GROUPORT

PRIVACY POLICY

Last Updated – January 7, 2020

Welcome to Grouporttherapy.com (the “Site”). The Site is the property of, and is operated by, Grouport Inc. (hereinafter “Grouport” “we,” “us,” or the “Platform”). Grouport is a platform that provides access to online group therapy. We invite all visitors to, or users of, the Site (“you”) to carefully our Terms of Use, which governs the terms of your usage of the Site [Terms of Use] ,and this Privacy Policy, which, explains our information practices regarding the collection, use and disclosure of the information collected when you use the Site. By using the Site, you are consenting to the collection, use and disclosure of your information as described in this Privacy Policy.

INFORMATION COLLECTED BY GROUPORT

To provide the Platform, we have to collect certain information that identifies you, or that can be readily used to identify you (including, without limitation, your name, gender, birthday, address, phone number, email address, and contact information), billing and payment information, profile information, and other personal information which you choose to provide; such information is collected when you provide it (for example, by providing your initial information, scheduling a session, and communicating with a therapist) and is referred to as “Personally Identifiable Information” or “PII.”

The Site also automatically collects information based on your use which doesn’t readily identify you and which is called “Non-Personally Identifiable Information” or “NPII.” This information includes, but is not limited to, how you come to the Site and what you visit at the Site, other websites you visit and the time spent on those websites and this Site, your computer, IP address, region, and browser version. We gather this information automatically and may aggregate it with NPII of other users in order to better understand how many visitors we have, when we receive the most visits, content, research and trend analysis and to improve the services offered on the Platform. Except as required in connection with the services provided through the Platform and the payment therefor, before providing data to our partners or third-party providers, we will remove your name and any other personally identifying information, or combine such information with other people's data in a way that it no longer identifies you personally.

SAFEGUARDS FOR PERSONALLY IDENTIFIABLE INFORMATION

Some of the PII that you give to us is considered health related data and is considered all Protected Health Information. Grouport stores all Protected Health Information in compliance with HIPAA .

Grouport employs reasonable physical, electronic, and managerial procedures to safeguard and secure the PII we collect online. However, no Internet transmission is 100% secure or error-free, nor is stored data free from vulnerabilities. We cannot guarantee the security of our database, the Site, your PII, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet. We are not responsible for the actions of third parties.

Grouport contracts with licensed providers and therapists to provide the Platform., We will keep your PII confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies, or during an emergency circumstance as determined by your provider or therapist in their discretion). We will only use your PII information in conjunction with operating the Platform, such as

  • sharing your information with providers or therapists to assist in their provision of services;
  • providing information required by card companies or other payment processors;
  • information shared with third-party videoconferencing providers (we currently use Zoom);
  • information shared with third-party scheduling and/or billing providers (we currently use Acuity Scheduling);
  • information shared with third-party online form company (we currently use JotForm)

We will require these third parties not use your PII for their own business purposes.

For additional details as to how we comply with the HIPAA Privacy Rule, please read our HIPAA Business Associate Privacy Policy, available at the end of this Privacy Policy.

ACCESS THROUGH PORTABLE DEVICES

If you access the Platform from a mobile device, you acknowledge and understand that (a) your carrier's normal rates and fees, such as text messaging fees, may still apply; (b) your use of the Platform through a mobile application will be subject to the terms of use of the applicable app store (e.g. the Apple App Store or Google Play Store) and may require syncing your contact list or other PII in connection with the use of such mobile application.

COOKIES

When you browse the Site and have not registered for any online service through the Site or the Platform, personally identifiable information—such as your name, address, phone number, and e-mail address—is not collected. However, we track how our site is used by both visitors and our registered customers. One way we track is by using cookies.

Cookies are small text files containing user IDs that are automatically placed on your computer or other device by when you visit a website. The cookies are stored by the internet browser. The browser sends the cookies back to the website on each subsequent visit, allowing the website to recognize your computer or device. This recognition enables the website provider to observe your activity on the website, deliver a personalized, responsive service and improve the website.

Cookies collect information that includes the server your computer is logged onto, your browser type, and whether you responded to a Grouport banner ad from outside our site or through an e-mail link. A cookie cannot retrieve any other data from your hard drive, pass on computer viruses, or capture your e-mail address or any other personally identifiable information.

Using cookies enables us to recognize your computer if you or someone else using your computer returns to our site, and to keep track of the pages on our site that you or another user of your computer visit, and whether or not you or another user of your computer respond to certain banner ads or special offers. We use this information to help us present more relevant offers and information.

You can adjust your computer browser settings so that you are informed when a cookie is being placed on your browser. You can also set your browser to decline or accept all cookies. However, if you choose to register for an online service on the Platform, cookies are essential for site administration and security.

