Privacy Notice

Effective: August 8th, 2024

Overview

Personal Data We Collect

Categories of Personal Data We Collect

How We Use Your Personal Data

How We Obtain Your Personal Data

Who We Share Your Personal Data With

Personal Data We Share

Your Rights Regarding Personal Data

Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

Your California Privacy Rights

Your Nevada Rights

Your Virginia and Utah Privacy Rights

Your Choices

Communications Opt-Out

Location Information

Cookies, Web Tracking, and Advertising

Protecting Personal Data

Data Retention

Other Important Information About Personal Data and the Services

Collection of Personal Data from Children

Third-Party Websites and Services

HIPAA

Business Transfer

Do Not Track

Storage of Personal Data

Modifications and Updates to this Privacy Notice

Applicability of this Privacy Notice

Additional Information and Assistance

  1. Overview

Airrosti Rehab Centers, LLC and Airrosti Remote, Inc. (referred to collectively herein as “Airrosti,” “we” or “us”) is committed to respecting the privacy rights of visitors to the websites operated by Airrosti, including without limitation www.flexbyairrosti.com (the “Site”), (the “Member Portal”), all subdomains, all social media accounts held or operated by Airrosti (collectively, the “Sites”), our apps that we may provide, and all healthcare guidance, content, and services that we may offer from time to time (collectively, the “Services”) made available or provided from the Sites. The Member Portal is an Internet application that enables a user receiving health coaching services from Airrosti (a “Member”) to have secure web-based access to personal health information, as released by the Airrosti health coach, and allows a Member to view, among other things, past appointment information as well as schedule future appointments.  This Privacy Notice explains our practices with respect to personal data we collect and process about you and is intended to comply with privacy laws applicable to Airrosti and the operation of the Site, the Member Portal, and the Services. If you have questions, comments, or concerns about this Privacy Notice or how we process your information, please see the bottom of this Privacy Notice for information about how to contact us.

Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Notice. This Privacy Notice may be revised from time to time, so please ensure that you check this Privacy Notice periodically to remain fully informed.

2. Personal Data We Collect

We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). In addition, we may collect data that is not identifiable to you or otherwise associated with you, such as aggregated data, and is not personal data. To the extent this data is stored or associated with personal data, it will be treated as personal data; otherwise, the data is not subject to this notice.

a. Categories of Personal Data We Collect

The types of personal data we collect about you depends on your interactions with us and your use of the Services. In the past twelve (12) months, we collected the below categories of personal data from our users:

  1. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
  2. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)).
  3. Characteristics of protected classifications under California or federal law.
  4. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  5. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
  6. Geolocation data.
  7. Audio, electronic, visual, thermal, olfactory, or similar information.
  8. Professional or employment-related information.
  9. Inferences drawn from any of the information above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  1. Personal data that is deemed “sensitive personal data,” such as, health information; sex life or sexual orientation; and account log-in details if you use our Member Portal.

We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.

b. How We Use Your Personal Data

We collect and process your personal data for the following business and commercial purposes:

  1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing or fulfilling transactions, and verifying customer information.
  2. Managing your inquiries and communicating with you by email, mail, text message (SMS, MMS), telephone, video, push notification, and other methods of communication, to provide notifications about certain features of our Sites or the Services to measure consumer interest in our various services, and to inform you about various products and services offered on the Sites (including both our own products and the products of others).  These offers may be based on information provided by you in your account settings, in surveys, from information that may indicate your preferences, as well as information available from external sources. These e-mail offers will come exclusively from Airrosti or its affiliates.
  3. Providing, maintaining and improving our Services as well as to develop new products and services to be offered as part of the Services.  For example, we may use personal data to analyze data, to improve our Services and to tune our outputs based on a particular individual’s patterns of usage of our Services.
  4. Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  5. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  6. Debugging to identify and repair errors that impair existing intended functionality.
  7. Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
  8. Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
  9. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
  10. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.

c. How We Obtain Your Personal Data

We collect your personal data from the following categories of sources:

  • Directly from you. We collect personal data from you when you voluntarily submit it to us, including by establishing a customer account, applying for a job with us, event sign-up, requesting information, clinical health intake, or sending or receiving electronic notices or other similar communications through the Services, including with your health coach.
  • Automatically or indirectly from you. When you browse or use the Services, we utilize commonly-used logging and analytics tools, including Google Analytics, to collect information about your device, the network used to access the Services, and information about your use of the Services (such as how you navigate and move around the Services).

