Cerebral, Inc. Privacy Policy

Last Revised: September 6th, 2021

This Privacy Policy (“Privacy Policy”) describes the types of information Cerebral Inc. and its affiliates, (collectively, “Cerebral,” “we,” “our,” or “us”) may collect from you or that you may provide when you visit the websites located at www.getcerebral.com (collectively, our “Websites”), and mobile software application (together with its pages and features, “Apps”) and our practices for collecting, using, maintaining, protecting, and disclosing that information. This Privacy Policy is incorporated into our Terms of Use. All capitalized terms used in this Privacy Policy but not defined herein have the meanings assigned to them in the Terms of Use.

This Privacy Policy applies to information we collect on our Websites and Apps, from any devices that interact with our Websites or Apps, in email, text and other electronic messages between you and our Websites and Apps, and when you interact with our advertising and applications on third party websites and services, if those applications or advertising include links to this Privacy Policy.

This Privacy Policy does not apply to information collected by us offline or through any other means, including on any other website operated by Cerebral or any third party; or any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Websites or Apps.

Please read this Privacy Policy carefully to understand out policies and practices regarding your information and how we will treat it. By accessing or using the Websites and Apps, you accept the practices and policies outlined in this Privacy Policy and you hereby consent that we will collect, use, and disclose your information as set forth in this Privacy Policy. If any term in this Privacy Policy is unacceptable to you, your choice is to not use the Websites or Apps. This Privacy Policy may change from time to time (see Revisions to Our Privacy Policy) and your continued use of the Websites and Apps after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Note, Cerebral is not a medical group. Any telemedicine consults obtained through our Websites or Apps are provided by independent medical practitioners including, but not limited to, Cerebral Medical  Group, P.A. (collectively, “CMG”), an independent prescriber group with a network of United States based health care prescribers (each, a “Prescriber”). CMG and all members of its Affiliated Covered Entity (collectively, “we” or “our”) are required by law to maintain the privacy of your health information in accordance with federal and state law and in accordance with the Notice of Privacy Practices, available at http://getcerebral.com/privacy-practices. In the event of a conflict between this Privacy Policy and the Notice of Privacy Practices, the Notice of Privacy Practices shall prevail. If you do not agree to be bound by those terms, you are not authorized to access or use our Websites or Apps, and you must promptly exit our Websites or Apps.

By opting in to use Cerebral, you agree that when you use or enter the Websites or Apps, you affirmatively consent to conduct business electronically with Cerebral and engage in health-oriented activities with health professionals and professional entities affiliated with Cerebral, and such processes have the same force and effect as your written signature. You agree and consent to Cerebral, Cerebral affiliates or certain affiliated professional entities sending you disclosures, messages, notices, and other communications to your designated mobile phone and email account. If you do not agree with any of these terms or our Privacy Policy, you may not use the Websites or Apps.

Information We Collect about You and How We Collect It

We collect several types of information from and about users of our Websites and Apps, (collectively, “personal information”) including information:

-by which you may be personally identified, such as name, home address, billing address, shipping address, email address, home, work, and mobile telephone numbers, country, date of birth, credit or debit card number (for payment purposes only), driver’s license number, audio, images and videos of you, Social Security Number, your medical history, health insurance subscriber information, health information, racial or ethnic origin, religion or religious believes, criminal background checks, criminal history, political organizations or beliefs, sexual orientation or preferences, or any other information you chose to provide to us, or which is collected, on the Websites or Apps that is defined as personal data or personally identifiable information under an applicable law;

- that is about you but individually does not identify you, such as whether you are a current user, product interests, or information related to your inquiry or request, and traffic data, logs, referring/exit pages, location, data and time of your visit to our Websites or use of our Apps, error information, clickstream data, and other communication data and the resources that you access and use on the Websites or through our Apps;

- about your internet connection, the equipment you use to access our Websites or Apps, and usage details; and/or

-about your medical condition, treatment options, physician referrals, prescriptions, and lab results, including protected health information (“PHI”) or other related health information.

We collect this information:

- Directly from you when you provide it to us.

- Automatically as you navigate through the Websites or use our Apps. Information collected automatically may include real-time location data, usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

- From third party intermediaries, for example, CMG and Prescribers, Zendesk (a customer service, support and technology prescriber), a third party pharmacy fulfillment and technology prescriber, and other business partners and service prescribers with whom we partner to provide you with services.

Information You Give to Us.

The information we collect on or through our Websites or Apps may include:

- Personal information such as the data identified above.

- Information that you provide on our Websites or Apps. This includes information provided when you sign up for our services; when you use our services or other services available through the Websites or Apps, when you purchase products, when we process or respond to your inquiries related to requests for treatment, payment, customer service; and when you provide feedback on our Websites or Apps.

- Records and copies of your correspondence (including email addresses), if you contact us.