HOW GROUPORT USES COLLECTED INFORMATION

Grouport may use information it collects (both PII and NPII) in the following ways:

  • To assist with the creation and management of your usage of the Platform;
  • To assist with your use of the Platform and provide you with customer support;
  • For billing-related purposes;
  • To contact you or provide you with information, alerts and/or suggestions that are related to Platform and your usage thereof;
  • Where disclosure is required or permitted by law, (for example to government bodies and law enforcement agencies, or during an emergency circumstance as determined by your provider or therapist in their discretion);
  • To reach out to you, either ourselves or using the appropriate authorities, if either we or your provider or therapist have a good reason to believe that you or any other person may be in danger or may be either the cause or the victim of a criminal act;
  • To match you with a provider or therapist;
  • To enable and facilitate the provision of online group support or online group therapy services by your provider or therapist;
  • To supervise, administer and monitor the online group support or online group therapy services on the Platform;
  • To measure and improve the quality, the effectiveness and the delivery of the Platform and the services provided through the Platform;
  • To market the Platform and related services to you.

We will retain your personal data only for as long as necessary for the purposes it was retained, such as to enable you to use the Site or to provide services to you. In some instances, we may retain data for longer periods in order to comply with applicable laws (including those regarding document retention), resolve disputes with any parties, and otherwise as necessary to allow us to conduct our business. All personal data we retain will be subject to this Privacy Policy and our internal retention guidelines.

YOUR OBLIGATIONS IN USING THE PLATFORM

If you use the Platform to publish or otherwise share any of your own personal or contact information with third parties, or otherwise publicize such information, you assume full responsibility for any further use of information.

Your information will be protected for your privacy and security. You need to protect and safeguard your information appropriately and may want to limit access to your computer and browser by signing off after you have finished using the Platform so as to prevent unauthorized access to your PII.

In using the Platform, you agree to take actions to protect the privacy of your PII as well as the PII of other users of the Platform. To protect the privacy and rights of other users, you agree not to engage in the following activities, whether directly or indirectly, each of which is strictly prohibited:

  1. transmit, distribute, or post anything that is unlawful, deceptive, false, stolen, hateful, threatening, abusive, violent, harassing, obscene, pornographic, defamatory, racially or ethnically objectionable, bullies another user, or is in violation of the personal privacy rights of another;
  2. transmit, distribute, or post any content or take any action that infringes or violates someone else's rights (whether protected by copyright, trademark, trade secret, right of publicity, or other proprietary right) or otherwise violates the law;
  3. transmit, distribute, or post anything which constitutes advertising or promotional materials or solicit users to use particular goods or services, except as otherwise expressly permitted by Grouport;
  4. use the Site for illegal purposes, in violation of any applicable laws or regulations;
  5. copy, sell, resell, distribute, rent, disclose, or exploit for commercial purposes any portion of the Site or the services provided by the Platform;
  6. use any robot, spider, scraper or other automatic or manual process to monitor, data mine, or copy any Site pages, content, or user information, except as expressly permitted by Grouport;
  7. use or distribute another’s username, password, personally identifiable information, or financial information without authorization, or otherwise engage in any activities intended to impersonate or hide a user’s identity or contact information;
  8. interfere with, or disrupt, the access of any user, host, or network, including sending a virus, uploading malicious code, overloading, flooding, spamming, mail-bombing the Site or its users, or by scripting the creation of content or accounts in such a manner as to interfere with or create an undue burden on the Site;
  9. collect user names and contact information and/or send unsolicited commercial communications (spam);
  10. solicit another user’s login information or otherwise access information belonging to someone else;
  11. take any action that imposes an unreasonable or disproportionately large load on the Site’s infrastructure or interferes with the proper working of the Platform;
  12. attempt to decompile, decipher or reverse engineer any of the software used by Grouport as part of the Platform, or modify, translate, or otherwise create derivative works of any part of the Platform, or copy, rent, lease, distribute, or otherwise transfer any of the rights that you receive hereunder;
  13. access or tamper with non-public areas of the Site, the Platform, our computer systems, or the systems of our technical providers;
  14. access or search the Site by any means other than the currently available, published interfaces that we provide;
  15. forge any TCP/IP packet header or any part of the header information in any email or posting, or in any way use the Site or the Platform to send altered, deceptive, or false source-identifying information;
  16. use the Platform for anyone other than yourself without their express authorization;
  17. Record any Group Services or communications with Providers;
  18. copy or adapt any portion of our code or visual design elements (including logos) without express permission from Grouport unless otherwise expressly permitted by law; or
  19. assist or permit any persons in engaging in any of the activities described above.

JURISDICTION

Our Site is operated in the state of New York, and is only intended for use in the state of New York.  If you are located in another jurisdiction, you may not use this Site.  By using our services or the Site or providing us with any information, you represent and warrant that you are a resident of, or physically located within New York State, and consent to this transfer, processing, and storage of your information in New York. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the Grouport Terms of Use. However, no system is completely secure or error-free. We do not, and cannot, guarantee the complete security of your information.

