Privacy Policy

Privacy Policy

Part One: Introduction

This privacy policy sets out how Jukebox Health, Inc. (“We”, “Us”, “the Company”, or “Jukebox Health”) collects, uses and protects any information that you give us when you use our websites, mobile apps, social media pages, or any other products or services offered by us (“Services”).  We are committed to ensuring that your privacy is protected. If we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will be used only in accordance with this privacy policy, as updated from time to time.

We value your privacy and are committed to keeping your personal data confidential. We use your data solely in the context of facilitating in-home safety assessments and home modification services provided by Jukebox Health’s affiliated professionals (“professionals”) to individuals requiring such assessments (“clients”). In addition to these assessments, “Services” may include scheduling appointments for such in-home assessments; using clients’ personal data to generate recommendation reports for necessary home modifications; and services necessary to schedule, facilitate, install or otherwise provide home modifications.

This Privacy Policy covers how We collect, receive, use, retain, and disclose Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”) via the Services. PII includes information about you that is personally identifying such as your name, email address, and phone number and which is not otherwise publicly available.  PHI includes information relating to your health, for example medical history, health conditions, test and physician referrals, insurance information and other data that a healthcare professional may collect to identify an individual and determine appropriate care.  PII and PHI may include other types of information depending on the legal definition that applies in your physical location. Only the definitions of PII and PHI that apply in your location will apply to you under this Privacy Policy. PII and PHI are referred to collectively in this Privacy Policy as “Personal Data.”  By using our website and/or Services and by providing Personal Data to us, you accept and hereby expressly consent to our collection, use, retention, and disclosure of your Personal Data in accordance with the terms of this Privacy Policy. If you choose not to provide the requested information you will not be able to access the Services.     We will collect Personal Data when you register for or use the Services.

As used herein, “information” may include Personal Data, if and as applicable. Please read the following carefully to understand Our Views and practices regarding Your Personal Data.

By submitting your personal data through the Services, you are acknowledging that you have read and agree to the terms of this privacy policy. If you do not agree, please do not log into or access the Services and do not submit any personal data to us.

In case you have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact us at privacy@jukeboxhealth.com. We appreciate Your feedback.

Part Two: Policy Summary

For your convenience, We have summarized the key takeaways from Our Privacy Policy, below in this Part Two. You may access Our full Privacy Policy by scrolling down to Part Three on this page.

Responsible Entity

Jukebox Health is the controller of Your Personal Data and may process this data in accordance with this Privacy Policy and applicable privacy laws. If We are processing Personal Data on behalf of a third party, the terms of this Privacy Policy do not apply—instead, the terms of that third party’s privacy policy will apply. You can contact Us with any questions about Our Privacy Policy at privacy@jukeboxhealth.com.

What information do We collect and why?

We collect “Personal Data”, which includes any information that can be used on its own or with other information in combination to identify or contact You. For a description of the types of Personal Data We collect, review this section in the full Privacy Policy. In some cases, if You are a Client, this Personal Data may be or may include healthcare information or “Protected Health Information”.

We may use Personal Data to (1) provide You with the Services; (2) communicate with You about and manage Your User Account; (3) store data; (4) comply with the law; (5) respond to requests from public and government authorities; (6) to enforce Our terms and conditions; (7) manage and improve Our operations and applications; (8) provide additional functionality; (9) protect Our rights, privacy, safety or property, and/or that of you or others; and (10) allow Us to pursue available remedies or limit the damages that We may sustain. Additional uses are described in this section of the full Privacy Policy.

We only use or disclose Your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described above (and in the full Privacy Policy). Where required by law, We will ask for Your prior consent before doing so.

Failure to Provide Data.

Providing Your Personal Data is not statutorily or contractually mandated. However, if you choose not to provide this information you will be unable to use Our Services.

Will We share Your Personal Data with anyone else?

  • If you are a Client, Yes, We may share your Personal Data with your healthcare provider(s) per your request.
  • Yes, with third parties that help Us power or provide Our Services.
  • Yes, with your consent we will share your Personal Data with affiliates and third-party vendors in connection with providing you requested Services.
  • Yes, with third parties and the government when legal or enforcement issues arise.
  • Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Jukebox Health’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings).

For more details regarding the above, review this section in the full Privacy Policy.

Where is Your Personal Data stored, transmitted and/or maintained?

Personal Data Jukebox Health collects through the Services will be stored on secure servers in the United States. Some Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer Your Personal Data outside of the United States.

How long will We maintain Your Personal Data?

We store Your Personal Data for as long as necessary to provide Services to you and to comply with federal and/or state laws. For more information on Personal Data retention, review this section of the full Privacy Policy.

How do We protect Your Personal Data?

Jukebox Health uses a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information you transmit to Us. By using the Services, you are assuming this risk. For more information on the safeguards We have in place to protect your Personal Data, review this section of the full Privacy Policy.

