Last Updated: January 1st, 2022
This privacy policy (“Policy”) describes how SokyaHealth, MSO (“Company”) collects, uses, and shares personal information of consumer users of this website https://www.sokyahealth.com/ and any affiliated sites set up for our customers (together, the “Site”), as well as associated products and services, including, without limitation, mobile applications and the patient portal developed by the Company (together, the “Services”), and applies to customer information that we collect through our Site and Services as well as information you provide to us directly. This Policy also applies to any of our other websites that post this Policy. This Policy does not apply to websites that post different statements, such as third-party websites that may be accessible through hyperlinks on this Site. Please see SokyaHealth’s HIPAA Notice of Privacy Practices for how our contracted partners may specifically use and disclose protected health information. Please note that by using the Site or the Services, you accept the practices described in this Policy. If you do not agree to this Policy, please do not use the Site or Services.
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you. We use your personal information as follows:
We may combine all of the information that we collect with data obtained from third parties or through our products and Services. We may also collect and store information locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
Sokya will take reasonable precautions to protect your information from loss, misuse or alteration. Please be aware, however, that any text, email or other transmission you send unencrypted through the Internet cannot be completely protected against unauthorized interception. In particular, we want to make you aware that personal email may be unsecure, and Sokya cannot be responsible for any unauthorized access to information when information is sent to your personal email. You are not required to authorize the use of email for this purpose, a decision not to consent or to opt out of receiving these emails will not restrict your ability to access care from your provider, and you can continue to receive other emails from Sokya, using our secure electronic communication system instead of your personal email. Our secure electronic communication system will require you to log into a separate portal to access the email that is being sent.
Personally Identifiable Information: We will not rent or sell your personally identifiable information to others without your consent, although we may share it with partners for the purposes described above under “Use of Personal Information”, such as the provision and personalization of Services. For example, we may share your personal information with our contracted partners, to provide you with Services, with third parties who help us with our business functions, such as payment processing or data storage, and with business partners. Such third parties are not authorized to use or disclose your information except as necessary to perform Services or comply with legal requirements, and are subject to agreements requiring them to maintain the confidentiality of any such information. If you seek treatment or other services from a clinical provider, its capacity as a health care provider, the use and disclosure of your health information in connection with such services will be governed by its separate HIPAA Notice of Privacy Practices. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others.
We may store personal information in locations in the United States outside our direct control (for instance, on servers or databases co-located with hosting providers). In the event that personal information is compromised as a breach of security, Sokya will promptly notify our customers, users, and clients in compliance with applicable law. We will retain personal data we process pursuant to statutory requirements for the data we collect and process, for as long as needed to provide our Services, and as recommended to comply with our legal and compliance obligations (including those under state laws, HIPAA, and/or for auditing purposes), resolve potential or actual disputes, or enforce our agreements.
Any personally identifiable information you elect to make publicly available on our Sites or through the Services, such as posting comments on our blog page, will be available to others. If you remove information that you have made public on our Sites or through the Services, copies may remain viewable in cached and archived pages of our Sites or through the Services, or if other users have copied or saved that information.
Non-Personally Identifiable Information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help us understand the usage patterns for certain Services and those of our partners. Sokya may also share with your Sokya benefit sponsor the outcomes and impact of our Services, which would consist solely of non-personally identifiable information, e.g., aggregated and anonymized data. Non-personally identifiable information may be stored indefinitely.
Instances Where We Are Required To Share Your Information: Sokya will disclose your information where required to do so by law, if subject to subpoena or other legal proceeding or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement, or when required by health oversight agencies, such as the Secretary of Health and Human Services, for legally authorized health oversight activities; (b) to protect the rights to enforce our Terms of Service or Sokya’s HIPAA Notice of Privacy Practices, or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of Sokya, our users or others, including enforcing Sokya’s agreements, policies and terms of use or sharing information in an emergency.