Information collected automatically includes the software and hardware attributes of the device you use to access the Services, unique device ID information, regional and language settings, performance data about the Services, network provider, and IP address (a number assigned to your device when you use the Internet). In addition, information is collected passively in the form of log files and third-party analytics (including Google Analytics) that record website activity. For example, log file entries and analytics data are generated every time you visit a particular page on our website, and track the dates and times that you use the Services, the pages you visit, the amount of time spent on specific pages, and other similar usage information, and general data (including the name of the web page from which you entered our website).

We also use certain technologies on the Services, including pixel tags, that allow us, our service providers, and other third parties to store information locally on your device, identify your device, track your interactions with messages we send, and track activity over time and across websites. Our use of cookies is described in more detail below. We also utilize a standard technology called a “cookie” to collect information about how the Services are used, track usage of the Sites and the Services, and further customize your experience when you are visiting the Sites or using the Services.  By tracking usage, we can best determine what features of the Sites and the Services best serve our users.  Without cookies, the features would “forget” items that may be stored. The session information used by the Sites is deleted when your browser is closed.

    • From our Service Providers. For example, business lead generators, commercial email providers, and other service providers we engage.
  •  

d. Who We Share Your Personal Data With

We share personal data with the following categories of third parties:

  • Our service providers.
  • Our affiliated entities and business partners.
  • Government agencies or regulations when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.

 

e. Personal Data We Disclose

  1.  

We do not “sell” or “share” your personal data as defined by applicable privacy laws to third parties for money.

In the past twelve (12) months, we shared for a business purpose the following categories of personal data with our service providers for a business purpose:

  • Identifiers (e.g. name, address, email address, government ID, IP address);
  • Personal data categories listed in Cal. Civ. Code 1798.80(e) (e.g. insurance policy number, employment history, medical information, health insurance information);
  • Characteristics of protected classifications under California or federal law;
  • Commercial information;
  • Internet or other electronic network activity information;
  • Geolocation data; and
  • Professional or employment-related information.

3. Your Rights Regarding Personal Data

 You have certain rights regarding the collection and processing of personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Notice, or by following instructions provided in this Privacy Notice or in communications sent to you.

Your rights vary depending on the laws that apply to you, but may include:

  • The right to know whether, and for what purposes, we process your personal data;
  • The right to be informed about the personal data we collect and/or process about you;
  • The right to learn the source of personal data about you we process;
  • The right to access, modify, and correct personal data about you (see the Accessing, Modifying, Rectifying, and Correcting Collected Personal Data section below for more information); and
  • The right to know with whom we have shared your personal data with, for what purposes, and what personal data has been shared (including whether personal data was disclosed to third parties for their own direct marketing purposes).

See Your California Privacy Rights and Your Nevada Privacy Rights for more information about certain legal rights.

a. Accessing, Modifying, Rectifying, and Correcting Collected Personal Data

 We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us, and notify us as soon as possible of any updates or corrections by sending an e-mail to our Privacy Officer at the contact address below.

Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Notice. We reserve the right to deny access as permitted or required by applicable law.

  1.  

b. Your California Privacy Rights

 California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the Privacy Officer at the contact address below, and are free of charge. However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.

The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), provides our users who are California residents the following additional rights:

    1. Right to Know: You have the right to request that we disclose certain information to you about the personal data we collected, used, disclosed, and sold about you in the past 12 months. This includes a request to know any or all of the following:

  • The categories of personal data collected about you;
  • The categories of sources from which we collected your personal data;
  • The categories of personal data that we have shared, sold or disclosed about you for a business purpose;
  • The categories of third parties to whom your personal data was shared, sold or disclosed for a business purpose;
  • Our business or commercial purpose for sharing, collecting or selling your personal data; and
  • The specific pieces of personal data we have collected about you.

2. Data Portability: You have the right to request a copy of personal data we have collected and maintained about you in the past 12 months.

3. Right to Deletion: You have the right to request that we delete the personal data we collected from you and maintained, subject to certain exceptions. Please note that if you request deletion of your personal data, we may deny your request or may retain certain elements of your personal data if it is necessary for us or our service providers to:

  • Complete the transaction for which the personal data was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between our business and you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  • Debug to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
  • To enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Otherwise use the personal data, internally, in a lawful manner that is compatible with the context in which you provided the information.

4. Right to Correct: You have the right to correct inaccurate personal data about you. Once we receive and verify your request, we will use commercially reasonable efforts to correct the inaccurate personal data about you.

5. Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

6. Right to Restrict or Limit the Use of Sensitive Personal Data: You have the right to restrict the use and disclosure of sensitive personal data to certain purposes related to the offering of goods or services as listed in the CCPA.

To exercise your California privacy rights described above, please submit a verifiable request to us by contacting our Privacy Officer at the Contact Address below.

 If you have an account with us, you can exercise any of the above rights from your profile. If you don’t have a profile or if you are unable to access, control, or delete your information from within your profile, you can contact us through any of the above methods.

Only you, or a person authorized by you to act on your behalf, may make a verifiable consumer request related to your personal data.

You may only make a verifiable consumer request for Right to Know or Data Portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative. We will need to verify your identity with at least three (3) pieces of information, such as name, DOB, and address.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may deny your request if we are unable to verify your identity or have reason to believe that the request is fraudulent.

Consumer Request by an Authorized Agent

If an authorized agent submits a consumer request on your behalf, the agent must send an email to our Privacy Officer at the contact address below with proof that you gave the agent appropriate permission as required under applicable law to submit the request on your behalf. We may also require, as permitted by applicable law, that you contact address below to confirm that the agent is permitted to submit the request on your behalf.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require to create an account with us. However, if you do have an existing login, we will require you to log in to submit a request. We will only use personal data provided in a verifiable consumer request to verify the request’s identity or authority to make the request.

We will acknowledge receipt of the request within ten (10) days of its receipt. We will respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For Data Portability requests, we will provide the responsive information in a portable and, to the extent technically feasible, in a readily useable format that allows you to transmit the information to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

c. Your Nevada Privacy Rights

 Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to the email address below and are free of charge.

d. Your Virginia and Utah Privacy Rights

 If you are located in Virginia, and Utah, you have certain rights regarding your personal data. The section describes how we collect, use, and share your Personal Data under the Virginia Consumer Data Protection Act (“VCDPA”), and the Utah Consumer Privacy Act (“UCPA”) and your rights with respect to that personal data.

As a Virginia, or Utah resident, you have some or all of the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by law. You can ask to appeal any denial of your request in the same manner through which you may submit a request.

  • Right to Access and Portability. You have right to access your personal data and/or receive a copy of the Personal Data that we have collected about you.
  • Right to Correct. You have the right to correct inaccurate personal data that we have collected about you.
  • Right to Delete. You have the right to delete the personal data we have obtained about you or that you have provided to us with certain exceptions.
  • Right to Opt-out of Tracking for Targeted Advertising Purposes. You have the right to opt-out of certain tracking activities for targeted advertising purposes.
  • Right to Opt-out of Profiling. If we process your personal data for profiling purposes as defined by the VCDPA and/or UCPA you can opt-out of such processing.
  • Right to Non-discrimination. You have the right to be free from discrimination as prohibited by the VCDPA and/or UCPA.

4. Your Choices

 You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.

a. Communications Opt-Out. Airrosti provides its Member Portal users with an easy means to decline receiving notifications, newsletters or offers by email.  We recognize the importance of providing you with the choice to “opt-out.”  You can control the number of notifications sent by email by logging into your Member Portal account and changing your account preferences.  If you prefer, you also can “opt-out” of receiving any email notifications by contacting our Privacy Officer at the contact address below.  All e-mail offers sent by Airrosti will inform you as to how you can “opt-out” or decline receiving further e-mail offers.  Please note, that if you do business with us in the future, you may not, subject to applicable law, opt out of certain automated notifications, such as order or subscription confirmations, based on business transactions (e.g., e-commerce).

b. Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.

 c. Cookies. Your browser may be set to accept cookies.  However, if you would prefer not to receive cookies, you can alter the configuration of your browser to refuse cookies.  Likewise, in certain instances on our Sites, you may be asked to opt-in to the use of cookies before you will be given access.  You will only be asked to opt-in upon your initial visit to those portions of the Sites only. If you choose to have your browser refuse cookies, or if you elect to not opt-in to the use of cookies, it is possible that some areas of our Sites or the Services will not function properly when you view them.

5. Data Retention

 Your personal data will be retained for fulfillment of the intended purposes for which such personal data is collected. We may also establish minimum and maximum retention periods based upon the type of information collected (i.e. sensitivity), the intended purposes, and as otherwise may be legally required.

