At OneRecord, you come first. You can trust us to keep your information safe, secure, and in your control.
Personal Information Provided by You
Through our Website
We collect your personal information through our website when you choose to provide that information, such as when you:
- submit information through the "Contact" page of our website,
- register on our website,
- respond to our communications (for example, when you respond to an email from us),
- submit your email address through our website's "Get Involved" feature, or
- participate in another one of our website features
The personal information that we collect can include your:
- email address,
- phone number, or
- mailing address
When you sign up or register on our website, we may ask you for your name, email address, mailing address, phone number or other information, but you may still visit our website without providing that information.
Through our mobile application and personal health record
Our mobile application and personal health record collect your personal information when you create a new account:
- First Name
- Last Name
- Date of Birth
- Phone Number
- Email Address
In addition, we collect and keep your medical information through the personal health record and sync your medical record information from your healthcare provider or another third-party source using our HealthFeed feature.
We collect your registration and user account information. We also collect information when you choose to communicate with us or voluntarily engage with website or mobile application features. Our servers collect log information used to make the website faster and better. You can choose not to share information with us, but your experience using our Services may be limited.
Upon your permission, the OneRecord app will collect your device’s GPS location. If this permission is granted, OneRecord will acquire this device’s location only for the purpose of finding nearby hospitals from which to retrieve medical records to add to your health profile, including COVID-19 test results and vaccination records.
Upon your permission, the OneRecord app will require the use of your device’s camera to import data by capturing photos or scanning QR codes. Only the photos and QR codes you choose will be uploaded to OneRecord for the purpose of adding your records to your health profile, including COVID-19 test results and vaccination records. OneRecord needs this permission in order for you to upload files to your OneRecord account. With this permission, only the images and files you choose will be uploaded to OneRecord for the purpose of adding your records to your health profile, including COVID-19 test results and vaccination records.
OneRecord may also access your device’s Service Set Identifier (SSID) and Basic Service Set ID (BSSID) to determine the connectivity state of your application and whether or not your device has a WiFi connection to display the applicable status within the app.
Automatically Collected Information & Anonymous Information
We collect aggregate inquiries for internal reporting and also count, track, and aggregate each visitor's activity into our analysis of general traffic flow at our website. To make sure this happens, we may merge information about you into aggregated group data. In some cases, we may remove personal identifiers from personal information and maintain it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. That anonymous group data may be shared with our affiliates, business partners, service providers and/or vendors; if it is shared, we will not disclose your individual identity.
Web Server Logs and IP Addresses
An Internet Protocol ("IP") address is a number that automatically identifies the computer/machine you have used to access the Internet. The IP address enables our server to send you the web pages that you want to visit, and it may identify the server owned by your Internet Service Provider. We may use IP addresses to conduct website analyses and performance reviews and to administer our website.
Cookies and Web Beacons
Each time you come to our website, we collect some information to improve the overall quality of your online experience. To remember you, our system will give you a cookie. It's safe.
Use & Sharing of Personal Information
We may use the information we collect from you when you sign up, register, respond to a survey or marketing communication, surf our website, or use certain other features of the Services in the following ways:
- To personalize your experience on the website and to allow us to deliver content and product offerings that interest you.
- To allow us to better respond to your customer service requests.
- To quickly process your requested transactions.
- To administer a promotion, survey or other feature of our website.
You Control How Your Medical Information Is Shared
When you use our personal health record, you can decide whom you want to be able to see your medical information (spouse, family members, etc.) by using the data sharing options in your Account Settings
Registration Information, Portal Information and Portal Credentials
Certain areas and features of our website are available to you without registration. However, other features of our website or the Services may require registration, which involves giving us your email address, a password and a username (the "Registration Information"). In order to fully benefit from our Services, you also must provide your third-party health portal credentials ("Portal Credentials") to allow us to access your health data at those other healthcare providers' organizations ("Portal Information") for your use.
From time to time we may request other personal information to provide you with other benefits of the Services. In those instances, you will be given the opportunity to provide or not provide that information, and it will be used only for that purpose. OneRecord may create anonymous or aggregate personal information and share that data only in a non-personally identifiable manner to:
- Organizations approved by us that conduct research into health; and
- Users of the Services for purposes of comparison of their personal health situations relative to others.
