Witty Health Inc. was created to build a global ecosystem enabling personalized treatment and precise medicine for millions of cancer patients. "OncoPower", Witty Health Inc. connects patients and physicians for cutting edge cancer and other medical care.
In general, when we provide the Services, we act as a service provider and data processor or sub-processor on behalf of our business and/or individual customers who are data controllers when such customers use our Services and Sites. This means that we process personal information only according to our customers’ instructions in accordance with our Terms of Service or other applicable contract with a given customer.
We may act as a data controller for other types of personal information where we determine the purposes and means of processing of that data, such as personal information used for marketing or research purposes or during registration and onboarding of new customers.
Where we do act as a controller of your personal information for certain limited purposes, our lawful bases for processing include:
You may contact us at firstname.lastname@example.org if you have questions or issues relating to our use of your personal information where we act as a data controller.
If you feel we have not adequately addressed an issue, you have the right to lodge a complaint with your local data protection authority.
This policy is in accordance with COPPA and outlines our practices in the United States and any other territories in which we operate regarding children’s personal information. For more information about COPPA and general tips about protecting children’s online privacy, please visit: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule. We do not knowingly or intentionally collect or maintain personally identifiable information from persons under 13 years old, and no part of our website or application is directed to persons under 13. IF YOU ARE UNDER 13 YEARS OF AGE, PLEASE DO NOT USE OR ACCESS OUR SERVICES AT ANY TIME OR IN ANY MANNER. If Witty learns that personally identifiable information of persons less than 13 years old has been collected without verifiable parental consent, then we will take appropriate steps to delete this information. If you are a parent or guardian and discover that your child under the age of 13 has obtained a Witty account, then please alert us at email@example.com and request that we delete that child’s personal information from our systems.
Witty collects publicly available information about physicians in a database to provide a directory and referral service to other healthcare professionals and create a profile for each (“Profile”). This Profile may include the physicians’ names, office addresses, office phone numbers and fax numbers, specialties, and the medical school and training institutions the physicians attended. We may also receive this information from other Application Programming Interface (“API”) partners, such as Doximity or LinkedIn. Almost all oncology doctors, and many other healthcare professionals, are included within our database. If a physician registers and becomes a User (“Physician User”), you are agreeing that the information that we have collected about you in your Profile is accurate, so please verify your Profile and advise us of any changes.
The following fields may be required to register as a patient, caregiver or a family User during the registration process:
We use third part services to verify the identification of Users.
The following fields are required for Physician Users during the registration process to ensure that Witty’s network is a useful directory for its members:
Physician Users are required to additionally enter or confirm the medical school that they attended, year of graduation and birthday. Most of this information, other than email address, will already be included in Physician User’s profile, but we ask that the Physician User verify that the information is correct, and update it where necessary. We use either the Physician User’s Doximity login or Onfido service provider login for identifying Physician Users.
We also give Physician Users the option to provide the following additional information:
Providing such information is completely optional and choosing not to provide this information will not affect the Physician User’s ability to browse the Witty directory or use the Witty Services. All of the information that is publicly available, the information that you voluntarily provide or the information that is gathered via Doximity will be included in your profile, which is accessible to anyone browsing the Witty directory, EXCEPT your birth year, year you graduated from medical school, and your email address.
In order to secure your personal information, access to your data on our Sites and Services is password protected and you are responsible for keeping this password confidential and to protect the security of your login information. Please do not share your password with anyone.
Once you have completed the registration process, you may at any time provide additional information to your Profile. Depending on the type of User, such information may include the following: medical group, IPA and hospital affiliations, internship, residency program, fellowships, work history, presentations, publications, education, professional interests, memberships, and board certifications. Providing additional information is entirely optional for each User, however any additional information enables the User to better identify themselves and find new opportunities in the Witty Service to build and leverage their professional network. All of the information that is publicly available or that you voluntarily provide will be published on your profile, which is accessible to anyone browsing the Witty directory; EXCEPT (i) the year(s) you graduated from your internship, (ii) residency and/or (iii) fellowship programs. Any information you provide to us, whether during the registration process or as an update to your Profile, may be used in the same manner and extent to which other information is permitted to be used hereunder, including for the purpose of creating and serving advertisements through the Service.