ARBITRATION

AS SET FORTH MORE FULLY IN THE TERMS OF SERVICE, YOU AGREE THAT DISPUTES BETWEEN YOU AND GROUPORT WILL BE RESOLVED BY BINDING, INDIVIDUAL ARBITRATION IN THE STATE OF NEW YORK, CITY OF NEW YORK, EACH SIDE TO BE RESPONSIBLE FOR ITS OWN COSTS AND EXPENSES THEREOF, AND YOU WAIVE YOUR RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION.

EFFECTIVENESS

This Privacy Policy is effective as the date noted above. Grouport reserves the right to amend this Privacy Policy at any time without notice, and only the current Privacy Policy may be deemed effective. However, we will notify you prior to the effectiveness of the new Privacy Policy using the email address which you provided when registering for the Platform.‍

-------

OUR HIPAA BUSINESS ASSOCIATE PRIVACY POLICY

GROUPORT is committed to complying with the HIPAA Privacy Rule and maintaining the confidentiality of patients’ Protected Health Information (PHI) through appropriate, authorized access, uses, and disclosures. GROUPORT will create, store, maintain, use, transmit, collect and disseminate PHI in an environment that promotes confidentiality and integrity without compromising PHI.

We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information (PHI) that we obtain subject to the terms of a Business Associate Agreement. GROUPORT has designated a privacy official responsible for the development and implementation of our HIPAA policies and procedures.

This Policy is provided to help you better understand how we at GROUPORT, use, disclose, and protect PHI in accordance with the terms of Business Associate Agreements.

Definitions

Business Associate Agreement (BA Agreement). A Business Associate Agreement is a formal written contract between GROUPORT and a Covered Entity that requires GROUPORT to comply with specific requirements related to PHI.

Covered Entity. A Covered Entity is a health plan, health care provider, or healthcare clearinghouse that must comply with the HIPAA Privacy Rule.

Protected Health Information (PHI). PHI includes all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.

Use and Disclosure of PHI

We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the Privacy Rule.

In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.

We may also use PHI to report violations of law to appropriate federal and state authorities.

Safeguards

We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity. Such safeguards include:

  • Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
  • Providing appropriate training for our staff to assure that our staff complies with our security policies;
  • Making use of appropriate encryption when transmitting PHI over the Internet;
  • Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
  • Utilizing appropriate authentication and access controls to safeguard PHI;
  • Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
  • Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.

Mitigation of Harm

In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:

  • Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity; and
  • Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.

Access to PHI

As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.

Information We Collect

We may collect and process the following data about you:

  • Personal identifiers, such as your name, email address, state of residence, date of birth, and mobile number, when you register with us or purchase our services.
  • Commercial information, such as your purchase history.
  • Internets or other electronic network activity information, such as your interaction with our website and service.

How We Use Your Information

We use the information we collect in various ways, including:

  • Provide, operate, and maintain our services.
  • Improve, personalize, and expand our services.
  • Understand and analyze how you use our services.
  • Develop new products, services, features, and functionality.
  • Communicate with you, either directly or through one of our partners, for customer service, to provide you with updates and other information relating to the service, and for marketing and promotional purposes.
  • Process your transactions.
  • Send you transactional messages, such as confirmations, receipts, and reminders.
  • Send you marketing and promotional communications. We may use the information we collect to send you promotional emails about products, services, offers, promotions, rewards, and events offered by Grouport and others and provide other news or information about us and our partners. You can opt out of receiving any promotional communications.

Disclosure of Your Information

We may share your personal information in the following situations:

  • With Service Providers: We may share your personal information with service providers to monitor and analyze the use of our service to contact you.
  • For Business Transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • For Legal and Compliance Reasons: If required by applicable law, regulation, legal process, or governmental request.
  • With your Consent: We may disclose your personal information for any other purpose with your consent.

Your Data Protection Rights Under GDPR

If you are a European Economic Area (EEA) resident, you have certain data protection rights. Grouport aims to take reasonable steps to allow you to correct, amend, delete, or limit your personal data use.

If you wish to be informed about what Personal Data we hold about you and if you want it removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or delete our information on you.
  • The right of rectification.
  • The right to object.
  • The right of restriction.
  • The right to data portability.
  • The right to withdraw consent.

Your Rights Under the CCPA

Under this Privacy Policy, and by law, if you are a resident of California, you have the following rights:

  • The right to notice. You must be properly notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
  • The right to access and portability. You have the right to request that we disclose certain information about our collection and use of your Personal Data over the past 12 months.
  • The right to deletion. You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions.
  • The right to non-discrimination. We will not discriminate against you for exercising any of your CCPA rights.

SMS/MMS Mobile Message Marketing Program

We respect your privacy. We will only use the information you provide through the Program to transmit your mobile messages and respond to you if necessary. This includes but is not limited to, sharing information with platform providers, phone companies, and other vendors who assist us in delivering mobile messages. You may text 'STOP' at any time to our phone numbers if you do not wish to hear from us. Message and data rates may apply.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and editing the "Last updated" date at the bottom of this Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

support@grouporttherapy.com

420 Lexington Avenue, New York, NY 10170