That information does not identify you individually. Access to your Registration Information, Portal Credentials, Portal Information and any other personal information you provide is protected by our specific internal procedures and safeguards restricting access to that information, so that we can ensure it is only used to operate, develop or improve the Services.
Information Shared with Third Parties Assisting in Our Operations
We may share your personal information under confidentiality agreements with other companies that provide products and services on our behalf, such as those:
- providing research,
- providing marketing services,
- delivering goods or services,
- providing cloud hosting services,
- administering promotions,
- analyzing data and usage of the Services,
- processing payments,
- operating our website, mobile application or personal health record, or
- providing support and maintenance services for the Services, as well as legal, regulatory, audit and other professional advisors.
These companies (described above) may use your personal information to assist us in our operations. However, these companies do not have any independent right to share your information.
Information Shared Under Special Circumstances
We may provide information about you:
- to respond to subpoenas, court orders, legal processes or governmental regulations,
- to establish or use our legal rights or defend against legal claims,
- to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or
- as otherwise required by law.
Dormant, Closed or Terminated Accounts
If your account is unused for an extended period, we may suspend or “lockdown” your account in order to better safeguard your personal information, and we will notify you when that occurs. If your account is suspended because it is unused, we will retain the personal information in your account for two years. At the end of that two-year period, we will delete the personal information in your account in order to better protect your privacy. Prior to deletion of your personal information, we will attempt to notify you.
If your account is closed by you or terminated by us in accordance with our Terms of Service, we will promptly delete the personal information in your account, with the exception of a disclosure log that records how you shared the information in your account with third parties. The disclosure log will be maintained only for so long as is necessary for our business purposes and will be deleted as soon as practicable, in accordance with our record retention policies. You may close your account and request deletion of your data at any time by contacting us at firstname.lastname@example.org.
We do not sell your information to anyone. However, we collect information to make our Services useful for you and to provide a personalized experience. We may share information so that we can provide our Services, and we may share information where required by law. We may also share information with third parties that help us provide services to you. You decide how your medical information is shared.
We understand that storing our data in a secure manner is important. We store your personal information and other data using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while we have tried to create a secure and reliable website for users, the confidentiality of any communication or material transmitted to/from our website or via email cannot be guaranteed.
Response to "Do Not Track" Signals
Some Internet browsers include the ability to transmit "Do Not Track" signals. Since uniform standards for "Do Not Track" signals have not yet been adopted, we do not process or respond to "Do Not Track" signals.
We protect your personal information in a number of important ways. However, the confidentiality of information transmitted over the Internet can never be guaranteed.
Under Age 13
We understand the importance of protecting children's privacy in the interactive online world. Our website is not designed for, or intentionally targeted at, children under 13 years of age. It is not our policy to intentionally collect or maintain information about anyone under the age of 13. No one under the age of 13 should submit any personal information to us or our website.
Under Age 18
Minors under 18 years of age may have the personal information that they have provided to us through our website deleted by sending an email to email@example.com requesting deletion. Please note that, while we make reasonable efforts to comply with those requests, deletion of your personal information does not guarantee complete and comprehensive removal of that data from all systems.
You are not allowed to register or use our Services if you are under the age of 13. If you are between 13 and 18 years old, you can request deletion of your personal information by emailing us at firstname.lastname@example.org
Important Notices to Non-United States Residents
It is important to note that our website is operated in the United States. If you are located outside of the United States, please be aware that any personal information you provide to us will be transferred to the United States. By using our website and/or providing us with your personal information, you agree to this transfer.
Your personal information will be transferred to and stored in the United States.
Changing or Deleting Your Information
You may review and request changes to your personal information that we have collected.
You may also request deletion of your personal information from our databases in order to close your account and prevent receipt of future communications. When you choose to delete your account, all of your personal information associated with the account is deleted immediately, and is no longer accessible by you or OneRecord. The only data that is not deleted is the Disclosure Log information that we keep for audit and legal purposes.
You may submit requests to change or delete your personal information using either of the following options:
You can send your request via email to email@example.com.
You can mail your request to the following postal address:
599 Lexington Ave,
New York, NY 10022
You are able to request changes to your personal information that we've collected.