Last Updated date: 03-16-2023
Hoot Health Inc. (“we,” “us,” “ours” or “Hoot”) provides content and online management services to help health care providers manage myopia in kids (collectively, the “Services”). We collect personal information from parents and guardians about their kids on behalf of their health care providers (“Providers”). We also collect personal information about Providers. This privacy policy (“Privacy Policy”) explains how we collect, process, store and share personal information. It also provides you with important information about your personal information rights and how to exercise them.
By using, interacting with or accessing our Services, or by providing your personal information to us, you acknowledge that you accept our privacy practices and policies outlined below and you consent to us collecting, processing, storing and sharing your information as described in this Privacy Policy.
We collect, process, store and share information that identifies, relates to, or could reasonably be linked, directly or indirectly, with a particular individual or household (“personal information”). Personal information does not include information publicly available from government records, or which is not personal, like anonymous, deidentified or aggregated data (even if it originally comes from personal information).
We collect, process and store, and may share with third parties, the following categories of personal information.
We may share your personal information with the categories of parties listed in this section.
This section details the business purposes for which we collect, process, store and/or share your personal information.
For purposes of this Privacy Policy, “sell” means the disclosure of personal information to a third party in exchange for money or other valuable consideration.
Unless a patient (or a patient’s parent or guardian) has provided us with written consent to sell a patient’s personal information or share it for marketing or advertising purposes:
We may collect protected health information (also called “PHI”) that is covered by HIPAA. The HIPAA Privacy Rule applies to PHI covered by HIPAA.
We de-identify PHI in accordance with the HIPAA Privacy Rule by removing specified personal information that could identify an individual (e.g., name, telephone number, email address and account numbers). Once PHI is de-identified, it is no longer PHI covered by HIPAA nor is it personal information covered by this Privacy Policy.
We may sell or otherwise use or disclose de-identified patient and health information, including for the purposes of marketing and advertising.
Unless a Provider opts out (as provided in the below section called, Your Privacy Rights and Choices):
We retain personal information about you for as long as we deem to be necessary or advisable for the purposes described in the above section called, Our Business Purposes for Collecting and Sharing Personal information (such as providing the Services) or as directed by Providers with respect to personal information collected on their behalf. We may maintain your personal information after you have stopped using or interacting with our Services; for example, we may retain your personal information to improve our Services, continue to provide Services to Providers, comply with legal obligations, resolve disputes or collect fees owed.
This Privacy Policy covers how we treat personal information that we acquire from you or other sources related to our Services or other interactions with us. This Privacy Policy does not cover the policies or practices of Providers or third parties that you may access or be connected with through the Services.
We collect personal information about you from the following categories of sources:
This Privacy Policy does not cover, and we are not responsible for, the privacy practices of Providers or any third parties, which have their own rules for how they collect and use personal information. Please make any privacy requests directly to Providers or third parties with respect to personal information in their control.
Our Services may include links to third-party websites, services, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal information about you. We do not endorse or control these third-party websites or services and are not responsible for their privacy practices or any information on their websites. When you leave our Services, we encourage you to read the privacy policy of every website you visit.
Our Services include links to the following third-party services, among others:
You must be 18 years of age to use the Services. By accessing or using the Services, you represent and warrant to us that you are at least 18 years of age.
We do not collect any personal information directly from children under 18 years of age. As a parent or guardian, you may provide or make available personal information of your children to us, and, by doing so, you agree and consent to our collection and use of your children’s personal information.
If you are a child under the age of 18, please do not attempt to log in to the Services or send us any personal information. If we learn we have collected personal information directly from a child under 16 years of age, we will delete that data as quickly as possible. If you believe that a child under 16 years of age may have provided personal information to us, please contact us at support@ hootmyopiacare.com
To our knowledge, we do not sell or share for cross-contextual behavioral advertising or targeted advertising purposes the personal information of children under the age of 16.
