Effective Date: May 15, 2020
Updated: June 14, 2023
Information We Collect
“Personal Information” is information that identifies you as an individual or relates to an identifiable individual. Our Services may ask to collect Personal Information, including:
- Email address;
- Payment information;
- Postal address, including billing and shipping addresses;
- Telephone number;
- IP address;
- Height and weight;
- Certain information from your device, including photos; and
- Communications from users.
We need to collect Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services.
How We Collect Personal Information
We and our service providers collect Personal Information in a variety of ways, including:
Registration and Profile Information: You must create a One Drop account in order to use our Services. You can create an account by providing your name and email address.
You may also create an account by providing credentials to a social media account profile. We do not collect or store any of your social media profile information.
You may also voluntarily provide or edit your One Drop profile information within the One Drop App, One Drop Sites, or One Drop Services such as phone number, mailing address, gender, height, and weight, and information related to your health and condition diagnosis to help us tailor and personalize our services to you.
Mobile Application: The One Drop App may access or collect Personal Information in a variety of ways. One Drop collects information you submit through the mobile application. One Drop may also collect information you authorize One Drop to collect. As an example, One Drop may track the number of minutes or steps you are active with your phone to help you understand the impact of exercise on your health. You can control the data and information from your phone that you share with One Drop.
Information You Post: We collect the information you actively post when using our Services, which may include insulin doses, blood glucose readings (whether directly entered or transferred via a Connected Device), food you enter, photos, and notes that you create to accompany your entries.
Payment Information: Certain purchases through our Services may require that you provide financial account information, such as your credit card number, to our third-party service providers. Purchases for virtual goods are handled by third party app stores such as Apple’s App Store and Google Play. We are not responsible for their policies and practices.
Third Party Applications: You may have the option of integrating your One Drop account with Apple Health or Google Fit and third party applications that integrate with Apple Health or Google Fit. If you choose to do so, we may request your permission to access Personal Information about you from Apple or Google and from third party applications. We cannot access this information without your permission.
Information Stored on Your Mobile Device: With your permission, we may collect information stored on your mobile device, such as photos you post to the Service, or access resources on your mobile device, such as the camera when you decide to take a photo and post it to the Service.
Communications: We will collect information you provide when you communicate with us, such as any communications you send to customer support. We will also collect information that you may submit as part of participation in a promotional event. Information
Others Share About You: Users may provide information to our Services when uploading photos and tagging information posted to the service with notes, and we cannot control the content of these posts. There may be users that want to refer you to our Services and as such may also provide your email address or phone number to us to invite you to use our Services.
Persistent Log-In: If you choose to use a persistent log-in, for example, having your user name or password be remembered, others may be able to access information through your mobile device. If you are concerned about the unauthorized use or disclosure of information via your mobile device, you should lock your mobile device when not in use or log out of the persistent log-in feature.
How We Collect Other Information
We also collect Other Information in a variety of ways, including:
Mobile Application: The One Drop App may access or collect Other Information through the operating system of your mobile device or through information you submit through the mobile application.
One Drop Cookies and Usage Data: We collect industry standard data from everyone who visits our Services. We may use common technologies, such as cookies, “clear gifs” and “web beacons,” to automatically collect information such as your IP address or other device address or ID, web browser and/or device type, the web pages or sites that you visit just before or just after you use our Service, the pages or other content you view or otherwise interact with on our Service, and the dates and times that you visit, access, or use our Services. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message. This information is gathered from all users and may be connected with other information we collect from you and are used to improve our communications or Services to you.
Location Information: We offer features that may require specific location data. If you choose to use these features, we may collect data about your physical location from your mobile device if your Operating System settings are enabled to send it to us. We cannot access this information without your explicit approval to share this data with us. We stop collecting this type of data when you stop using the feature.
How We Use Your Information
To Provide the Services: We use your Personal Information to provide the Services’ functionality to you, including arranging access to your account and providing customer service.
We will engage in these activities to manage our contractual relationship with you, and/or to comply with a legal obligation.
Communications: Your Personal Information is used to communicate with you, including by sending email messages, push notifications, or text messages. We may send administrative messages related to account management, customer service, system maintenance, or other related concerns. We will engage in these activities to manage our contractual relationship with you and/or to comply with a legal obligation. We may also use your Personal Information to send or to inform you about new features or products that we think you would be interested in. We will engage in this activity with your consent or where we have a legitimate business interest.
Aggregate Data: We may anonymize and aggregate Personal Information collected through our Services so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use for any purpose, as it no longer identifies you or any other individual.
To Accomplish Our Business Purposes: We may use Personal Data in data analysis, for example, to improve the efficiency of our Services. We may also use such information for other purposes, including but not limited to, fraud and security monitoring purposes, to conduct audits to address legal, regulatory or contractual requirements, to maintain and improve our current Services, or to identify usage trends to determine which aspects of our Services are most valuable to users. We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or based on our legitimate interest.
With Your Consent: We will use your information for any other purpose for which the information was provided by you or for which you provide consent.
