We at Lab 39, Inc. (‘Lab 39,’ ‘we,’ ‘us,’ ‘our’) know that our users (‘you,’ ‘your’) care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn more about our privacy policy. By visiting or using our website (www.Lab 39.com) and domain name, and any other linked pages, features, content, mobile applications, or any other services we offer from time to time by in connection therewith (collectively, the ‘Website’), or by using the Product in any manner, you acknowledge that you accept the practices and policies outlined in this privacy policy, and you hereby consent that we will collect, use, and share your information in the following ways.
What does this privacy policy cover?
This privacy policy covers our treatment of personally identifiable information (‘personal information’) that we gather when you are accessing or using our Website and Product. This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register for the. If you are under 13, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal information to us or on the Services. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at: support@Lab39.com.
What information does Lab 39 collect?
We gather various types of personal information from our users, as explained more fully below. We may use this personal information to personalize and improve our services, to allow our users to set up a user account and profile, to contact users, to fulfill your requests for certain products and services, to analyze how users utilize the Website and Product, and as otherwise set forth in this privacy policy. We may share certain types of personal information with third parties. We collect the following types of information:
Information you provide to us:
We receive and store any information you knowingly provide to us. For example, we collect personal information such as your name, user name, email address, gender, birth date, weight, height, location, nutrition data, workouts, physical activity, and sleep habits and we may collect other sleep, activity, or health-related information as our services and products are further developed. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features. We may anonymize your personal information so that you cannot be individually identified, and provide that information to our partners. For example, you may tell us that you are female and sleep an average of 6 hours per night; we may combine this information with content received from our other users, and disclose to our partners that on the whole, our male users sleep more hours per night than our female ones, but we will not tell those partners who you are.
Information collected automatically:
Whenever you interact with our Website, we automatically receive and record information on our server logs from your browser including your IP address, ‘cookie’ information, and the page you requested. ‘Cookies’ are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages in our Website are visited and by how many people. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of our Website’s best features.
When we collect usage information (such as the numbers and frequency of visitors to the Website), we only use this data in aggregate form, and not in a manner that would identify you personally. For example, this aggregate data tells us how often users use parts of the Website, so that we can make the Website appealing to as many users as possible. We may also provide this aggregate information to our partners; our partners may use such information to understand how often people use our Website, so that they, too, can provide you with an optimal online experience. We never disclose aggregate information to a partner in a manner that would identify you personally.
If you are using the Product in connection with the Services, you understand and acknowledge that when you use the Product, any information, data or readings from the Product will be automatically uploaded to your account with us. To the extent these automatically collected readings can be used to personally identify you, these readings are personal information for the purposes of this privacy policy.
Interest based advertising and retargeting:
There exists a range of different kinds of online interest based advertising and retargeting services; from fairly simple forms to the far-reaching monitoring of web surfer activities carried out by search-engine owners or services carried out in partnerships between technology companies and Internet Service Providers. As a common denomination, you could say that interest based advertising and retargeting is intended to make online display advertising more relevant to web surfers’ likely interests.
Lab 39’s interest based advertising and retargeting services are cookie and web beacon based. Based on the anonymous information stored in the User’s cookie, Lab 39 is able provide more relevant advertising to the User. For example, a User that visits sports sites often will be categorized in the ‘sports fan’ segment, and will primarily be served advertisements that are relevant to the interests of a sports fan, and a User that shows interest in a certain car model or a certain computer model, may be served advertisements or specific offers for such car model or computer model.
The fundamental integrity principle underlying all Lab 39’s processing of digital data relating to Users, is that such data shall be anonymous. Therefore, we do not store IP addresses on the cookie of a User, only a unique randomly generated ID that does not allow Lab 39 to trace the User; we do not have, and will not initiate, any co-operation with Internet Service Providers in order to trace the identities of Users. The data stored on the cookie is limited to information collected at the User’s visits to websites.
Interest based advertising
Interest based advertising is Lab 39’s solution for optimizing the selection of ads for a certain user. The selection of ads is based on an interest profile built up during visits to websites.
Interest based advertising step by step:
A website user browses sites. The category of each website is saved to a cookie in the web browser.
When the website user browse sites related to cars the counter for category “Automotive” is updated in the cookie.
Ads are selected and shown to the user based on the category count in the cookie. A user with a higher than average count in the “Automotive” category will be shown more ads related to cars.
Retargeting
Retargeting is a solution for displaying ads based on which websites or pages the user has visited before.
Retargeting step by step:
The user browses a website that runs a retargeting campaign.
Information on what pages the user visits on the website is stored in a cookie in the user’s web browser.