You may not disclose the personal information of another individual to us, or make it available through the Services, unless (1) you are the parent or guardian providing the personal information of your own children; or (2) you are providing the personal information of an individual who is 18 years of age or older and you have that individual’s prior written consent. To the extent that you provide another individual’s personal information to us or use it in the Services, you acknowledge and agree that you are responsible for compliance with all applicable laws concerning such personal information.
Subject to exemptions and limitations provided by applicable law, if you are an individual you have the right to:
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a written request (using one of the methods below) that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal information, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may ask for information to verify your identity, such as name, phone number, email and address. We will only use personal information provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
Please be aware that certain Services or features or functionality of the Services may be unavailable to you if we honor your requests with respect to certain privacy rights.
We will work to respond to your Valid Request promptly within the timeframes required by applicable privacy law (usually between 15 to 45 days depending on the type of Valid Request, with the right for us to extend the response time as necessary). We will not charge you a fee for making a Valid Request unless your Valid Request is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
You may also authorize an agent (an "Authorized Agent") to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
In some instances, we may not be able to honor your request. For example, we may not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we may not honor your request where not required to do so under applicable privacy laws. We will advise you in our response if we are not able to honor your request.
Our Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “cookies”) to gather data about visitors to our Services, analyze trends and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own cookies on your devices through the Services or otherwise.
“Do Not Track” is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. Our Services are not currently configured to respond to Do Not Track signals or other mechanisms that provide users the ability to exercise choice regarding the collection of personal information about a user’s online activities over time and across third-party websites or online services.
You can decide whether or not to accept certain cookies through your internet browser’s settings. Most browsers have an option for turning off the cookie feature, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser's menu.
You can also delete all cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our Services and some of the Services and functionalities may not work.
We allow third parties to set and collect cookies through our Services. Please review such third parties’ privacy policies and other terms for information on their privacy practices and uses of personal information, including whether they use cookies to provide targeted and cross-contextual behavioral advertising and your options to opt-out.
We use the following third-party cookies (and may use others):
To make choices about targeted advertisements from participating third parties, including to opt-out of receiving targeted advertisements from participating third parties, please visit the Network Advertising Initiative at http://www.networkadvertising.org/choices/ or the Digital Advertising Alliance at www.aboutads.info/choices.
To find out more information about cookies, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/.
We will maintain reasonable technical and organizational safeguards for the protection of the security and confidentiality of personal information from unauthorized access, use, disclosure or transfer. Despite our efforts to ensure security, we cannot guarantee or warrant that your personal information will not be accessed, acquired, disclosed for an improper purpose, altered or destroyed by an unauthorized person or as a result of a breach of our security safeguards or those of our hosting provider or other vendors or service providers. We cannot ensure the security of any data transmitted to us over the internet. To the fullest extent permitted by applicable law, we accept no liability for any unintentional disclosure by us of your personal information. Therefore, we urge you to take adequate precautions to protect your personal information as well, including, without limitation, choosing a strong password, never sharing your account username or password, and logging out of your account and closing your browser when no longer using or interacting with the Services on a shared or unsecured device.
We operate from the United States and the personal information we collect or receive is stored and processed in the United States. You consent to the transfer, processing and storage of your personal information in the United States. You also consent to the transfer, processing and storage of your personal information by us, our affiliated entities, our vendors or other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world subject to the provisions of this Privacy Policy. The United States and other jurisdictions to which we transfer or in which we process or store your personal information may not have the same data protection laws as your jurisdiction.
We reserve the right to amend this Privacy Policy at our discretion and at any time. When we do, we will post the revised policy in the Services with a new “Last Updated” date. Your continued use of our Services or your provision of personal information to us following the posting of changes constitutes your acceptance of such changes. We encourage you to visit this page regularly for any changes.
You may contact us with questions or concerns related to this Privacy Policy and our privacy policies and practices as follows:
If you have a disability, you may access this Privacy Policy in an alternative format by contacting us at: