At Sika Health, we value your privacy. This Privacy Policy (“Privacy Policy”) describes how Sika Health, Inc. (“Sika,” “we,” or “our”) collects, uses, processes, and discloses personal information and personal health information (collectively, “Your Information”) when you use the Services or communicate with us directly by email, text, or phone. Any capitalized terms used but not defined in this Privacy Policy have the definitions given to them in our Terms of Service.
The term “Your Information” includes any information that can be used on its own or with other information in combination to identify or contact a natural person. Some of Your Information that we collect and transmit may be considered “health data” (i.e., data related to your physical or mental health), “protected health information” or “PHI” (i.e., information that relates to your past, present, or future physical or mental health or condition(s); the provision of health care to you; or the past, present, or future payment for the provision of health care to you), and/or medical records as defined by state law. Although PHI is transmitted through the Sika platform in connection with the LMN Services, Sika is not a provider of healthcare services. Sika is a technology platform that enables, facilitates, and supports the acquisition of health-related products and services by users from third-party merchants.
We may update or modify this Privacy Policy from time to time. If we make material changes, we will revise the “Last Updated” date above, and we may also choose to send you a notification of these changes. We encourage you to review this Privacy Policy frequently to stay informed about our privacy practices and how you can exercise your options related to those practices. Your continued use of the Services will constitute your understanding and acknowledgement of this Privacy Policy. If you do not agree with this Privacy Policy or any subsequent updates, you must stop using the Services.
We may collect the following types of information about you when you use the Services:
Information You Provide to Us
We collect information that you provide to us directly when you use the Services, for example when you pay with Sika, or contact us directly with questions or feedback. This information may include
Note that if you pay with Sika, we use an integration with a PCI-DSS compliant payment processor to collect and process your payment, which payment processor is subject to change. If Sika uses a third-party payment processor, you will supply personal details and card information directly to the payment processor through a secure interface operated by that processor and Sika will not collect or store such details, which will be secured and kept confidential by the third-party processor under contract with us. However, your billing details, such as your payment card number provided to the payment processor, are handled and secured exclusively by the payment processor. The payment processor returns a token to Sika indicating your payment. Sika is not responsible for the payment processor’s data collection or storage.
Information We Collect Automatically
We may automatically collect information about you when you access the Services. This information may include the following:
We collect and store some of the information described in this subsection by using cookies and other similar technologies like pixels, tags, and web beacons (collectively, “Cookies”). Cookies are small strings of information that a website you visit transfers to your browser. Cookies can be used to track your internet activity, remember your preferences, or improve or localize your user experience. Some cookies are necessary to operate a website, while others are not. You can decide if and how your device will accept cookies by configuring your browser settings. If you choose to reject cookies, you may not be able to use certain features of the Services. You can find more information on cookies from the Federal Trade Commission.
Information We Collect from Third Parties
We may collect information about you from third parties, for example by allowing third parties to place their own Cookies on the Services that help us with measuring site traffic and analytics. The information collected and stored by these third parties is subject to their own privacy policies and practices.
We may use the information we collect about you to serve the following purposes:
We may aggregate and/or anonymize personal information so that it can no longer be reasonably linked to a specific individual. We may do this to generate data sets to help us develop, analyze, and improve our Services.
We may disclose your information to third parties as follows:
We may also share your information with other third parties at your direction or with your consent. We do not voluntarily share your information with public or private third-party databases. As noted above, we may share aggregated and anonymized information with third parties as permitted by law; for example, we share aggregate information publicly to show trends about the use of FSA/HSA payments generally.
Your use of our Services is voluntary. You may decline to share certain information with us, in which case we may not be able to provide you with some or all the features and functionality of the Services.
The Services are not intended for individuals under the age of 13. No one under age 13 may provide any personal information to or on the Services, and we do not knowingly collect personal information from children under 13. If you are under 13, you may not use the Services. If we learn we have collected or received personal information from a child under 13, we will use all reasonable efforts to delete such information. If you believe we might have any information from or about a child under 13, please contact us immediately at legal@sikahealth.com with the subject line “Children’s Privacy.”
We take reasonable steps to protect your personal information from loss or unauthorized use, access, disclosure, alteration, or destruction. However, it remains possible that third parties may unlawfully intercept or access transmissions or private communications and may abuse or misuse your personal information that they unlawfully collect from the Services. Additionally, we can’t guarantee the complete security of any personal information you disclose online. For example, emails sent to or from our Services may not be secure, and so you should take care when considering what information you send to us via email. To the extent permitted under applicable law, we assume no liability or responsibility for the loss, disclosure, or destruction of your personal information due to errors in transmission, unauthorized access by third parties, or other causes beyond our control.
In the event of a data or security breach, Sika will take the following actions: (i) promptly upon becoming aware of a security incident, investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Sika’s control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Sika in connection with such security incident; (iii) as applicable, cooperate with any affected Sika user or client in accordance with the terms of Sika’s contract with such user or client; and (iv) document and record actions taken by Sika in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. Sika will notify you of any data or security breaches as required by and in accordance with applicable law.
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, or for other essential purposes, such as complying with our legal obligations, resolving disputes, enforcing our agreement, or otherwise as required or permitted by law. Please note, Sika is not the “source of truth” for information typically retained in a patient medical record; all PHI and other data that may be considered part of your medical record will be maintained in accordance with all applicable medical retention laws, rules and regulations, by your provider. Further, Sika reserves the right to continue using de-identified data indefinitely, even after Your Information has been removed from Sika’s databases. We may continue to disclose de-identified data to third parties in a manner that does not reveal Your Information, as described in this Privacy Policy. Our continued use of de-identified data will comport with applicable law.
If you reside in a U.S. state that currently has a comprehensive privacy law in effect that applies to Sika, you may be entitled to exercise the following privacy rights:
To exercise any of these privacy rights, if they apply to your relationship with us, please email us at legal@sikahealth.com with the subject line “Privacy Request.”
The Services may make available or provide links to websites and services provided and operated by third parties (“Third Party Content”). Sika does not control, and is not responsible for, any Third Party Content, and this Privacy Policy does not apply to Third Party Content. We encourage you to review the privacy and security policies applicable to any Third Party Content before engaging with it.
The Services are hosted in the United States and are intended for use by residents of the United States. We make no representations that the Services are appropriate or available for use in any location outside of the United States. If you are a resident of another country or are using the Services from outside of the United States, please note that you are transferring your data to the United States, which does not have the same data protection laws as other regions.
If you have any questions about this Privacy Policy or would like to exercise your data protection rights, you can reach us at legal@sikahealth.com. You may also contact us at the below address:
Sika Health, Inc.
2196 Third Ave, Unit 10039
New York NY, 10035
Attn: Legal