When the user visits the Lab 39 site ads may be shown to the user based on the information in the retargeting cookie.
Benefits
For the website user targeting means that more relevant ads will be displayed, ads that match the user’s interests. For example, a user visiting more travel websites than average will be served more ads related to travel. A user being interested in a certain product will be served ads with offers related to that product.
Privacy
Lab 39 does not save any personal information in the cookie and cannot connect the information in the cookie to a specific person.
You can opt out from our targeting solutions as noted below; when you have opted out you will not be served ads based on your interests and no targeting information will be stored in your web browser. Note that the blocking ends if you clear your browser from cookies.
Delete targeting cookies
Your interest profile can be removed by deleting your browser’s cookies.
Information stored on cookies
The cookie information stored on the User’s hard drive for interest based advertising and retargeting purposes is: (i) User segment hits or information on a specific product, service, brand or model in which the User has shown interest during its visit to a certain website and (ii) time and date stamp of the latest update of the User profile.
If the cookie is deleted by the User, all profile data is removed. For the sake of clarity, no segments relating to information which Lab 39 considers sensitive have been or will be created, such as segments relating to political opinions, religious beliefs, physical or mental health conditions or sexual life. Further, Lab 39 is very sensitive to the issue of children’s privacy and marketing directed to children. No segments are intended to be established for the profiling of children.
E-mail and other communications:
We may contact you, by email or other means; for example, we may send you promotional offers on behalf of other businesses, or communicate with you about your use of the Website or the Product. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make emails more interesting and improve our service. If you do not want to receive email or other mail from us, please indicate your preference by emailing us at: support@Lab39.com.
Will Lab 39 share any of the personal information it receives?
We neither rent nor sell your personal information in personally identifiable form to anyone. We share your personal information in personally identifiable form with third parties only as described below.
§ Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. Unless we tell you differently, our agents do not have any right to use the personal information we share with them beyond what is necessary to assist us.
§ User submissions: Any content or personal information that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others.
§ Business transfers: We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Also, if we (or substantially all of our assets) are acquired, or if we go out of business or enter bankruptcy, personal information would be one of the assets transferred to or acquired by a third party.
§ Protection of Lab 39 and others: We may release personal information when we believe in good faith that release is necessary to comply with laws; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Lab 39, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
§ With your consent: Except as set forth above, you will be notified when your personal information may be shared with third parties, and will be able to prevent the sharing of this information.
Is personal information about me secure?
Your account is protected by a password for your privacy and security. You need to prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other personal information we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
The Website may contain links to other sites. We are not responsible for the privacy policies and/or practices on other sites. When following a link to another site you should read that site’s privacy policy.
What personal information can I access?
Through your account settings, you may access, and, in some cases, edit or delete the following information you’ve provided to us:
§ name and password
§ email address
The information you can view and update may change as the Website changes. Please note that any information that is automatically uploaded from a Product to the Website cannot be later changed or updated. If you have any questions about viewing or updating information we have on file about you, please contact us at: support@Lab39.com.
What choices do I have?
You can always opt not to disclose information to use, but keep in mind some information may be needed to register with us or to take advantage of some of our special features.
You may be able to add, update, or delete information as explained in section V above. When you update information, however, we may maintain a copy of the unrevised information in our records. Please note that some information may remain in our private records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your personal information after you update or delete it, but not in a manner that would identify you personally.
If you do not wish to receive email or other mail from us, please email us at: support@Lab39.com. Please note that if you do not want to receive legal notices from us, such as this privacy policy, those legal notices will still govern your use of the Website and the Product, and you are responsible for reviewing such legal notices for changes.
Changes to this privacy policy
We may amend this privacy policy from time to time. Use of information we collect now is subject to the privacy policy in effect at the time such information is used. If we make changes in the way we use personal information, we will notify you by posting an announcement on our Website or sending you an email. You are bound by any changes to the privacy policy when you use the Website or the Product after such changes have been first posted.
How is my iOS HealthKit and Health app data handled?
When you share your iOS Health app data with our services, that data is covered by the Privacy Policy. We handle all iOS Health app and HealthKit data in accordance with Apple’s development guidelines. To view Apple’s HealthKit developer guidelines, go to https://developer.apple.com/app-store/review/guidelines/#healthkit.
HIPAA policy and other questions or concerns?
To view our separate HIPAA privacy policy, see below. If you have any questions or concerns regarding our privacy policies or our HIPAA compliance, please send us a detailed message to support@Lab39.com. We will make every effort to resolve your concerns.
HealthKit, Health app, iPhone, and Apple are registered trademarks of Apple Inc.