 

6. Protecting Personal Data

Airrosti maintains reasonable and appropriate physical, technical, and organizational safeguards to ensure the security, integrity and privacy of the personal data provided by you. As part of these safeguards, we take the following steps:

  • We employ internal access controls to ensure that the only people who see your information are those with a need to do so to perform their official duties.
  • We train relevant personnel on our privacy and security measures and applicable legal requirements.
  • We physically secure the areas where we hold hard copies (if any) of the information that we collect online.
  • We regularly back up the information that we collect online to ensure it remains available in the event of a security incident.
  • We use technical controls to secure the information that we collect online as appropriate, including but not limited to: the pseudonymization and encryption of personal data, firewalls, and password protections.
  • We periodically test our security procedures to ensure personnel and technical compliance.
  • We disclose your identifiable personal data only to your employer and others to whom you have given consent, or as otherwise required or permitted by law.
  • We disclose the minimum amount of personal data as necessary for the particular purpose in compliance with applicable law.

However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.

7. Other Important Information About Personal Data and the Services.

a. Collection of Personal Data from Children. Airrosti does not knowingly solicit data from children or knowingly market to children. Airrosti is concerned about the safety of children and their use of the Internet. Therefore, in accordance with the U.S. Children’s Online Privacy Protection Act of 1998, we do not knowingly request or solicit personally identifiable information from anyone under the age of 13 without prior verifiable parental consent.  In the event that we receive actual knowledge that we have collected such personal data without the required and verifiable parental consent, we will delete that information from our database as quickly as is reasonably practical. By using the Services, you represent that you are 18 years of age or older.

b. Third-Party Websites and Services. You should be aware that other Internet websites to which you hyperlink from the Sites or the Services, including those of unaffiliated third parties, our affiliates, service providers, and third parties with which we do business, may contain privacy statements that differ from our Privacy Notice.  This Privacy Notice does not apply to any third-party services; Airrosti encourages you to read and understand such privacy policies and terms of use of any linked websites accessed by you.  If you decide to access such linked websites and/or provide any personal data to such linked websites, you do so entirely at your own risk. Airrosti is not responsible for such provisions, and expressly disclaims any and all liability related to such provisions.

 c. HIPAA. We are dedicated to maintaining the privacy and integrity of protected health information (“PHI”) that we receive as part of your usage of the Services, including the Member Portal. PHI is personal data that we receive that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of healthcare to you, or (c) your past, present or future payment for the provision of healthcare, which is created, received, transmitted or maintained by Airrosti. This Privacy Notice describes how we protect your privacy as a visitor to or general user of our Site, our app and Services. You have additional rights under federal and state law with respect to the access to, use, and disclosure of personal data that constitutes PHI. For a more complete description of your rights with respect to PHI, please refer to our HIPAA Notice of Privacy Practices [insert hyperlink], which provides important information to you about how we may use and disclose your PHI.

 d. Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

 e. Do Not Track. We do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.

f. Storage of Personal Data. Please note that any personal data collected through the Services will be stored and processed in the United States. If you are using the Services from outside the United States, by your use of the Services you acknowledge that we will transfer your data to, and store your personal data in, the United States, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the United States, including to law enforcement and/or national security authorities in the United States

g. Modifications and Updates to this Privacy Notice

This Privacy Notice replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Notice, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Notice. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Notice, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Notice will constitute your acknowledgement of the amended Privacy Notice.

8. Applicability of this Privacy Notice

 This Privacy Policy is subject to the Terms of Use and Service and the HIPAA Notice of Privacy Practices, which govern your use of the Services. If you choose to visit the Sites or use the Services, your visit and any dispute over privacy is subject to this Privacy Notice, including but not limited to limitations of damages and application of the law of the State of Texas and the laws, regulations, ordinances and treaties of the United States of America.

This Privacy Notice does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.

9. Additional Information and Assistance

Our Privacy Officer is accountable for Airrosti’s compliance with this Privacy Notice and applicable federal and state privacy laws. If you have any questions about Airrosti’s purposes for the collection and retention of your personal data, please contact our Privacy Officer and provide sufficient detail to permit the Privacy Officer to answer your questions and contact you.

By Mail: Airrosti Rehab Centers, LLC

Attn: Privacy Officer

111 Tower Drive, Building 1

San Antonio, Texas 78232

By Telephone: (210) 249-4877

By Facsimile: (866) 298-4032

By Email: privacy@airrosti.com

In order to make the Services, and this Privacy Notice, reasonably accessible to users with disabilities, we incorporate features and functionalities that meet WAI-ARIA (Accessible Rich Internet Applications) standards, such as screen readers.