How We Share Your Information
Displaying to Other Users: Our Services offers ways to find and share useful information, such as when you opt in to sharing some of your information through our One Drop Ambassador’s feed. We encourage you to carefully consider the information you share. We will not display your registration or profile information to other users, but your initials will be publicly displayed along with certain posts and other public content, and only with your active consent can will your identifiable profile information be displayed through the One Drop Ambassador feed. Please read “Preferences” below to learn about what controls we offer over the sharing of your data.
Vendors and Service Providers: We may share information we receive with vendors and service providers we use only in connection with providing you our Services. Such providers may include, among others, data analytics, web hosting, and payment processing.
As Required By Law and Similar Disclosures: We may access, preserve, and disclose information if we believe doing so is required or appropriate to: comply with applicable law and regulations; cooperate with law enforcement requests and legal process, such as a court order or subpoena; enforce our terms and conditions; respond to your requests; or protect your, our, or others’ rights, property, or safety. This may include laws outside your country of residence.
Merger, Sale, or Other Corporate Transactions: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of our assets, or transition of service to another provider, we have a legitimate interest in disclosing or transferring your Personal Information as part of such a transaction.
With Your Consent: We may also disclose your information with your permission.
Sponsoring Organization and Healthcare Providers: In the event another entity is paying for you to access our Services like your employer, health plan or healthcare provider (“Sponsoring Organization”), we may share your information, including Personal Information, we receive with your Sponsoring Organization and your designated healthcare team.
One Drop’s Use of Protected Health Information (PHI) and Your Rights
In some cases, One Drop may receive and maintain certain Personal Information from or on behalf of a HIPAA covered entity which considered “protected health information” or “PHI” and is protected by federal and state laws. For example, we may receive PHI in the form of enrollment data from your employer’s health plan in connection with an offering for the Services.
When One Drop receives PHI from a covered entity, One Drop will use, disclose and protect PHI as required under its agreement with the covered entity. Under HIPAA, you may have certain rights relating to your PHI, such as the right to:
- request that One Drop restrict the use and disclosure of your PHI;
- access your PHI anytime by sending a written request to the address below;
- amend your PHI if you believe there are problems or errors with your PHI; or
- receive a list of certain PHI disclosures made by One Drop in the past six years, from the date of your written request to us at the address below.
You may exercise these rights, if permitted under HIPAA, by contacting the covered entity that processes your PHI, such as your employer health plan, or by contacting One Drop as described in the “Contacting Us” section below.
Use and Disclosure of Other Information
In addition, the Services may collect “Other Information,” which does not reveal your specific identity or does not directly relate to an identifiable individual. Our Services collect Other Information such as:
- One Drop App usage data;
- Location information;
- Browser and device information; and
- Information collected through cookies, pixel tags and other technologies.
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy. In some instances, we may combine Other Information with Personal Information. If we do, we will treat the combined information as Personal Information as long as it is combined.
We use certain physical, managerial, and technical safeguards that are designed to protect the integrity and security of information that we collect and store. Please be aware that no security measures are perfect, and we cannot ensure or warrant the security of any information you transmit to us or store on our Services. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
Use of Services by Minors
Our Services are not directed to children under thirteen (13), and we do not knowingly collect Personal Information from children under 13. If we learn that we have collected Personal Information of a child under 13, we will delete such information unless we receive specific written permission from a parent or guardian that the One Drop service has been approved for use by their child or their guardian child under the age of 13.
If you are a resident of California, under 18, and a registered user of the Services, you may ask us to remove content or information that you have posted to the Services by contacting us in accordance with the “Contacting Us” section below. Please note that your request does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.
We store and process Personal Information in the United States. By using the Services, you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here [hyperlink to EU Commission’s adequacy list online: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en]). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by contacting us in accordance with the “Contact Us” section below.
Additional Information Regarding the EEA
You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
Accessing or Modifying Your Information
You may update, correct, or delete your registration and profile information at any time by accessing your account settings. More broadly, if you wish to access, correct, update, restrict, or delete Personal Information, or to receive a copy of your Personal Information for the purpose of transferring to another company (to the extent those rights are provided to you by applicable law), you may contact us at firstname.lastname@example.org.
In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Retention: We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention period include: the length of time we have an ongoing relationship with you; legal obligations; or whether retention is advisable in light of our legal position. Any user may request to have their Personal Information deleted at any time. One Drop will promptly (usually within 24 hours) permanently delete all Personal Information for that user.
In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, Amazon, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the App.
We provide you with settings that allow you to adjust your sharing preferences. Please carefully use our Services and review your account settings.
Our settings may also allow you to adjust your communications preferences. If you receive promotional email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving promotional email from us by sending your request to us by email at email@example.com or by writing to us using the information in the “Contact Us” section. Please be aware that, even after you opt out from receiving promotional email from us, you will continue to receive administrative emails from us, which are necessary to continue operating the Services. You may turn off push notifications through your device settings.
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., Social Security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, or criminal background) on or through the Services or otherwise to us.
We may revise this policy from time to time. When we do, we will post the revised policy on this web page, and the revised version will be effective when it is posted. By continuing to access or use our Services after those changes become effective, you are agreeing to be bound by the revised policy.
One Drop ℅ Informed Data Systems, Inc.
166 Mercer Street, 2nd Floor
New York, NY 10012