Hipaa
Purpose
The following privacy policy is adopted to ensure that Lab 39 Inc. (the Company) complies fully with all federal and state privacy protection laws and regulations. Protection of patient privacy is of paramount importance to this organization. Violations of any of these provisions will result in severe disciplinary action including termination of employment and possible referral for criminal prosecution.
Effective Date
This policy is in effect and is updated as of May 15, 2017.
It is the policy of the Company to adopt, maintain and comply with our privacy practices of customer and end-user data, which shall be consistent with HIPAA and California law.
Notice of Privacy Practices
It is the policy of the Company that a notice of our privacy policy be published on our website, and that all uses and disclosures of protected health information be done in accord with the Company’s is privacy policy and practices.
Assigning Privacy and Security Responsibilities
It is the policy of the Company that specific individuals within our workforce are assigned the responsibility of implementing and maintaining this HIPAA Privacy Policy. Furthermore, it is the policy of the Company that these individuals will be provided sufficient resources and authority to fulfill their responsibilities. At a minimum it is the policy of the Company to designate one individual as the Privacy Official.
Deceased Individuals
It is the policy of the Company that privacy protections extend to information concerning deceased individuals.
Minimum Necessary Use and Disclosure of Protected Health InformationIt is the policy of the Company that for all routine and recurring uses and disclosures of PHI (except for uses or disclosures made 1) to or as authorized by the customer, client or end-user or 2) as required by law for HIPAA compliance such uses and disclosures of protected health information must be limited to the minimum amount of information needed to accomplish the purpose of the use or disclosure. It is also the policy of the Company that non-routine uses and disclosures will be handled pursuant to established criteria. It is also the policy of the Company that all requests for protected health information (except as specified above) must be limited to the minimum amount of information needed to accomplish the purpose of the request.
Marketing Activities
It is the policy of the Company that any uses or disclosures of protected health information for marketing activities will be done only after a valid authorization is in effect.
Prohibited Activities-No Retaliation or Intimidation It is the policy of the Company that no employee or contractor may engage in any intimidating or retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA regulations. It is also the policy of the Company that no employee or contractor may condition payment on the provision of an authorization to disclose protected health information except as expressly authorized under federal and state regulations.
Responsibility
It is the policy of the Company that the responsibility for designing and implementing procedures to implement this policy lies with the Privacy Official.
Verification of Identity
It is the policy of the Company that the identity of all persons who request access to protected health information be verified before such access is granted.
Mitigation
It is the policy of the Company that the effects of any unauthorized use or disclosure of protected health information be mitigated to the extent possible.
Safeguards
It is the policy of the Company that appropriate physical safeguards will be in place to reasonably safeguard protected health information from any intentional or unintentional use or disclosure that is in violation of the HIPAA Privacy Rule.
Business Associates
It is the policy of the Company that business associates must be contractually bound to protect health information to the same degree as set forth in this policy. It is also the policy of the Company is organization that business associates who violate their agreement will be dealt with first by an attempt to correct the problem, and if that fails by termination of the agreement and discontinuation of services by the business associate.
Training and Awareness
It is the policy of the Company that all members of our workforce have been trained by the compliance date on the policies and procedures governing protected health information and how the Company complies with the HIPAA Privacy and Security Rules. It is also the policy of the Company that new members of our workforce receive training on these matters within a reasonable time after they have joined the workforce. It is the policy of the Company to provide training should any policy or procedure related to the HIPAA Privacy and Security Rule materially change. This training will be provided within a reasonable time after the policy or procedure materially changes. Furthermore, it is the policy of the Company that training will be documented indicating participants, date and subject matter.
Material Change
It is the policy of the Company that the term “material change” for the purposes of these policies is any change in our HIPAA compliance activities.
Sanctions
It is the policy of the Company that sanctions will be in effect for any member of the workforce who intentionally or unintentionally violates any of these policies or any procedures related to the fulfillment of these policies. Such sanctions will be recorded in the individual’s personnel file.
Retention of Records
It is the policy of the Company that the HIPAA Privacy Rule records retention requirement of six years will be strictly adhered to. All records designated by HIPAA in this retention requirement will be maintained in a manner that allows for access within a reasonable period of time. This records retention time requirement may be extended at this Company’s discretion to meet with other governmental regulations or those requirements imposed by our professional liability carrier.
Regulatory Currency
It is the policy of the Company to remain current in our compliance program with HIPAA regulations.
Cooperation with Privacy Oversight Authorities
It is the policy of the Company that oversight agencies such as the Office for Civil Rights of the Department of Health and Human Services be given full support and cooperation in their efforts to ensure the protection of health information within this Company. It is also the policy of the Company that all personnel must cooperate fully with all privacy compliance reviews and investigations.