If you choose, you may create a private profile on our Sites and Services. The private profile can consist of back line, mobile phone, home phone, other phone, pager, inpatient and admit number, email address or other private mode of communication. Your private profile is visible only to those Users with whom you select to share it.
If you wish to invite other physicians, Clinicians (as defined below) or colleagues to join Witty, you can use our email invitation service to email their offices. In this case, no additional information about you is collected. Alternatively, you may enter their names and email addresses, which Witty will use to send your invitation, including a message that you may write to them. The names and email addresses of people that you invite will be used only to send your invitation and reminders.
Witty may collect information through our website or through Customer Support in order to, among other things, accurately categorize and respond to your inquiries and deliver the appropriate Services.
You can review the personal information you provided us and make any desired changes to the information you publish, or to the settings for your Witty account, including your email and contact preferences, at any time by emailing firstname.lastname@example.org. You can also make these changes on the Witty website by updating your Profile. Please be aware that even after your request for a change is processed, Witty may, for a time, retain residual information about you in its backup and/or archival copies of its database.
Witty is an online platform dedicated to helping medical professionals more effectively connect with one another and to assist patients with obtaining the best possible medical care no matter where they are located. The information you choose to provide about yourself on the Site is used to help you describe yourself to other Users; to provide you with the Services; to improve healthcare quality through the performance of quality reviews and similar activities; to notify you when site updates are available; to market and promote the Site and the Services to you; to fulfill any other purpose for which you provide us your personal information; and for any other purpose for which you give us authorization. Other information, that does not personally identify you as an individual, is collected by Witty from Users (such as, for example, patterns of utilization) and is exclusively owned by Witty. This information can be utilized by Witty in such manner as Witty, in its sole discretion, deems appropriate.
Witty may enter into agreements with Physician Users and other healthcare providers who constitute a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. In order to comply with the Privacy Rule under HIPAA, which allows covered providers and health plans to disclose protected health information to these “business associates” if the providers or plans obtain satisfactory assurances that the business associate will use the information only for the purposes for which it was engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with some of the covered entity’s duties under the Privacy Rule, Witty Health maintains personal health information in compliance with the Privacy Rule as described further below.
THIS NOTICE PROVIDED BY US ON BEHALF OF COVERED ENTITIES UNDER HIPAA DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED, AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY AND REPORT ANY ISSUES, OR CONCERNS, TO US:
5850 San Felipe Suite 500
Houston, TX 77057
HIPAA is a federal program requiring that all medical records and other individually identifiable health information used, or disclosed, by us in any form, whether electronically, on paper, or orally, are kept properly confidential. This Act gives you significant rights to understand and control how your health information is used. HIPAA provides penalties for covered entities that misuse personal health information. We have prepared this "Notice of HIPAA Privacy Practices" to explain how we are required to maintain the privacy of your health information and how we may use and disclose your health information. We may use and disclose your health information or medical records for each of the following purposes: treatment, payment, and health care operations:
We may also create and distribute de-identified health information by removing all references to individually identifiable information. We may contact you to provide information about our services or other health-related services that may be of interest to you. Any other uses and disclosures will be made only by you or with your written authorization. You may revoke such authorization in writing, and we are required to honor and abide by that written request, except to the extent that we have already taken actions relying on your authorization.
YYou have the following rights with respect to your protected health information, which you can exercise by presenting a written request to:
ATTN: Legal Department
5850 San Felipe Suite 500
Houston, TX 77057
You have the right to ask for restrictions on the ways we use and disclose your health information for treatment, payment, and healthcare operations. You may also request that we limit our disclosures to persons assisting your care. We will consider your request but are not required to accept it.
You have the right to request that you receive communications containing your protected health information from us by alternative means or at alternative locations. For example, you may ask that we only contact you at home or by mail.
Except under certain circumstances, you have the right to inspect and copy medical, billing and other records used to make decisions about you. If you ask for copies of this information, we may charge you a nominal fee for copying, packaging, and postage.
If you believe that information in your records is incorrect, or incomplete, you have the right to ask us to correct the existing information or add missing information. Under certain circumstances, we may deny your request, such as when the information is accurate and complete.
