Last updated December 13, 2018

PhysioAge Systems LLC ("PhysioAge", "us", "our" or "we") is committed to protecting your privacy. Our privacy policy, which applies to all users of our Website and Services, is designed to explain the information we collect and how we use it to provide our services and give users a better experience ("Privacy Policy"). This Privacy Policy is part of, and incorporated into, the Terms of Use.

References in this Policy to: (a) "GDPR" means: the General Data Protection Regulation 2016/679 ("GDPR") and all applicable laws and regulations which may be in force from time to time in the EEA Member State from which you are visiting the Website relating to the processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by any supervisory authority in any relevant jurisdiction; (b) "Personal Data", "Data Controller", "Data Processor" and "processing" shall have the meanings given to them in the GDPR; and (c) "Personal Information" (as the term is defined in Section 2 of this Privacy Policy), shall be deemed to be "Personal Data" for the purpose of GDPR.

By accessing and using the Website and/or Services, you consent to our collection, storage, use and disclosure of your Personal Information (defined below) and other information as described in this Privacy Policy.

Users should read this Privacy Policy carefully as it contains important information about how we will use Personal Data (as defined below). In certain circumstances (see below) Users will be required to indicate consent to the processing of Personal Data as set out in this Privacy Policy when they first submit such Information to or through the Website. For further information about consent please see below.

We are a Data Controller and therefore we are responsible for, and control the processing of, your Personal Data in accordance with the GDPR.

Types of Information We Collect

We collect both Personal Information and Anonymous Information about our users. "Personal Information" (also referred to as "Personal Data") has a legal definition but, in brief, it refers to information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier and may include your full name, email address and phone number, as well as information that is linked to such information. Such information must be protected in accordance with the GDPR.

"Anonymous Information" is information that cannot be used to contact or identify you and is not linked to information that can be used to do so. It includes passively collected information about your activities on the Services, such as usage data, to the extent that information is not linked to your Personal Information.

Authorized Users can access and browse certain portions of the Website and Services without disclosing Personal Information, although, like most website providers, we may passively collect certain information from your devices, such as your Internet Protocol ("IP") address and browser information. Please note that you can choose not to provide us with certain information, but this may not allow you full utilization of the Website and Service.

  • Voluntarily Submitted Information. We collect information that you provide to us during your use of the Website and/or Services, such as:
    • Personal Information that you or your clinician enter when creating or updating an Account, or that we receive about you from a third party, such as a lab, including your full name, email address
    • Your communications with us through the Services.
    • Information you provide in your Account or to our support team.
  • Information Collected Via Technology
    • We may collect information from your use of the Website and Services, including your hardware model, browser type, operating system and IP address. If you are using a mobile device, PhysioAge may also receive your unique device identifier, or another unique identifier, and mobile operating system. We may correlate this information with other Personal Information we have about you. We may also use cookies and URL information to gather information regarding the date and time you used the Website and Services and the information for which you searched and accessed. "Cookies" are small pieces of information that a website sends to your device while you are viewing a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your device until you delete them) to provide you with a more personal and interactive experience. Persistent Cookies can be removed by following web browser help directions.
    • We use third party services, such as Google Analytics, to track the volume, source and flow of visitors to our Website. We do this to better understand how you use the Website and Services, with a view to offering improvements for all Authorized Users, and to tailor our business activities accordingly. If you would like to opt out of Google Analytics, please download and install the browser plugin at http://tools.google.com/dlpage/gaoptout?hl=en.

How We Use Your Information

Personal Information

We may use your Personal Information for the following representative purposes:

How we use your information The legal basis for which is…

Send communications, including requested information related to the Services, as well as administrative emails

Register and administer your Account, and provide customer support

Analyze and evaluate information about your health status and health indicators

Communicate with and/or respond to you when you elect to "Chat live" or text with an admissions representative

Improve the quality of the Website and Services and perform internal operations, such as fraud detection

Personalize and tailor the features, performance and support of the Website

Analyze, benchmark and conduct research on user data and interactions with the Website

Processing services, maintaining user accounts, resolving disputes, preventing and identifying fraud and verifying your identity

We process Personal Data subject to User's rights (set out below under the heading ‘Updating your Personal Information') on the legal basis that it is necessary for providing Services through the Website or otherwise, which requires the processing of Users' personal data to enable us to provide these Services.
Send you promotional/marketing information, newsletters, offers or other information We may send out marketing communications based on our legitimate interests of providing professional services. The method of communication may vary as set out below:
  • we may send you information if you are dealing with us on behalf of a limited company or LLP, to your corporate email address;
  • we will only contact you via your personal email address if:
  • you have given your consent; or
  • you have previously bought goods and services from us and we are contacting you to let you know about similar goods and services that we offer.
  • You have the right at any time to let us know that you no longer wish to receive marketing communications from us.