Your rights

You have certain rights relating to Your Personal Data, subject to local data protection laws. These rights may include:

  • to access Your Personal Data held by Us;
  • to erase/delete Your Personal Data, to the extent permitted by applicable data protection laws;
  • to receive communications related to the processing of Your personal data that are concise, transparent, intelligible, and easily accessible;
  • to restrict the processing of Your Personal Data to the extent permitted by law (while We verify or investigate Your concerns with this information, for example);
  • to object to the further processing of Your Personal Data, including the right to object to marketing;
  • to request that Your Personal Data be transferred to a third party, if possible;
  • to receive Your Personal Data in a structured, commonly used, and machine-readable format;
  • to lodge a complaint with a supervisory authority;
  • to rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
  • to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); and
  • to the extent We base the collection, processing, and sharing of Your Personal Data on Your consent, to withdraw Your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

For more details on Your rights and choices and how to exercise them, please review the full Privacy Policy.

How do You contact Us with questions or concerns?

If You have any questions about this Privacy Policy, please contact Us by email at privacy@jukeboxhealth.com or please write to: Jukebox Health at PO Box 12, Shelter Island Heights, NY 11965. Please note that email communications are not always secure; so please do not include sensitive information in Your emails to Us.

Part Three: Privacy Policy

Version 2 - Last Updated: July 17, 2024

This privacy policy applies to personal data Jukebox Health collects from users in connection with the Services. “Personal data” includes any information that can be used on its own or with other information in combination to identify or contact one of our users. We believe that transparency about the use of your personal information is of utmost importance. In this privacy policy, we provide you detailed information about our collection, use, maintenance, and disclosure of your personal data. The policy explains what kind of information we collect, when and how we might use that information, how we protect the information, and your rights regarding your personal information.

If you are a client, some of the personal data we collect and transmit will, in some circumstances, be considered “Health Data”(data related to a user’s physical or mental health) or “Protected Health Information” (information that relates to the past, present, or future physical or mental health or condition of a user; the provision of health care to a user; or the past, present, or future payment for the provision of health care to user). Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA“) provisions regarding sensitive personal data. Jukebox is not a Covered Entity but may provide services as a Business Associate of Jukebox affiliated professional entities.  In addition, we intend to comply with state law related to health data, where applicable. For additional information related to your healthcare information, please contact our privacy officer at privacy@jukeboxhealth.com.

By submitting your personal data in connection with the Services, you are acknowledging that you have read and agree to the terms of this policy. If you do not agree, please do not access the Services and do not submit any personal data to us.

Please note that we occasionally update this privacy policy and that it is your responsibility to stay up to date with any amended versions. If we modify the privacy policy, we will post a link to the modified terms on our website and will also notify you via email. You can store this policy and/or any amended version(s) digitally, print it, or save it in any other way. Any changes to this privacy policy will be effective immediately upon providing notice, and shall apply to all information we maintain, use, and disclose. If you continue to use the Services following such notice, you are agreeing to those changes.

In case you have any questions or concerns after reading this Privacy Policy, please do not hesitate to contact Us at privacy@jukeboxhealth.com. We appreciate Your feedback. If you do not agree or no longer agree to the processing of personal information as described in this Privacy Policy, you can request that your information be deleted by emailing privacy@jukeboxhealth.com.

Responsible Entity

Jukebox Health is the controller of your Personal Data and may process this data in accordance with the Privacy Policy and applicable privacy laws. If We are processing Personal Data on behalf of a third party that is not an agent or affiliate of Company, the terms of this Privacy Policy do not apply—instead, the terms of that third party’s privacy policy will apply. You can contact Us with any questions about Our Privacy Policy at privacy@jukeboxhealth.com.

Links to Other Sites

Our Services may contain links to websites and services that are owned or operated by third parties (each, a “Third-party Service”). Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner’s or operator’s privacy policy. We are not responsible for the content, privacy or security practices and policies of any Third-party Service. To protect your information, We recommend that you carefully review the privacy policies of all Third-party Services that you access.

What Personal Data do We collect?

Demographic Data

We may collect demographic information, such as your name, birth year, gender, ethnicity, height, weight, phone number, physical location address, and/or e­mail address. Primarily, the collection of your Personal Data assists Us in securely providing the Services to you.           .

Payment Data

If you make payments via Our Services, We may require that you provide to Us your financial and billing information, such as billing name and address, credit card number or bank account information.

Support Data

If you contact Us for support or to lodge a complaint, We may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data. (e.g., IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Services and related services in accordance with this Privacy Policy. Calls with Jukebox Health may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

Device, Telephone, and ISP Data

We may use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information, which may contain Personal Data, from your computer or mobile device as you navigate the Services or interact with emails We have sent you. The information We collect may include your Internet Protocol (“IP”) address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. This information is used to analyze overall trends, to help Us provide and improve Our Services and to guarantee their security and continued proper functioning.

FOR CLIENTS: Health Data

In addition to demographic information, We may collect information regarding your health conditions, age, gender, weight, height, medical history, symptoms, and related information from you. We collect this information to provide you with the Services and to provide your healthcare provider per your request.

How will We use Your Personal Data?

We process your Personal Data for purposes based on legitimate business interests, the fulfillment of Our Services to you, compliance with Our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally permitted or where it is necessary to fulfill the purposes described herein. Where required by law, We will make reasonable efforts to ask for your prior consent before doing so.