You have a right to receive a list of certain instances when we have used or disclosed your medical information. If you ask for this information from us more than once every twelve months, charges may apply, to cover our costs for administration, archive retrieval, copying, packaging, and postage.
HIPAA generally requires that covered entities and business associates enter into contracts to ensure that the business associates will appropriately safeguard protected health information. A business associate contract serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. By using theSites and/or the Services, You agree to the terms provided in the Business Associate Agreement Witty entered into with certain HIPAA covered entities relating to any communications of electronic protected health information.
We may use or disclose your medical information, (1) to provide you with access to Physicians as anticipated by the Services offered by Witty, (2) to share your medical information with others who provide care to you such as hospitals, nursing homes, doctors, nurses, physician assistants, technicians, emergency service and transportation providers, medical and nursing students, therapists, medical equipment providers, pharmacies, and others involved in your care that may not be listed. Within the scope of care provided by the Physicians, they may share your medical information to assist with filling your prescriptions, requesting lab work and x-rays along with other medical needs that may not be listed. We may use or disclose your medical information, (1) to facilitate payment for the services provided by Witty or the Physician Users or its network physicians, vendors or providers, (2) to inform billing companies, insurance plan administrators, or others to acquire approval for anticipated care.
Witty will communicate with you through email and notices posted on the Sites or through other means available through the Service, including text and other forms of messaging. If we send any communications to you via the carrier Service with which you have a mobile communications subscription or otherwise have access, you understand you will pay any service fees associated with any such access (including text messaging charges for messages to your mobile device). Our communications to you include emails which help inform Users about various features of the Service. Witty may send you promotional information unless you have opted out of receiving such information. You can change your email and contact preferences at any time by sending a request to email@example.com or by updating your profile information.
Information provided to Witty (or to third parties with whom it offers combined Services) is also used to customize your experience on our website. For example, you can store “favorite” phone numbers for easy reference.
Witty takes the privacy of Users very seriously. We do not sell, rent, or otherwise provide your private information to third parties for their marketing or other purposes. We may provide data about the usage of our Services to third party Service providers with whom we contract to help us provide our Services and operate our Sites. For example, we may work with vendors, consultants or other third parties to host and maintain our data and website properties, analyze our data, or provide marketing assistance. All contracted third parties must agree not to use your personal information and communications other than to fulfill their responsibilities to us and are bound by confidentiality agreements with regard to their use of such information. We may provide aggregated anonymous data about the usage of our Services to third parties for such purposes as we deem, in our sole discretion, to be appropriate, including to prospective investors in Witty. We may segment our Users by specialty, education, alumni groups, training, research, grants, trials, geographic location or other similar information and provide information from your public profile as part of our Services and product offerings. If you would like to be excluded from the aggregated research or products based upon aggregated or segmented data and Users’ activities on the site, please email firstname.lastname@example.org.
As part of our Services, we may share personal information with accredited Continuing Medical Education (CME) and Continuing Education (CE) providers who certify CME and CE activities, to process CME or CE activities you may choose to take through our Service. As part of our Services, we may also share public profile information with medical leading publications and ranking bodies, such as U.S. News and World Reports to increase the visibility of our Users. When you use the Witty Service through a Witty website, newsletter, mobile app or other medium, you may be presented with advertisements or opportunities to engage in informational programs consisting of sponsor-selected content. Examples of these programs include sponsored news alerts or branded or unbranded discussion groups. All sponsored programs will be labeled clearly as a sponsored program. When you choose to engage with a sponsored program, such as engaging with a commercial client’s sponsored news alert, we may provide our commercial clients with your identifiable information and information about the type of engagement (e.g., whether you viewed, interacted with or requested information about such promotional content). We will only share your identifiable information with clients who have agreed to use such information solely for authorized purposes. You may revoke your authorization to participate in these features of our Services at any time. If you would like to be excluded from the accredited bodies, leading publications or commercial features of our Services, please email email@example.com.
We use your information, including the addresses you import through our contact importers, to make suggestions to you and other Users on Witty. For example, if another User imports the same email address as you do, we may suggest that you add each other as clinicians (“Clinicians”). To help your friends find you, we allow other Users to use contact information they have about you, such as your email address, to find you, including through contact importers and search.
