Privacy

This webpage contains two components—(i) a general Privacy Policy and (ii) a General Data Protection Legislation notice for persons in certain jurisdictions.

Part 1:  Privacy Policy

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING OR SUBMITTING PERSONAL INFORMATION TO THE SITE.

Please reference and review the Policy on a regular basis as it constitutes a legally binding agreement between you and Insignia Health, LLC and has important consequences on your legal rights and obligations. This Privacy Policy was last updated on April 24, 2023 (“Revision Date”).

Insignia Health (“Insignia Health,” “we,” “us,” or “our“) and its affiliates, licensors, suppliers, officers, directors, employees, agents, or other related parties (collectively, the “Affiliates“) are dedicated to safeguarding and respecting your privacy. This Policy informs you of our privacy practices, how we collect and use your information when it might be disclosed, and how you can manage your personal information when using any and all Insignia Health websites and web-based applications, including but not limited to the PAM® survey and Flourish™ (the “Site“). The Policy is incorporated into and is subject to Insignia Health’s Terms and Conditions of Use (“Terms“). Your use of this website and any personal information you provide when using the Site (“Personal Information“) is subject to this Policy and the Terms.

By using or accessing the Site, you agree to the terms and conditions of the Policy. It is your responsibility to read and understand them. If you do not agree to them, do not use the Site or submit any Personal Information to the Site.

Covered by this Policy

This Policy applies to all Insignia Health websites and web-based applications, including but not limited to the Patient Activation Measure® (PAM®) survey and Flourish® health education program.

Within its own Site, Insignia Health may provide links to third-party (“Third Party“) websites. If you access such Third Party links, you will leave the Site. Insignia Health does not control or endorse such Third Party sites, and this Policy and the Terms do not govern or apply to such sites. Please carefully review the terms and conditions applicable to such Third Party sites before using or submitting personal information to any such site.

Collection of Personal Information

Insignia Health collects and uses your Personal Information to better understand your needs and interests, and to help us deliver a consistent and personalized experience when you use our Site. For example, during the registration process, we will ask you to provide Personal Information to complete your registration. The types of Personal Information that you provide may include contact information such as your name, address, telephone number, and email address, and/or other unique information such as your username and password.

In addition to the information you provide, Insignia Health may also collect information during your visit to the Site through automated data collection methods (the “Methods“), which include Web beacons, cookies, embedded web links, and other commonly used information-gathering tools. These Methods collect certain standard information that your browser sends to the Site, such as your browser type and language, access times, and the address of the website from which you arrived at the Site. The Methods may also collect information about your Internet Protocol (IP) address and/or clickstream behavior (i.e., the pages you view, the links you click, and other actions you take in connection with the Site). The Methods also may be used to collect information about your use of emails received from Insignia Health, such as when you open the email or click on a link contained in the email.

Use of Your Information

As noted above, Insignia Health will use your Personal Information to better serve your needs and interests as you use our Site. For example, Insignia Health may use or share your Personal Information to:

  • Verify that you are the source of feedback you wish published;
  • Assist you in completing a transaction;
  • Communicate with you about products and services;
  • Provide service and support;
  • Update you on new services and benefits;
  • Select content to be communicated to you;
  • Personalize Insignia Health features on the Site;
  • Allow you to participate in surveys; or
  • Contact you for research regarding your experiences with Insignia Health.

During the registration process we will give you the opportunity to choose your privacy preferences; you can update your preferences at any time.

When we collect and use your Personal Information, we do so in accordance with all applicable laws. Insignia Health may disclose certain Personal Information (i) to comply with a legal requirement, such as a law, regulation, court order, subpoena, or search warrant, (ii) in the course of a legal proceeding, (iii) in response to a law enforcement agency request, or (iv) to the organization providing you access to this Site and any of their affiliates or vendors. In addition, circumstances may arise where, whether for strategic or other business reasons, Insignia Health sells its businesses, purchases or merges with another business, or otherwise reorganizes its business. Such a transaction may involve the disclosure of Personal Information to prospective or actual purchasers, or the receipt of it from sellers. Insignia Health will seek appropriate protection for your Personal Information in these types of transactions.