Specifically, We process your Personal Data for the following legitimate business purposes:

  • To fulfill Our obligations to you under the Terms of Use;
  • To communicate with you about and manage your  accounts or Services;
  • To properly store and track your data within Our system;
  • To respond to lawful requests from public and government authorities, and to comply with applicable state/federal law, including cooperation with judicial proceedings or court orders;
  • To protect Our rights, privacy, safety, or property, and/or that of you or others by providing proper notices, pursuing available legal remedies, and acting to limit Our damages;
  • To handle technical support and other requests from you;
  • To enforce and ensure your compliance with Our Terms of Use or the terms of any other applicable services agreement We have with you;
  • To manage and improve Our operations and the Services, including the development of additional functionality;
  • To manage payment processing;
  • To evaluate the quality of service you receive, identify usage trends, and thereby improve your user experience;
  • To keep Our Services safe and secure for you and for Us;
  • To send you information about changes to Our terms, conditions, and policies;
  • To allow Us to pursue available remedies or limit the damages that We may sustain; and
  • If you are a Client, to provide access to the authorized healthcare provider/caregiver (with your consent), to enable that individual to monitor your progress and overall condition and to follow up with you, as they deem appropriate.
  • To provide customer support and technical assistance
  • To help offer you other products, features, and/or other services that may be of interest.

Where is Your Personal Data processed?

Personal Data Jukebox Health collects through the Services will be stored on secure servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States.

Will We share Your Personal Data with anyone else?

We do not rent or sell your personally identifiable information (such as name, address, telephone number and credit card information) to unaffiliated third parties for their marketing purposes. We may share your information with third parties to provide products and services you have requested, when we have your consent, or as described in this privacy policy.

We may share aggregated, non-personally identifiable information, publicly and with our partners like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our websites and/or other products or services.

We may share your information with health care providers: (i) to schedule and fulfill appointments and provide health care services as part of the Services, (ii) to whom you send messages through our Services, and (iii) for other treatment, payment or health care operations purposes, including ancillary services, upon your request. These third parties are contractually obligated to maintain the confidentiality of your Personal Data consistent with the terms of this Policy and to comply with the applicable data protection laws.

The contents of your online communications, as well as other information about you as a user of our Services, may be accessed and disclosed under the following circumstances: in response to lawful governmental requests or legal process (for example, a court order, search warrant or subpoena), in other circumstances in which we have a good-faith belief that a crime has been or is being committed by a user of our Services, that an emergency exists that poses a threat to the safety of you or another person, when necessary to protect either our rights or our property or for us to render the service you have requested.

 

If You are a Client, Yes, with Your healthcare provider(s) per Your Request and with Your Consent.

We will share information you provide in connection with the Services, as well as any reports generated based on the information you enter, with your healthcare provider(s) at your request. If, at any point, you want to deny access to one or more healthcare provider(s), you can do so by emailing privacy@jukeboxhealth.com.

Yes, with third parties that help us provide Services

Jukebox Health has a limited number of service providers and other third parties (“Business Partners”) that help Us run various aspects of Our business. These Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared with Us. Business Partners’ use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, and payment processing.

Yes, with third parties and the government when legal or enforcement issues arise

We may share your Personal Data, if reasonable and necessary, to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts in violation of this Agreement; or (iii) bring legal action against someone who may be violating the Terms of Use or who may be causing intentional or unintentional injury or interference to the rights or property of Jukebox Health or any third party, including other users.

Yes, with third parties that provide advisory services

We may share your Personal Data with Our lawyers, auditors, accountants, health care providers, installation professionals, or banks, when We have a legitimate business interest in doing so.

Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Jukebox Health’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings)

If We share your Personal Data with a third party other than as provided above, you will be notified at the time of data collection or transfer, and you will have the option of not permitting the transfer.

Will We use Personal Data for Marketing purposes?

“Marketing purposes” are generally described as sending offers, sales solicitations, or advertisements to you by using your Personal Data. We do not use Personal Data for these purposes without your informed consent. For example, We may use Personal Data to provide you information on specific products and services relevant to you as part of your business relationship with Us should you consent to allow us to do so.

 How long do We retain Personal Data?

We will retain your Personal Data for as long as necessary to provide Services to you and as required by federal and state laws. The exact period of retention will depend on the type of Personal Data, Our contractual obligation to you, and applicable law. We keep your Personal Data for as long as necessary to fulfill the purpose for which it was collected, unless otherwise required or necessary pursuant to a legitimate business purpose outlined in this Privacy Policy. For example, if the Personal Data is part of your healthcare medical record, We may retain such Personal Data for the federal or state mandated retention period for medical records. At the end of the applicable retention period, We may remove your Personal Data from Our databases in accordance with Our data retention and security policies. If there is any data that We are unable, for technical reasons, to delete entirely from Our systems, We will put in place appropriate measures to prevent any further processing of such data. We retain anonymized data indefinitely.

NOTE: Once We disclose your Personal Data to third parties, We may not be able to access that Personal Data any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures. Written requests for deletion of Personal Data other than as described should be directed to privacy@jukeboxhealth.com.

What is Our Cookie and Tracking Technology Policy?