We offer search Services to help you find information and learn more about other Users (for example, you can search for Users with particular expertise, or that you may know from your medical school). We use information from User profiles and other contributions to Witty to inform and refine our search Service.
As a User, you may receive requests to participate in market research including polls and surveys submitted by other Witty members. If you participate in surveys and polls offered through our website, the information you provide may be visible to others using the Witty website. You may opt-out of participating by emailing firstname.lastname@example.org to stop receiving these inquiries and requests.
Communications you initiate through our Sites and Services, such as invitations to Clinicians that are not a User, will list your name in the message, along with your current office address and phone/fax numbers. No other contact information will be included in the message.
Witty offers various forums (such as Witty Messaging, Onco-space and Onco-Klinic) where you can communicate with other Users, individuals and groups. Witty Users may communicate with one another using the Witty Messaging feature. Messages may only be initiated between two Users who have confirmed a Clinician relationship within the Witty network; or in the case of non-Physician Users (i.e., patients) who wish to connect with other non-physician Users (i.e., patients), each User must confirm that they wish to connect with other Users. In the case where a User has initiated a group message to two or more of his or her Clinicians or Users, recipients of this group message may “reply all” to the recipients of this group message, even though they are not all Clinicians. This is the only instance where a Clinician may receive a message from a non-Clinician. Sending messages may be sent securely or non-securely. Secure messages require recipients to confirm their identity by entering their PIN code prior to viewing. Non-Secure messages may be read by anyone with access to a User’s mobile device.
You can disable Messaging at any time under your “Settings” tab in your account. You can disable “push” notifications of new Messaging messages at any time through the settings on your mobile device.
It is possible that we may need to disclose personal information when required by law, such as responses to civil or criminal subpoenas, or other requests by law enforcement personnel. We will disclose such information when we have a good-faith belief that it is necessary to comply with a court order, ongoing judicial proceeding, subpoena, or other legal process or request to Witty brought in any country throughout the world, or to exercise our legal rights or defend against legal claims.
We may also disclose your personal and other information you provide, to another third party as part of reorganization or a sale of substantially all of the business of Witty. Any third party to which we transfer or sell Witty’s assets will have the right to continue to use the personal and other information that you provide to us.
You have a right to access, modify, correct and delete the personal information about you, which has been collected pursuant to your decision to become a User. If you update any of your information, we may keep a copy of the information which you originally provided to us in our archives for uses documented herein. We take your rights seriously and encourage you to use them as you deem necessary. You may exercise these rights by emailing us at email@example.com or by contacting us at:
Witty Health Inc.
5850 San Felipe Suite 500
Houston, TX 77057
iOS device users will also be able to delete their accounts by logging into their mobile application. Once logged in to your profile page click on more options to find the delete profile button. It will be prompted for a final confirmation, once confirmed all the user data will be deleted permanently.
You can also close your account at any time by emailing firstname.lastname@example.org. If you close your Witty account, we will remove all of the information that you have provided to Witty from our publicly viewable database, as well as any private profile information that you have stored with us, EXCEPT THAT, we will retain all publicly available data in the database, including all of the information about you that was available on our database prior to your joining the Witty network. We may also retain certain data contributed by you if we believe it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law. If you close your Witty account, we will remove all of the information that you have provided to Witty from our publicly viewable database, as well as any private profile information that you have stored with us, EXCEPT THAT, we will retain all publicly available data in the database, including all of the information about you that was available on our database prior to your joining the Witty network. We may also retain certain data contributed by you if we believe it may be necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally identifiable data, account recovery, or if required by law.
To request that we close your account and remove your information from the Witty website, please send your request to email@example.com. Please send your request using an email account that you have registered with Witty under your name. You will receive a response within five business days of its receipt.
If we learn that a User is deceased, we may memorialize the User's account. We may restrict profile access and remove messaging functionality. We close an account if we receive a formal request from the User's next of kin or another proper legal request to do so.
Insurance data on Witty is offered for informational purposes only, should not be relied upon, and Users agree to hold harmless Witty and its data suppliers for use of the data.