    We may use a combination of Personal Data and Anonymous Information that we collect to target and measure the performance of advertisements to Users both on and off of the Website on our own and through different ad networks and exchanges, using the following data, whether separately or combined: (i) data from advertising technologies such as Cookies, Pixels, web beacons, ad tags and device identifiers; (ii) User-provided information; (iii) data from your use of the Website; (iv) information from others (e.g., advertising partners, publishers and data aggregators); and (v) social media platforms. We process the above Personal Data for the legitimate interest of providing our Services through the Website or otherwise, which requires the processing of Users' personal data to enable us to provide these Services.

    Anonymous Information

    We may use Anonymous Information for the following representative purposes:

    • Improve the Website and Services and customize the user experience, such as by providing targeted useful features based on the type of services you seek
    • Aggregate the information collected via Cookies and similar technologies to use in statistical analysis to help us track trends, market and promote our products, refine our offerings and communications and analyze patterns
    • Aggregate clinical data to provide context about relative health status and health indicators

    How long we keep your Information

    • Subject to Sections 3.b. and 3.c, we will keep your Personal Data only for the purposes set forth in this Privacy Policy for as long as we have an active contractual agreement, consent, legal obligation or other legitimate interest as expressed in this Privacy Policy and will store the Personal Data for another 10 years thereafter.
    • If required, we will be entitled to hold Personal Data for longer periods in order to comply with legal or regulatory obligations.
    • Information, including Personal Data, collected and used for our clinical research purposes shall be kept indefinitely for further future analysis and research pursuant to Article 17(3)(d) and Article 89(1) of the GDPR.

    Your consent to processing

    • As noted above, you will be required to give consent to certain processing activities before we can process your Personal Data as set out in this Privacy Policy. Where applicable, we will seek this consent from you when you first submit Personal Data to or through the Website.
    • If you have previously given consent you may freely withdraw such consent at any time. You can do this by notifying us in writing.
    • If you withdraw your consent, and if we do not have another legal basis for processing your information (see above), then we will stop processing your Personal Data. If we do have another legal basis for processing your Personal Data then we may continue to do so subject to your legal rights (for which see below).
    • Please note that if we need to process your Personal Data in order to operate the Website and/or provide our services, and you object or do not consent to us processing your Personal Data, the Website and/or those services may not be available to you.

    Marketing and opting out

    • Where you have previously ordered products or services from us we may contact you by e-mail about similar or related products, services, promotions and special offers that may be of interest to you. We will inform you (during the sale process) if we intend to use your data for such purposes and give you the opportunity to opt-out of receiving such information from us. In addition, and if you have given permission, we may also contact you by e-mail about our other products, services, promotions and special offers that may be of interest to you. We will inform you (before collecting your data) and seek your permission if we intend to use your data for such additional marketing purposes. If you prefer not to receive any direct marketing communications from us, you can opt out at any time (see below).
    • If you have given permission, we may contact you by e-mail to provide information about products, services, promotions, special offers and other information we think may be of interest to you. We will inform you (before collecting your data) if we intend to use your data for such purposes. If you would rather not receive such marketing information from us, or you no longer wish to receive it, you can opt out at any time (see below).
    • You have the right at any time to ask us, or any third party, to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to team@physioage.com or contact the relevant third party using their given contact details, giving us or them enough information to identify you and deal with your request. Alternatively, you can follow the unsubscribe instructions in emails you receive from us or them."

    How We Share and Disclose Information

    We know how important it is to keep your information confidential. We will not rent, sell or share your Personal Information with third parties except as specifically approved by you at the time of disclosure or under the circumstances described in this Privacy Policy.

    If you do not want us to use or disclose Personal Information collected about you in the ways identified in this Privacy Policy, you may choose not to provide your Personal Information and/or become an Authorized User. Notwithstanding the foregoing, when we receive Authorized Materials from a lab or other contracted third party that include Personal Information, such Authorized Materials will be matched with the appropriate Authorized User and entered into our system accordingly.

    In addition to using the information collected by us for the purposes described in Section 2 above, we may also share your information as described below. Please review our sharing policy closely, especially with respect to your Personal Information. By becoming an Authorized User, you agree to allow us to share the Personal Information you provide to us in the ways described below. Your ability to make changes to the information shared is also described below.

    Service Providers

    We share Personal Information with vendors, consultants, payment processers and other third party service providers (collectively, "Service Providers") who perform services on behalf of - and at the request of - PhysioAge, including without limitation, companies that host our Website and provide our software. We only provide Service Providers with Personal Information that is necessary for them to undertake the particular work that we have delegated to them. In order words, Personal Information is only provided on a need-to-know basis. PhysioAge has selected companies who maintain high standards with respect to privacy and agree to use Personal Information only to perform specific services on behalf of PhysioAge and in accordance with the terms and conditions of this Privacy Policy.

    Compliance with Laws, Law Enforcement and Safety

    We may disclose information we have collected about you if required to do so by law or if we, in our sole discretion, believe that disclosure is reasonable to comply with the law, requests or orders from law enforcement, or any legal process (whether or not such disclosure is required by applicable law), or to protect or defend PhysioAge's, or a third party's, rights or property.

    Aggregated Anonymous Information

    Aggregated anonymous information, or de-identified information, is the combination of your Anonymous Information with the Anonymous Information of other users ("Aggregated Anonymous Information"). Aggregated Anonymous Information does not allow you to be identified or contacted. We may share such Aggregated Anonymous Information with third parties for marketing and research purposes, among other purposes.

    Business Transactions

    In the future, we may share all or some of your Personal Information with any of our subsidiaries, joint venturers or other companies under common control, in which case we will require them to honor this Privacy Policy. Additionally, in the event we undergo a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge that such transfers may occur and are permitted by this Privacy Policy, and that any entity that acquires us, is merged with us or that acquires our assets may continue to process your Personal Information as set forth in this Privacy Policy.

    Your Choices

    You may modify or opt out of receiving messages sent for marketing purposes, or certain other communications, by adjusting your Account settings or following the unsubscribe instructions in such messages. Please note that despite any indicated marketing preferences, we may send you administrative emails regarding the Website or Services, including, for example, notices of updates to our Privacy Policy.

    Updating Your Personal Information

    If you are an individual, this section sets out your legal rights in respect of any of your Personal Data that we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using the contact information provided below) giving us enough information to identify you and respond to your request.

    You have the right to request:

    • Access to the personal data we hold about you, free of charge in most cases.
    • The correction of your personal data when incorrect, out of date or incomplete.
    • The deletion of the data we hold about you, in specific circumstances. For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (e.g. the end of a warranty).
    • A computer file in a common format (e.g. CSV or similar) containing the personal data that you have previously provided to us and the right to have your information transferred to another entity where this is technically possible.
    • Restriction of the use of your personal data, in specific circumstances, generally whilst we are deciding on an objection you have made.
    • That we stop processing your personal data, in specific circumstances. For example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
    • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
    • That we stop any consent-based processing of your personal data after you withdraw that consent.
    • Review by a Partner of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).

    Children

    This Website is not directed or intended for children under 13 years of age. We do not knowingly solicit, collect or maintain information from those we actually know are under 13, and no part of our Website is targeted to attract anyone under 13. We also do not send e-mail correspondence to anyone who advises that they are under the age of 13. If we later obtain actual knowledge that a user is under 13 years of age, we will take steps to remove that user's Personal Information from our systems and delete the Account. If you are the parent or guardian of a child whom you believe has disclosed Personal Information to us, please contact us at team@physioage.com so that we may delete and remove such information from our system.

    Security and Data Retention

    We are very concerned with safeguarding your information. We employ all reasonable administrative, physical and electronic measures designed to protect your information from unauthorized access, including 256-bit TLS encryption. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored "personal data" (as defined in applicable state statutes on security breach notification) to you via email or conspicuous posting on the Website in the most expedient time possible and without unreasonable delay, insofar as it is consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. Although guaranteed security does not exist either on or off the Internet, we make commercially reasonable efforts to make the collection and security of such information consistent with this Privacy Policy and all applicable laws and regulations.

    We may need to transfer your Information to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein ("EEA"). Non-EEA countries that we may need to transfer your Information to include:

  • USA, because our headquarters are based there.
  • Where we do transfer your Information to countries outside the EEA we will take reasonable steps in accordance with applicable Privacy and Data Protection Requirements.

    Third Party Materials

    PhysioAge may provide links to other websites, or content and materials, that are owned and/or operated by third parties ("Third Party Materials"). PhysioAge does not investigate or monitor such Third-Party Materials, and therefore is not responsible or liable for the same. Moreover, PhysioAge is not responsible for the privacy practices employed by third party websites, nor are we responsible for the information or content they contain. This Privacy Policy applies solely to information collected by us through the Website and Services; thus, when you use a link to go from our Website to a third-party website, this Privacy Policy is no longer in effect. We encourage users to read and consider the privacy policies of these other websites before using them.

    Changes to Our Privacy Policy

    We reserve the right to change, modify, add or remove portions of this Privacy Policy at any time and without prior notice, and any changes will become effective immediately upon being posted unless we advise you otherwise. However, we will not use your Personal Information in an adverse, materially different way from the uses described in this Privacy Policy without giving you an opportunity to opt out. Your continued use of the Services after this Privacy Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of the Privacy Policy, as amended. We encourage you to bookmark this webpage and review this Privacy Policy regularly.

    California Privacy Rights

    Under California's "Shine the Light" law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (i) a list of the categories of Personal Information, such as name, address, e-mail address, and the type of services provided to that individual, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties' direct marketing purposes, and (ii) the names and addresses of all such third parties. To request the above information, California residents can email us at team@physioage.com.

    Contact Us

    We do believe that we can resolve any query or concern you may raise about our use of your Personal Information. If you have any questions or concerns regarding our Privacy Policy, you can contact us via email at team@physioage.com or send us a letter to:

    PhysioAge Systems LLC
    30 Central Park South
    Suite 8A
    New York, NY 10019

    If you are accessing this Website or the Services from the European Union, the General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular within the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws may have occurred. The supervisory authority in the UK is the Information Commissioner (ICO) who may be contacted online at http://ico.org.uk/concerns/ or by telephone at 0303 123 1113.