Cookies

Cookies are small files that a web server sends to your computer or device when you visit a web site that uses cookies to keep track of your activity on that site. Cookies also exist within applications when a browser is needed to view certain content or display certain content within the application. Cookies hold a small amount of data specific to that website, which can later be used to help remember information you enter into the site (like your email or other contact info), preferences selected, and movement within the site. If you return to a previously visited web site or application (and your browser has cookies enabled), the web browser sends the small file to the web server, which tells it what activity you engaged in the last time you used the web site or application, and the server can use the cookie to do things like expedite logging in and retrieving user data and keeping your browser session secure.

We may use cookies and other technologies to, among other things, better serve you with more tailored information, and to facilitate efficient and secure access to the Services. We use essential cookies. Essential cookies are those necessary for Us to provide services to you. We have provided, below, a full list of Our cookies, categorized as described above. We have described the purpose of each, whether they are Jukebox Health or Third-Party cookies, and have  indicated which cookies are “session cookies” (which last for as long as you keep your browser open) or “persistent cookies” (which remain on your hard drive until you delete them or they expire).

Cookies Used

Name

Purpose

First- or Third-Party

Duration

__eventn_id

Shopify event ID tracking.

First

Persistent

__cf_bm

Allows product bundles to be displayed on the site.

Third

Persistent

_cmp_a

Determines whether certain banners should be displayed to user.

First

Persistent

_fbp

Facebook Connect tracking cookie.

First

Persistent

_ga

Google Analytics tracking cookie.

First

Persistent

_gat

Google Analytics tracking cookie.

First

Persistent

_gid

Google Analytics tracking cookie.

First

Persistent

_hjSessionUser_[id]

Hotjar session tracking cookie.

First

Persistent

_hjSession_[id]

Hotjar session tracking cookie

First

Persistent

_landing_page

Tracks partner landing page associated with current user.

First

Persistent

_org_referrer

Tracks original referrer to site.

First

Persistent

_pay_session

Shopify pay session cookie.

Third

Session

_shopify_s

Shopify session data.

First

Persistent

_shopify_sa_p

Shopify session data.

First

Persistent

_shopify_sa_t

Shopify session data.

First

Persistent

_shopify_y

Shopify session data.

First

Persistent

_tracking_consent

Shopify cookie consent tracking data,

First

Persistent

cart_currency

Stores user’s currency; used to display pricing.

First

Persistent

keep_alive

Shopify session data.

First

Persistent

localization

Stores current locale.

First

Persistent

receive-cookie-deprecation

Shopify session data.

First

Session

secure_customer_sig

Shopify session data.

First

Persistent

shopify_pay_redirect

Shopify session data pertaining to Shopify Pay usage.

First

Persistent

 

Tracking Technologies

We may also collect information using cookies, web storage, pixel tags, web beacons, clear GIFs, or other similar technologies provided or hosted by Ourselves or Third-Party services. These Tracking Technologies may be used to perform analysis on the website and its visitors, including usage analysis, determining or diagnosing issues, or analyzing traffic to and from the website. These may also be used in connection with some web site or application pages and HTML ­formatted email messages to, among other things, track the actions of users and email recipients, and compile statistics about usage and response rates.

Tracking technologies may obtain any of the following information about you: IP addresses, date and time of visit, pages viewed, click path, information about your browser and device, referrer URLs, location data, and purchase activities. Where feasible, We will attempt to anonymize data collected.

We utilize the following providers of tracking technologies within the website:

  • Google Analytics: The website utilizes Google Analytics for the purpose of tracking visitor behavior across the website. Google Analytics uses cookies and other identifiers to process and collect data. More information on how Google Analytics uses the information it collects and how you can control what information is collected by Google Analytics can be found at https://policies.google.com/technologies/partner-sites?hl=en-US&gl=us and https://marketingplatform.google.com/about/analytics/terms/us/.
  • Facebook Connect: The website utilizes Facebook Connect for the purpose of attributing visitor behavior on the website to specific advertising and marketing campaigns that run on outside platforms or advertising services. More information on Facebook’s Privacy Policy may be found at: https://www.facebook.com/privacy/policy/
  • Hotjar: The website uses Hotjar for the purpose of tracking visitor behavior across the website. Hotjar may use cookies and other identifiers to process and collect data. More information on Hotjar’s privacy features may be found at https://www.hotjar.com/privacy/.

How can You “Opt Out” of Cookies?

If you prefer, you can choose to set your browser to remove and reject cookies.

How We Respond to Do Not Track (“DNT”) Signals

You may have configured your browser or device to issue a “Do Not Track” (“DNT”) signal. Because there is yet no industry or legal standards for recognizing or honoring DNT signals, the website does not respond to them at this time.

 How do We protect Your Personal Data?

Jukebox Health is committed to protecting the security and confidentiality of your Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information you transmit to Us. By using the Services, you are assuming this risk.

Safeguards

The information collected by Jukebox Health and stored on secure servers, is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If Jukebox Health learns of a security concern, We may attempt to notify you and provide information on protective steps, if available, through the e­mail address or phone number that you have provided to Us. Depending on where you live, you may have a legal right to receive such notices in writing.

You are solely responsible for protecting information entered or generated via the Services that is stored on your device and/or removable device storage. Jukebox Health has no access to or control over your device’s security settings, and it is up to you to implement any device­level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access Our Services.