We have a number of security measures in place to protect your personal Information from unauthorized access, disclosure, alteration or destruction. Although no online service can guarantee the absolute security of your personal information, we are committed to implementing strong physical, technical and administrative safeguards. These procedures include the use of firewalls, secure connections on our websites, and the use of Secured Socket Layers (SSLs) to encrypt pages that collect personal information. Personal information is stored in limited access servers and physical access to our servers requires individual authorization and authentication. Only authorized Witty employees or contractors carrying out permitted functions are allowed access to personal information. In addition, each employee and contractor of Witty is required to sign a confidentiality agreement requiring him or her to keep confidential all Personal Information of Users and customers. We regularly train our employees and contractors on proper use and handling of personal information. Employees and contractors who violate these policies may be subject to disciplinary action, termination of their employment and legal action. Our service providers are also required to maintain security measures similar to Witty. However, for added protection, we ask that you keep your login information and passwords confidential. By using the Services or providing personal information to us, you agree that we may communicate with you electronically about security, privacy, and administrative issues relating to your use of the Services. If you have reason to believe that your interaction with Witty is no longer secure, please email us immediately at firstname.lastname@example.org or by contacting us at:
Witty Health Inc.
ATTN: Security Issues
5850 San Felipe Suite 500
Houston, TX 77057
NOTICE TO CALIFORNIA RESIDENTS
If you are a California resident, certain personal information that we collect about you is subject to the California Consumer Privacy Act (CCPA).
You have the right to request we provide you with details about the personal information we collect and disclose about you within the prior 12 months, including: (i) the categories of personal information we collect about you, (ii) the categories of the sources of personal information we collect about you, (iii) our business or commercial purpose for collecting that information, (iv) the categories of personal information that were disclosed for a business purpose, (v) the categories of third parties to whom we disclosed that personal information, and (vi) the specific pieces of personal information we collect about you. Where we act as a service provider, data processor or sub-processor in providing the Services on behalf of our customers, we will pass your request/s related to your personal information to the applicable customer who acts as a data controller or a business with respect to your Personal Information.
You may also request that we delete your personal information.
These rights are subject to certain exceptions and limitations permitted by CCPA.
To submit an access or deletion request, you may email us at email@example.com stating your request with sufficient detail and providing information that allows us to reasonably verify you as the person whose data is the subject of such request. We will not respond to more than two requests from you in a 12-month period. We may require that you provide information and follow procedures so that we can verify the request and your jurisdiction before responding to it. The verification steps we take may differ depending on the request you make. We will match the information that you provide in your request to information we already have on file to verify your identity. If we are able to verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us verify your request.
California residents will be required to submit their first and last name and email address and may also be asked to provide their telephone number or address so that we can verify the request. Please provide as much of the requested information as possible to help us verify the request. We will only use the information received in a request for the purposes of responding to the request.
California law permits California residents to use an authorized agent to make privacy rights requests. We require the authorized agent to provide proof of the California resident’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the California resident. An authorized agent must follow the process described below to make a request. We will additionally require the authorized agent to verify his/her own identity.
We will not discriminate against you if you exercise your rights under CPPA. By exercising your rights you will not be (i) subject to denial of goods or services, (ii) charged a different price or rate, or (iii) provided different quality of service.
CCPA also requires specific disclosures for California consumers:
Witty Health does not currently take actions to respond to “Do Not Track” signals.
We do not sell consumers’ covered information for monetary consideration (as defined in Chapter 603A of the Nevada Revised Statutes). However, if you are a Nevada resident, you have the right to submit a request directing us not to sell your Personal Information. To submit such a request, please contact us at firstname.lastname@example.org.
Witty is a United States company and the Services are provided from the United States. Our servers are located in the United States and your information is transferred to, stored, and processed in the United States in accordance with the laws of the United States. Our provision of the Services to you is not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States of America.
If you are a User who resides outside the United States, please be aware that information we collect will be transferred to and processed in the United States and may be processed and stored in other countries outside the United States which may have data protection laws that differ from the laws in your country. By using the Sites and/or Services, registering for the Sites and/or Services or providing us with any information, you consent to the collection, processing, maintenance and transfer of such information in and to the United States and other applicable countries in which the privacy laws may not be as comprehensive as, or equivalent to, those in the country where you reside and/or are a citizen.
How to Contact Us
Witty Health Inc.
Last Version: January 20, 2022