Children’s Privacy

We are committed to protecting the privacy of children. Insignia Health has neither designed nor intended its Site to attract children under the age of sixteen. Insignia Health does not collect information from children we actually know are under the age of sixteen. Anyone under the age of eighteen is prohibited from using or accessing the Site unless supervised by a parent or guardian. The parent or guardian is solely responsible for supervising a minor child’s use of the Site, and assumes full responsibility for the interpretation and use of any information obtained from the Site for the minor.

Your Choices and Privacy Preferences

Insignia Health gives you the choice of receiving a variety of information that complements our products and services. You can subscribe to receive certain product- and service-specific information and also choose to receive Insignia Health general communications. You can make or change your choices about receiving either subscription or general communications by accessing your “Edit Account Info” page. The communication preferences in your Account Profile do not apply to communications primarily for the purpose of support, product safety warnings, or other administrative and transactional notices, as the primary purpose of these communications is not promotional in nature.

The email communications that you receive from Insignia Health will be provided in accordance with this Policy and the communication preferences you select in your Account Profile.

Keeping Your Personal Information Secure

To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of your Personal Information, Insignia Health utilizes appropriate physical, technical, and administrative procedures to safeguard the information we collect. Nevertheless, you understand and agree that no security measures are absolute and that we cannot guarantee absolute protection of your Personal Information.

How to Contact Us

We value your thoughts and concerns. To ask questions about our privacy practices or to make a complaint, please contact Insignia Health at info@insigniahealth.com or write to us at the following address:

Privacy Officer
Insignia Health, LLC
1521 Concord Pike, Suite 301
PMB 221
Wilmington, DE 19803

Download a copy of the Privacy Policy


Part 2:  General Data Protection Legislation – Privacy Notice Applicable to Users in the European Economic Area (EEA), the United Kingdom (UK) and Switzerland

Last updated: April 24, 2023

If you are located in the European Economic Area (EEA), the United Kingdom (UK) or Switzerland, then this privacy notice applies to personal data that you submit to the Insignia Health website and to personal data that Insignia Health collects from or about its clients and vendors in the EEA, UK and Switzerland (“Personal Data”).

If you are not located in the European Economic Area (EEA), the United Kingdom or Switzerland then only the Privacy Policy above applies to you—this Part II does not apply to you.

Insignia Health (“Insignia Health,” “we,” “us,” or “our“) is a healthcare technology company which works with healthcare organizations around the world to activate patients in their care and improve outcomes.  Insignia Health is a subsidiary of Phreesia Inc., and both Insignia Health and Phreesia are headquartered in the United States.  Insignia Health is dedicated to safeguarding and respecting your privacy.

This notice informs you of our privacy practices, how we collect and use your information, when it might be disclosed, and how you can manage your Personal Data when using any and all Insignia Health website. This notice also informs you individuals whose personal data we obtain via third parties, including from our vendors, clients, and others.

We recommend that you read this Privacy Notice in full to ensure you are fully informed.  However, if you only want to access a particular section of this Privacy Notice, then you can click on the relevant link below to jump to that section.

If you have any questions or concerns about our use of your Personal Data, then please contact us using the contact details under the “How to Contact Us” heading below.

Purposes and Legal Basis

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. We have set out a description of the ways we will use your Personal Data and which of the legal bases we rely on to do so, in the table below.

In certain situations, we require your data to pursue our legitimate interests in a way which is reasonable for you to expect as part of the running our business and which does not materially affect your rights and freedoms.  We have identified below what our legitimate interests are.

You do not have an obligation to provide Personal Data to Insignia Health.  However, if you do not provide such Personal Data, Insignia Health may be unable to provide its services.

Purpose/ActivityType of dataLawful basis for processing including basis of legitimate interest

To register for an account via our website

(a) Identity
(b) Contact

(a) Performance of a contract with you

To process and invoice for services including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts or to perform a contract with your employer)

To manage our relationship with you which may include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
(c) Contact you for research regarding your experiences with us.