Notwithstanding any of the steps taken by us, it is not possible to guarantee the security or integrity of data transmitted over the internet. There is no guarantee that your personal data will not be accessed, disclosed, altered, or destroyed despite the implementation of our physical, technical, or administrative safeguards. Therefore, we do not and cannot ensure or warrant the security or integrity of any personal data you transmit to us and you transmit such personal data at your own risk.

Optional

The privacy of the individually identifiable health information We collect in connection with some of Our relationships with healthcare providers (“Covered Entities”), may be protected by federal law (the Health Insurance Portability and Accountability Act or HIPAA, the HITECH Act, and their regulations). Your individually identifiable health information may also be protected by state privacy laws in some instances. This health information is referred to as “Protected Health Information” (“PHI”). In providing Our services or products, We may be a “Business Associate” (as defined by HIPAA regulations), but We are not a Covered Entity. Your PHI will only be used for the purpose of supplying you with products or services that you request, for Our own management and administration purposes, or for other purposes for which you have given your consent, except where otherwise permitted by law.

In instances where you have authorized the Company to use and disclose your PHI for certain purposes, you may withdraw your consent in the future. You may withdraw your consent by sending your request in writing to: privacy@jukeboxhealth.com or a letter addressed to Jukebox Health at PO Box 12, Shelter Island Heights, NY 11965. Please note that your withdrawal will not be effective until Jukebox Health receives your request and will not apply to uses and disclosures that Jukebox Health has already made in reliance on your consent.

How can You Protect Your Personal Data?

In addition to securing your device, as discussed above, We will NEVER send you an e­mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e­mail requesting such information. If you receive such an e­mail purportedly from Jukebox Health, DO NOT RESPOND to the e­mail and DO NOT click on any links and/or open any attachments in the e­mail, and notify Jukebox Health support at privacy@jukeboxhealth.com.

You are responsible for taking reasonable precautions to protect your user ID, password, and other      information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify Jukebox Health at privacy@jukeboxhealth.com if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.

Your rights
You have certain rights relating to your Personal Data, subject to local data protection laws. These rights may include:

  • to access your Personal Data held by Us;
  • to erase/delete your Personal Data, to the extent permitted by applicable data protection laws;
  • to receive communications related to the processing of your personal data that are concise, transparent, intelligible, and easily accessible;
  • to restrict the processing of your Personal Data to the extent permitted by law (while We verify or investigate your concerns with this information, for example);
  • to object to the further processing of your Personal Data, including the right to object to marketing;
  • to request that your Personal Data be transferred to a third party, if possible;
  • to receive your Personal Data in a structured, commonly used, and machine-readable format;
  • to lodge a complaint with a supervisory authority;
  • to rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete; and
  • to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making").

Where the processing of your Personal Data by Jukebox Health is based on consent, you have the right to withdraw that consent without detriment at any time or to exercise any of the rights listed above by emailing Jukebox Health at privacy@jukeboxhealth.com.

How can You update, correct, or delete Personal Data?

You can change your e­mail address, and other contact and personal information by emailing us at privacy@jukeboxhealth.com. Please note that in order to comply with certain requests to limit use of or delete your Personal Data, We may need to terminate your account and your ability to access and use the Services, and you agree that We will not be liable to you for such termination or for any refunds of prepaid fees paid by you. You can deactivate your account by emailing privacy@jukeboxhealth.com.

Although We will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from Our systems every record of your Personal Data. The need to back up Our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a non­-erasable form that will be difficult or impossible for Us to locate or remove. Additionally, we may need to retain Personal Data to comply with federal and state laws.

Can You “OPT ­OUT” of receiving communications from Us?

We pledge not to market third party services to you without your consent. We only send e­mails or SMS texts to you regarding your Jukebox Health account and services (“transactional” emails and communications) unless you indicate to us that you do not wish to receive these types of communications. We will not send you marketing or other commercial emails or SMS text messages not related to your account and services without your express prior consent , We will provide you with the option to opt out of such marketing emails and SMS text messages within the applicable message.

Information submission by minors

We do not knowingly collect Personal Data from individuals under the age of 18 and the Services are not directed to individuals under the age of 13. We request that these individuals not provide Personal Data to Us. If We learn that Personal Data from users less than 18 years of age has been collected, We will deactivate the account and take reasonable measures to promptly delete such data from Our records. If you are aware of a user under the age of 13 using the Services, please contact Us at privacy@jukeboxhealth.com.

If you are a resident of California, under the age of 18 and have registered for an account with Us, you may ask Us to remove content or information that you have posted to Our website.

California Residents - CCPA Privacy Notice

California residents may request and obtain from Us, once a year, free of charge, a list of third parties, if any, to which We disclosed their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If you are a California resident and wish to obtain that information, please submit your request by sending Us an email at privacy@jukeboxhealth.com with “California Privacy Rights” in the subject line or by writing to us at Jukebox Health Inc., Attn. CCPA Privacy, 228 Park Ave. South, #36053, New York, NY 10003.

The California Code of Regulations defines a “resident” as:

  1. Every individual who is in the State of California for other than a temporary or transitory purpose and
  2. Every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.

All other individuals are defined as “non-residents.” This section applies to “residents” as defined above.

What categories of Personal Data do We collect?