What Happens In The Event Of A Change Of Control: We may buy or sell/divest/transfer the Company (including any shares in the Company), or any combination of its products, services, assets and/or businesses. Your information such as names and email addresses, and other User information related to the Service may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of Sokya, but only if the recipient of personally identifiable data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Your information is stored in databases maintained by the Company or third parties that are located within the United States, where privacy rules differ and may be less stringent than those of the country in which you reside.
You should be aware that when you are on the Site and/or using our Services, you can be directed to other websites that are beyond our control, and we are not responsible for the privacy practices of third parties or the content of linked websites.
We are committed to protecting your privacy and data. We encrypt sensitive information (e.g. your login credentials, PII) during transmission and storage. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you, other involved parties, and any applicable regulator(s) of a breach where we are legally required to do so.
However, no method of transmission over the Internet or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of our Services, you can contact us at: [email protected]
In some circumstances, our customers who sponsor the services offered by Sokya have requested further limitations on our use and disclosure of your personal information than those scenarios described in this Privacy Policy. To the extent there are any inconsistencies between this Privacy Policy and the terms of any agreements we have entered into with our customers or any applicable employer-sponsored group health plan privacy policy, the terms of those documents will control.
Our marketing emails tell you how to “opt-out.” After doing so, you will not receive future promotional emails unless you open a new account, or sign up to receive newsletters or emails. If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
You may send requests about personal information to our Contact Information below or to [email protected] You can request to change contact choices, opt out of our sharing with others, and update your personal information.
You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.
This privacy notice describes the personal information we collect or process about California residents in connection with the Site or the Services, how we use, share, and protect that personal information, and what your rights are concerning personal information that we collect or process.
In this section, “personal information” has the same meaning as under the California Consumer Privacy Act (CCPA), California Civil Code Section 1798.83: information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information does not include information that has been de-identified or aggregated or information that is considered “PHI” under HIPAA or medical information protected under California’s Medical Information Act.
Personal Information We Collect and Share, and For What Purpose: In the past 12 months, we have collected and shared personal information from visitors in the following circumstances when they interact with the Site or the Services, as described in detail above:
As described in detail above, we use your personal information for a variety of purposes to operate, assess activity on, and improve the performance of the Site, including the following:
Except as described in detail above, we will not share with third parties information about you without your consent.
We do not share your personal information with third parties for third party marketing purposes.
Your Rights as a California Resident: Under California law, users who are California residents have specific rights regarding their personal information. These rights are subject to certain exceptions described below. When required, we will respond to most requests within 45 days unless it is reasonably necessary to extend the response time.
Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information. If you submit a valid and verifiable request and we confirm your identity and/or authority to make the request, we will disclose to you any of the following at your direction:
Right to Delete Personal Information: You have the right to request that we delete any of your personal information collected from you and retained, subject to certain exceptions. Upon receiving a verified request to delete your personal information, we will do so unless otherwise authorized by law.
How to Exercise these Rights: You may submit a verifiable consumer request to us for disclosure or deletion of personal information at [email protected]. We will respond to verifiable requests for disclosure or deletion of personal information free of charge, within 10 days of receipt. In order to protect your privacy and the security of your information, we verify consumer requests by matching personal information that you provide with information in our possession, in order to confirm your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose. You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney under Probate Code sections 4000-4465 may submit a request on your behalf.
Right to Opt Out of Sales of Your Personal Information: You have a right to opt-out of the sale of your personal information. You may, at any time, direct businesses that sell your personal information to third parties not to sell your personal information. We do not sell your personal information and therefore do not provide any mechanism for you to exercise the right to opt out.
Right to Non-Discrimination: You have the right not to be discriminated against for the exercise of your California privacy rights described above.
Minors: We do not knowingly collect or maintain the personal information of children under 13. If we learn that we have collected any personal information of a child under 13 without affirmative authorization under the CCPA or verifiable parental consent under the Children’s Online Privacy Protection Act (COPPA), we will delete that information from our files as quickly as possible.
We may change this privacy policy so please check this page occasionally to ensure that you’re happy with any changes. If we make any changes, we will change the Last Updated date above.
We welcome your comments or questions about this privacy policy. You may also contact us at our address:
5060 Shoreham Place Suite 100
San Diego, CA 92122