(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation for example, criminal matters where we receive a court order to provide personal data to law enforcement
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services, to verify that you are the source of feedback you wish published or to understand if you are satisfied with your experiences with us and to take this into account)

To administer and protect our business and the website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical

(a) Necessary for our legitimate interests (including for running our business, provision of administration and IT services, securing the network, and preventing fraud)
(b) Necessary to comply with a legal obligation

To deliver relevant website content, features and advertisements to you

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical

(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical
(b) Usage

(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website and products updated and relevant, to develop our business and to inform our marketing strategy)

To share information with law enforcement and others, in circumstances where someone’s vital interests require protection, such as in the case of emergencies. These vital interests could include protection of your (or in exceptional circumstances someone else’s) life, physical or mental health or integrity or that of others.

(a) Identity
(b) Profile
(c) Contact
(d)Communications
(e) Usage
(f) Technical

(a) Necessary to protect vital interest (to combat harmful conduct and promote safety, integrity and security).

To contact customers and prospective customers about products, services, sector developments and events we think may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
(f) Marketing and Communications

(a) Necessary for our legitimate interests (to develop our products/services and grow our business) (where consent is not required by marketing laws)
 
(b) If required by marketing laws, we seek consent before sending marketing materials to individuals and in such cases consent is our lawful basis for sending marketing to you.
 
When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it is withdrawn. To exercise your rights, see your device-based settings and ‘Your Individual Data Subject Rights’ section of this Privacy Notice.

Cookies and Similar Tracking Technology

Insignia Health’s website uses cookies and similar tracking technology (collectively, “Cookies”) to collect and use Personal Data about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice.

Keeping Personal Data Secure

We use appropriate technical and organisational measures to protect the Personal Data that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.  Specific measures we use include use of account passwords and encryption of devices.

International Transfers

In some cases, your Personal Data may be transferred to, stored and processed outside of the countries in which you are resident. These countries may have data protection laws that are different from the laws of your country. Specifically, Personal Data may be transferred to the United States or other countries in which we maintain facilities. Such jurisdictions may not have been found by regulators to offer an adequate level of protection to Personal Data.

Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your Personal Data will remain protected in accordance with this Privacy Notice. Insignia Health has entered into the European Commission’s Standard Contractual Clauses with respect to such data.  Transferred Personal Data includes identity and contact information.  A copy of the applicable Standard Contractual Clauses may be received by writing to the Data Protection Officer.

Data Retention

Insignia Health will store your Personal Data where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). 

The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of the legal requirement. For example: we keep your information when we have a legal obligation to do so (e.g., if a court order is received about your account, we would retain your data for longer than the usual retention period); to deal with and resolve requests and complaints (e.g., if there was an ongoing complaint), to protect individuals’ rights and property (e.g., we will retain information about a data subject access request for six years after the request in case there is a subsequent complaint and the information is needed to demonstrate how the request was handled) and for litigation or regulatory matters (e.g., we would retain your information if there was an ongoing legal claim and the information was relevant to the claim.  This information would be retained until the matter had been concluded.).

When we have no ongoing legitimate business need or legal reason to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.  

Your Individual Data Subject Rights

You are entitled to the following rights, to the extent provided under the GDPR or Swiss law, as applicable.

  • The right to request access to and rectification of your Personal Data.
  • The right to request erasure of your Personal Data.
  • The right to restrict or object to our processing.
  • The right to have a copy of your Personal Data made available to you in a portable form.
  • The right to opt-out of marketing communications we send you at any time.  You can exercise this right by responding “unsubscribe” or “opt-out” to the marketing e-mails we send.  To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact the Data Protection Officer.
  • If we have collected and process your Personal Data with your consent, the right to withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
  • The right to lodge a complaint about our Personal Data collection and processing actions with the appropriate data protection authority. For more information, please contact your local supervisory authority. (Contact details for supervisory authorities in Europe are available here.)  Certain supervisory authorities may require that you exhaust our own internal complaints process before looking into your complaint.

Updates to this Notice

Insignia Health may need to revise and update the Privacy Notice from time to time in response to changing legal, regulatory, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.  We will obtain your consent to any material Privacy Notice changes if, and where, required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. 

How to Contact Us

The Chief Privacy Officer of Phreesia, Inc., Insignia Health’s sole member, serves as Insignia’s Data Protection Officer.  The Data Protection Officer may also be contacted at privacy@phreesia.com.

Insignia Health is registered with the United Kingdom Information Commissioner’s Office with number ZB235988. Insignia Health is the data controller of your Personal Data.