We collect Personal Data using the methods described in the “What Personal Data do We collect?” section of this Privacy Policy. We have collected the following categories of Personal Data in the past twelve (12) months:

Category

Examples

Collected

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.

Yes

B. Personal information as defined in the California Customer Records statute

Name, contact information, education, employment, employment history, and financial information

Yes

C. Protected classification characteristics under California or Federal law.

Age, date of birth, gender, race, or physical or mental disability.

Yes

D. Commercial information

Records of personal property, products or services purchased, or other transaction information.

Yes

E. Biometric information

Fingerprints, voiceprints.

No

F. Internet or other electronic network activity information

Browsing history, search history, and information regarding a consumer’s interaction with an Internet website application.

Yes

G. Geolocation data

Device or browser location.

Yes

H. Audio, electronic, visual, thermal, olfactory, or similar information.

Images; and audio, video, or call recordings created in connection with business activities, like customer service calls.

Yes

I. Professional of employment-related information

Current or past job history, or performance evaluations.

No

J. Non-Public Education Information

Student records, or grades.

No

K. Inferences drawn from other personal information

Inferences drawn from information collected above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

L. Sensitive personal information

Personal information that reveals: social security, driver’s license, or passport number; account logins; financial account, debit or credit card numbers; or geolocation.

Yes

 We will use and retain the collected Personal Data as specified above.

Sharing Personal Information

We disclose Personal Data for business purposes listed in the “How will We use your Personal Data” section of this Privacy Policy. We may disclose Personal Data to entities set forth in the “Will We share your Personal Data with anyone else?” section of the Privacy Policy.

In the preceding twelve (12) months, we have disclosed the following categories of information for a business purpose:

  • Category A: Identifiers
  • Category B: Personal information as defined in the California Customer Records Statute
  • Category C: Protected classification characteristics under California or Federal Law
  • Category D: Commercial information

In the preceding twelve (12) months, we have not sold any Personal Data as defined under Section 1798.140 (t) of the CCPA.

Your Rights under the CCPA

The CCPA provides California residents with specific rights regarding their Personal Data. Those rights include:

  • Right to know: You may request that We disclose to you what Personal Data We have collected, used, shared, or sold about you, and why We collected, used, shared, or sold that information. To request this information, email privacy@jukeboxhealth.com with “California Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. CCPA Privacy, 228 Park Ave., South #36053, New York, NY 10003.
  • Right to delete: You have the right to request that We delete your Personal Data, subject to certain exceptions. Upon receiving and confirming your request, We will delete your Personal Data from our records, unless that Personal Data is subject to an exception. Note that Personal Data subject to State and Federal laws, regulations, or statutes, including, but not limited to HIPAA, is excepted from this right. Common exceptions why We may deny your request and keep your Personal Data include:
    • The information is exempt from the CCPA.
      • This includes medical information.
    • We cannot verify your request.
    • The Personal Data is required to complete your transaction, or provide you with a reasonably anticipated product or service.
    • For certain business security practices.
    • To debug to identify and repair errors that may impair existing intended functionality.
    • For certain internal uses that are compatible with reasonable consumer expectations or the context in which the information was provided.
    • To comply with legal obligations, exercise legal claims or rights, or defend legal claims.
    • Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when the business’ deletion of the information is likely to render impossible or seriously impair the ability to complete such research, if you have provided informed consent.

This list above is not exhaustive and is given to show common examples. We do not constrain Our rights to deny requests to the exceptions listed above.

  • Right to opt-out: You may request to opt-out of having your Personal Data sold or shared. To opt-out, email privacy@jukeboxhealth.com with “California Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. CCPA Privacy, 228 Park Ave., South #36053, New York, NY 10003.
  • Right to non-discrimination: We cannot discriminate against you for exercising your rights under the CCPA. However, if you refuse to provide your Personal Data or if exercising a right otherwise renders your Personal Data unusable to Us and your Personal Data is necessary for Us to provide you with products and services, We may not be able to provide those products and services or complete transactions with you.
  • Right to correct: You may ask Us to correct information that We have about you. To request a correction, email privacy@jukeboxhealth.com with “California Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. CCPA Privacy, 228 Park Ave., South #36053, New York, NY 10003.
  • Right to limit use and disclosure of sensitive personal information: You can direct Us to only use your Personal Data for limited purposes, such as providing you with the services you requested.

Exercising Your CCPA rights

To exercise your rights under the CCPA as a California resident, you can email privacy@jukeboxhealth.com with “California Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. CCPA Privacy, 228 Park Ave., South #36053, New York, NY 10003. In your request, please provide sufficient detail so that We can properly evaluate and respond to your request; absent detail, We will not be able to process your request. 

After receiving your request, We will need to verify your identity to determine that you are the individual whose Personal Data We have collected. Verification methods may depend on the circumstances of the request. We will attempt to limit collecting additional information from you for the purposes of verification.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please email privacy@jukeboxhealth.com with “California Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. CCPA Privacy, 228 Park Ave., South #36053, New York, NY 10003.

We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

If you are age 16 or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by visiting the following Internet Web page link: https://arsl.at/m5gP9oLl

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by filling out the form at this Internet Web page link: https://arsl.at/m5gP9oLl

 You do not need to create an account with us to exercise your opt-out rights. We will only use personal information provided in an opt-out request to review and comply with the request.

