and Communications

We may work with partners who provide us with analytics and communications services. This includes helping us understand how users interact with our Services, communicating with you about our Services and features, and measuring the performance of those communications. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications.

Links to Other Websites

Our Mobile Apps and Sites may contain links to other websites or services that are not owned or controlled by Regenstrief, including links to websites of our sponsors and partners. This Privacy Policy only applies to information collected by our Services. We have no control over these third-party websites, and your use of third-party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third-party websites linked to our Services. Your use of third parties’ websites linked to our Services is at your own risk, so we encourage you to read the privacy policies of any linked third-party websites when you leave one of our Services.

Our Policies for Children

We do not market to, and do not knowingly collect any personal information from or about a child under the age of 13 without the consent of the child’s parent or legal guardian. If we discover that we have inadvertently collected personal information from a child under 13 years of age, we will promptly take all reasonable measures to delete that personal information from our systems. You are prohibited from using the Services if you are under the age of 13.

If you are under the age of eighteen (18) or the applicable age of minority in the jurisdiction from which you are accessing the Services, you must obtain consent form your parent or guardian prior to using the Services.

Situations where this Privacy Policy does not apply

This Privacy Policy does not apply to job applicants or employees, which are subject to relevant privacy notices.

This Privacy Policy does not apply to the extent that:

  • Our products and services set forth an additional or alternative Privacy Policy; or
  • Applicable law imposes different processing or privacy requirements on your information.

Changes to this Privacy Policy

We periodically update this Privacy Policy. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by sending you notification by email or notification alert within our Services.

While we will notify you of any significant, material changes to this Privacy Policy, we encourage you to review this Privacy Policy periodically. We will also keep prior versions of this Privacy Policy in an archive for your review.

How to contact us

You can contact us using the Contact Us page on our Sites or by mail at 1101 W. 10th St, Indianapolis, IN 46202.

If you have questions, suggestions, or concerns about this policy, or about our use of your information, including filing a complaint, please contact our Privacy and Compliance Officer at privacy@maskcount.com.

INFORMATION WE COLLECT ABOUT YOU

When you use our Services, we collect the following types of information.

INFORMATION YOU PROVIDE US (“PERSONAL INFORMATION”)

ACCOUNT INFORMATION

Some information is required to create an account on Services. For this, we get information either directly from you or from the third-party registration service choose (e.g. Google, Facebook, Twitter), such as your:

  • Name,
  • Display name,
  • Phone number,
  • Email address,
  • Website link to your avatar image or photo (i.e. Photo URL or Internet location)
  • Profile information,
  • Country information,
  • Community or social media username

You provide most of this information to us directly by using a third-party registration service (e.g. Facebook, Twitter, Google, etc.) or by completing fillable webforms on the Services and submitting the information to us.

If you contact us or participate in a related survey or partnership activity, we collect the information you submit directly from you such as your name, email address, contact information, and message.

INFORMATION FROM THIRD-PARTY SERVICES

If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Google, we may receive information like your username, profile picture, and email address. You can stop sharing the information from the other services with us by removing our access to each other service. However, we will store historical data that has already been collected.

INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES

USAGE AND DEVICE INFORMATION

When you use our Services, we receive certain usage data (“Usage and Device Information”).

This includes information about your interaction with the Services, for example, when you start a session or record an observation, we collect the username, a timestamp, latitude and longitude, and accuracy of location. During an ongoing session, and while the device is in use and the session is visible, we collect device location every 10 seconds (latitude and longitude). We also collect information about your interactions with the Services when you install or open applications or software, create or log into your account, or integrate a third-party service to your account.

We may also collect data about the devices and computers you use to access our Services, including IP addresses, browser type, language, operating system, or mobile device information (including device and application identifiers), the referring web page, pages visited, location, and cookie information.

HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes.

PROVIDE AND MAINTAIN THE SERVICES

We use the information we collect to deliver the Services to you and honor our Terms of Service for each Service with you or your organization. For example,

  • to administer, operate, maintain and secure our Services;
  • to monitor and analyze trends, usage and activities in connection with our Services;
  • for accounting, recordkeeping, backup and administrative purposes;
  • to customize and improve the content of our communications, websites and social media accounts;
  • to provide customer service and support, and requesting feedback;
  • to communicate with you, including responding to your comments, questions and requests regarding our Services; and
  • to educate and train our workforce in data protection and customer support.

IMPROVE, PERSONALIZE, AND DEVELOP THE SERVICES

We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research, surveys and develop new features and Services.

COMMUNICATE WITH YOU

We use your information when needed to send you Service notifications and respond to you when you contact us. We may also use your information to tell you about new features or similar products that we think you might be interested in as well as request feedback, user surveys, and testimonials.

PROMOTE SERVICE SAFETY AND SECURITY

We use the information we collect to promote the safety and security of the Services, our users and other parties. For example, we may use the information

  • to authenticate users;
  • to respond to a legal request or claim, conduct audits, and enforce our terms and policies;
  • to investigate and protect against fraud, malicious or unauthorized access, and other illegal activities; and
  • to demonstrate and verify compliance with our internal policies and procedures, and applicable privacy and data security laws and regulations.

HOW WE SHARE YOUR INFORMATION

We do not share your personal information except in the limited circumstances described below.

FOR EXTERNAL PROCESSING

We may transfer information to our service providers and other partners who process it for us, based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research and surveys.

FOR LEGAL REASONS OR TO PREVENT HARM

We may preserve or disclose information about you to comply with a law, regulation, legal process or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect or investigate illegal activity, fraud, abuse, violations of our terms or threats to the security of the Services or the physical safety of any person.

Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.

We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us or as part of the community benchmarking information we provide to users of our subscription services.

INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA (EEA)

Regenstrief is processing information for the purposes of scientific research, and particularly in the context of the COVID-19 pandemic.  The purpose of the processing of this information is carried out in the public interest.

INTERNATIONAL TRANSFERS

Regenstrief intends to transfer your information to the United States of America (USA) for processing. The European Commission has not adopted an adequacy decision, and has not recognized the USA as providing adequate protection.

The transfer of information to the USA is necessary for important reasons of public interest. Specifically, Regenstrief intends to use the information for research efforts related to the fight against the COVID-19 pandemic.

In addition, by using the Services and providing your information, you acknowledge the risks associated with transfer of information in the absence of an adequacy decision. By using the Services and providing your information, you consent to the processing of your information.

HOW TO WITHDRAW CONSENT

At any time, you may withdraw consent you have provided to us for using, disclosing, or otherwise processing your information.  You may withdraw your consent by communicating your request as stated in the “How to contact us” section above.

Please note that your withdrawal of consent to process certain information about you (1) may limit our ability to deliver services to you and (2) does not affect the lawfulness of our processing activities based on your consent before its withdrawal.  Note that even after withdrawing consent, we may use, disclose, or otherwise process your information if required by law to do so.

Under certain circumstances, Data Subject may have the following rights under the GDPR:

  • Right to access the information we maintain about you;
  • Right to be provided with details about how we process your information;
  • Right to correct your information;
  • Right to have your information erased;
  • Right to object to or restrict how we process your information; and
  • Right to request your information to be transferred to a third-party.

To exercise the above rights, please contact us at the information provided above.  We will consider and process your request within a reasonable period of time.  Please be aware that under certain circumstances, the GDPR may limit your exercise of these rights.

HOW TO FILE A COMPLAINT

Additionally, Data Subjects may file a complaint with EU data protection authorities (“DPAs”).  A list of DPAs from the European Commission may be found here:
http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=50061.