 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. We do not currently provide financial incentives.

NEVADA RESIDENTS

In addition to the above sections of the Privacy Policy, the following sections apply to Nevada residents.

Sale of Personal Data

Per Nevada Revised Statutes Chapter 603A, We do not sell the Personal Data of Nevada consumers. Requests pertaining to the sale or use of Personal Data may be emailed to privacy@jukeboxhealth.com with “Nevada Privacy Rights” in the subject line.

Requests to review or change Personal Data

Nevada residents may request to review or request changes to their Personal Data by sending Us an email at privacy@jukeboxhealth.com with “Nevada Privacy Rights” in the subject line.

Updates to the Privacy Policy

We may make updates to this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date, and will be effective as soon as it is published. The latest version of the Privacy Policy will be posted at https://jukeboxhealth.com/pages/privacy-policy. In the event of material changes to the Privacy Policy, We may provide notification to you by posting a notice; directly sending you a notification, such as an email; or through other means. We encourage you to regularly review this Privacy Policy to be informed of how We are protecting your Personal Data.

 Contact Us

If you have any questions about this Privacy Policy, please contact Us by email at privacy@jukeboxhealth.com or please write to: Jukebox Health Inc. at 228 Park Ave S, Suite 36053 New York, NY 10003. Please note that email communications are not always secure; so please do not include sensitive information in your emails to Us.

WASHINGTON RESIDENTS

Last modified: 07/17/2024

 This Washington Consumer Health Data Privacy Policy (“Policy”) describes the practices of Jukebox for collecting and using Washington residents' consumer health data, as that term is defined in the Washington My Health My Data Act (RCW 19.373.005 to 19.373.900).

This Policy applies to the sites, products, applications, platforms, or other services linking to this Policy. This Policy does not apply to any sites, products, applications, platforms, or other services not directly linking to this Policy.

Please read this Policy carefully to understand our policies and practices regarding your consumer health data and how we will treat it. If you do not agree with our policies and practices, you should not use the sites, products, applications, platforms, or other services linking to this Policy.

Other privacy policies may apply for your personal information that is not consumer health data and if you are not a Washington resident.

Consumer Health Data We May Collect About You

We collect and use different types of consumer health data from and about you, including:

  • Information about any of the following:
    • individual health conditions, treatment, diseases, or diagnoses;
    • diagnostic testing, treatment, or medication;
    • social, psychological, behavioral, or medical interventions; or
    • bodily functions, vital signs, symptoms, or measurements of physical or mental health status.
  • Data identifying a consumer seeking health care services. Health care services means any service provided to a person to assess, measure, improve, or learn about a person's mental or physical health, including but not limited to:
    • individual health conditions, status, diseases, or diagnoses;
    • social, psychological, behavioral, and medical interventions;
    • health-related surgeries or procedures;
    • use or purchase of medication;
    • bodily functions, vital signs, symptoms, or measurements of the information described in this subsection; or
    • diagnoses or diagnostic testing, treatment, or medication;
  • Precise location information that reasonably indicates a consumer's attempt to receive or acquire health services or supplies.
  • Any inferences of the above categories derived, extrapolated, or inferred from non-health information.

We use these categories of consumer health data for the following purposes:

  • Fulfilling the purposes for which you provided the data or that were described when it was collected.
  • Performing the services or providing the goods that you request from us and responding to your questions or requests for information.
  • Notifying you about changes to our sites, applications, products, or services.
  • Facilitating services and operations performance, security, and integrity, including:
    • undertaking activities to prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted consumer health data or that otherwise threaten to compromise the performance, security, or integrity of our business; and
    • performance analytics, identity verification and authorization, site and application optimization, and quality control.
  • Recordkeeping and auditing.
  • Complying with our legal obligations and risk management, audit, investigations and reporting, and other legal and compliance reasons.
  • Administering customer accounts and preferences.
  • Our internal research and product or service design and development.

Consumer Health Data Sources

We collect consumer health data from the following sources:

  • You, including when you request certain health-related products and services, sign up for email lists or programs, and during your use of and engagement with Jukebox Health services and programs.
  • Your device when you visit or interact with our sites, applications, or services, including through cookies, web beacons, and similar technologies that automatically send us information when you browse, use, visit, or otherwise interact with our sites, applications, or services.
  • Authorized/legal representatives, family members, and caregivers.
  • Health care providers.
  • Health insurance companies and other payors.
  • Our business partners, including healthcare companies, benefits administrators, or other companies, who provide us with information about their consumers who may wish to use or may benefit from our products and services. 

Consumer Health Data Disclosures

We do not sell your consumer health data/We only sell your consumer health data if you give us your permission.

We may disclose any of the consumer health data categories listed above to processors, service providers, and contractors that help us provide products and services to you and to our affiliates. We may also disclose your consumer health data to other third parties, including:

  • Your healthcare provider(s) per your request.
  • Healthcare plans or other service providers who may have referred you to Us.
  • Third-parties that help Us power Our Services, including hosting providers and software application providers.
  • Affiliates and vendors in connection with providing you requested Services, including Occupational Therapists and installation professionals.
  • Governments or other entities when legal or enforcement issues arise.
  • Additional third parties as necessary in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Jukebox Health’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings).

We instruct these affiliates, processors, service providers, and third parties to only use consumer health data as permitted by our contracts with them and consistent with applicable law.

We may also disclose consumer health data as permitted by applicable law, including:

  • With your consent.
  • To prevent, detect, protect from, or respond to security incidents, identity theft, fraud, harassment, or malicious or deceptive activities.
  • To a third party acquiring our assets if Company sells its business or otherwise is part of a merger, acquisition, bankruptcy, or other transaction involving a third party taking control of our assets or business.
  • To investigate, report, or take legal action to protect our rights, property, and safety and the rights, property, and safety of others.
  • To protect your or others’ vital interests, including health and safety.

Your Privacy Rights

You have specific rights with respect to your consumer health data. You have the right to:

  • Request confirmation that we collect, share, or sell your consumer health data.
  • Request access to your consumer health data that we have collected or control, including:
    • a list of all third parties and affiliates that we have shared or sold your consumer health data to; and
    • the email addresses or other online method to contact those third parties and affiliates.
  • Withdraw your consent for our collection and sharing of your consumer health data.
  • Request that we delete your consumer health data.]

To exercise any of your rights under Washington consumer health privacy law, please contact us at privacy@jukeboxhealth.com with “Washington Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. Washington My Health My Data Act, 228 Park Ave., South #36053, New York, NY 10003.

To make an inquiry or comment about this Policy or our privacy practices, contact us at:

privacy@jukeboxhealth.com with “Washington Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. Washington My Health My Data Act, 228 Park Ave. South #36053, New York, NY 10003.

TEXAS RESIDENTS

Texas residents have privacy rights enumerated in the Texas Data Privacy and Security Act (TDPSA). In addition to the above sections of the Policy, the following sections apply to Texas residents.

Categories of Personal Data Processed

We collect Personal Data using the methods described in the “What Personal Data do We collect?” section of this Privacy Policy. We have collected the following categories of Personal Data in the past twelve (12) months: 

Category

Examples

Collected

A. Identifiers

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.

Yes

B. Personal information as defined in the California Customer Records statute

Name, contact information, education, employment, employment history, and financial information

Yes

C. Protected classification characteristics under California or Federal law.

Age, date of birth, gender, race, or physical or mental disability.

Yes

D. Commercial information

Records of personal property, products or services purchased, or other transaction information.

Yes

E. Biometric information

Fingerprints, voiceprints.

No

F. Internet or other electronic network activity information

Browsing history, search history, and information regarding a consumer’s interaction with an Internet website application.

Yes

G. Geolocation data

Device or browser location.

Yes

H. Audio, electronic, visual, thermal, olfactory, or similar information.

Images; and audio, video, or call recordings created in connection with business activities, like customer service calls.

Yes

I. Professional of employment-related information

Current or past job history, or performance evaluations.

No

J. Non-Public Education Information

Student records, or grades.

No

K. Inferences drawn from other personal information

Inferences drawn from information collected above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

No

L. Sensitive personal information

Personal information that reveals: social security, driver’s license, or passport number; account logins; financial account, debit or credit card numbers; or geolocation.

Yes

Purpose for Processing Data

Jukebox Health processes your data for the purposes of providing the products and services to you, including, but not limited to, the following:

  • Facilitating in-home safety assessments and home modification services provided by Jukebox Health’s affiliated professionals (“professionals”) to individuals requiring such assessments (“clients”).
  • Scheduling appointments for such in-home assessments.
  • Generate recommendation reports for necessary home modifications.
  • Services necessary to schedule, facilitate, install or otherwise provide home modifications.

Third Parties

Jukebox Health may share data with third parties to facilitate Services to you. The third parties with which we share data and the types of data that we may share with them may include:

  • Your healthcare provider(s) per your request.
  • Healthcare plans or other service providers who may have referred you to Us.
  • Third parties that help Us power Our Services, including hosting providers and software application providers.
  • Affiliates and vendors in connection with providing you requested Services, including Occupational Therapists and installation professionals.
  • Governments or other entities when legal or enforcement issues arise.
  • Additional third parties as necessary in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Jukebox Health’s corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Exercising your rights

To exercise your rights under the TDPSA, you may contact us at privacy@jukeboxhealth.com with “Texas Privacy Rights” in the subject line or write to us at Jukebox Health Inc, Attn. TDPSA, 228 Park Ave. South #36053, New York, NY 10003.    

Jukebox Health will respond to requests in a timely manner not to exceed 45 days. Jukebox Health may need to verify your identity after receiving your request to determine you are the individual to whom this data belongs. Verification methods may depend on the circumstances of the request. We will attempt to limit collecting additional information from you for the purposes of verification. When an extension of the initial 45-day period is reasonably necessary, Jukebox Health will notify you and extend this period by an additional 45 days.

Exemption - Personal Health Information and Health Records

The TDPSA provides exemptions for information considered to be Personal Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) and/or Health Records. As Jukebox Health operates as a Business Associate and collects and processes PHI and Health Records, your data may be considered PHI under HIPAA and/or a Health Record and thus may be exempt from the sections above.