- Your responses to questions that we might ask you to complete for research purposes.

- Details of transactions you carry out through our Websites and Apps and of the fulfillment of your inquiries or requests.

- Your search queries on the Websites

Information We Collect About You:

As with many other websites and mobile applications, as you navigate through and interact with our Websites or Apps, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

- Details of your visits to our Websites or Apps, including traffic data, location data, logs, language, date and time of access, frequency, and other communication data and the resources that you access and use on the Websites or Apps. Information about your computer and internet connection, including your IP address, operating system, host domain, and browser type.

- Details of referring websites (URL). We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

- Information about your computer, mobile device, and Internet connection, specifically the device’s unique identifier and telephone number and your IP address, operating system, browser type, mobile network information, and App version information.

- Information stored on your mobile device, including in other applications. This may include, photographs, audio and video clips, and health information. This data will be used only to provide and improve our services, and will not be used or shared with third parties for marketing purposes.

- Real-time information about the location of your device.

The information we collect automatically is statistical data and may include personal information, or we may maintain it or associate it with personal information you provide to us or that we collect in other ways or receive from third parties. It helps us to improve our Websites or Apps and to deliver a better and more personalized service, including by enabling us to:

- Estimate our audience size and usage patterns.

- Forecast future needs, functions, and uses of our Websites, Apps, and services.

- Better understand user satisfaction levels and experiences.

- Store information about your preferences, allowing us to customize our Websites or Apps according to your individual interests.

- Speed up your searches.

- Recognize you when you return to our Websites or Apps.

- In other ways to improve your experience and the quality of our Websites, Apps, and services.

The technologies we use for this automatic data collection may include:

- Cookies. We and our service prescribers may use cookies to receive and store certain types of information whenever you interact with our Websites and Apps through your computer or mobile device. A “cookie” is a small piece of data sent from a website and stored on the user’s computer by the user’s browser. Our Websites and Apps use two types of cookies: Single-session (temporary or browser cookies) and multi-session (persistent or flash cookies). Temporary cookies last only as long as your web browser is open, and are used for technical purposes such as enabling better navigation through our Websites or Apps. Once you close your browser, the cookie disappears. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Websites or use certain parts of our Apps. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites or use our Apps. Persistent cookies are stored on your computer for longer periods and are used for purposes including tracking the number of unique visitors to our Websites and information about your preferences and navigation to, from, and on our Websites and Apps, such as the number of views a page gets, how much time a user spends on a page, and other pertinent web statistics. Persistent cookies are not managed by the same browser setting as are used for temporary cookies. Cookies, by themselves, will not be used by Cerebral to disclose your individual identity. This information identifies your browser, but not you, to our servers when you visit the Websites or Apps. 

- Pixel Tags. We and are service prescribers may also collect data by using “pixel tags,” “web beacons,” “clear GIFs,” or similar means (collectively, “pixel tags”) that allow us to know when you visit our Websites or Apps. Through pixel tags, we obtain non-personal information or aggregate information that can be used to enhance your online experience and understand traffic patterns.

- Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Website. Google Analytics uses cookies to help the Website analyze how users use the site. You can find out more about how Google uses data when you visit our Website by visiting “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/). We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html

- Facebook. We use Facebook Pixel, a web analytics and advertising service provided by Facebook Inc. (“Facebook”) on our Websites and Apps. The Facebook Pixel service uses cookies, pixel tags and other storage and tracking technology to collect or receive information from our Websites and Apps based on your usage activity. Facebook uses that information to provide us with marketing and advertising services, including targeted ads, and reports that help us measure the effectiveness of our ads, Websites and Apps. Using this service, we can keep track of what users do after they see or click on a Facebook advertisement, keep track of users who access our Websites and Apps or advertisements from different devices, and better provide advertisements to our target audiences. The data from Facebook Pixel is also saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own and others advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. Please click here if you would like to withdraw your consent for use of your data with Facebook Pixel https://www.facebook.com/settings/?tab=ads#_=_. Please also refer to “Choices About How We Use and Disclose Your Information” below for more information about tracking technologies, targeted advertising and your choices relating to the use of your information for these purposes.

- Other Third Party Cookies. We encourage you to review the privacy policies of the other third party cookies deployed on our Websites and Apps, including Microsoft’s (available at https://privacy.microsoft.com/en-us/privacystatement), Rollbar’s (available at https://docs.rollbar.com/docs/privacy-policy), and New Relics’ (available at https://newrelic.com/termsandconditions/privacy).

Information We Receive From Other Sources.

This is information we receive about you if you use any of the other websites we operate or the other services we provide. We are working closely with third parties (including, for example, third party intermediaries, such as the physicians, medical professionals, and pharmacies with whom we partner to provide you with services, sub-contractors in technical, advertising networks, analytics prescribers, and search information prescribers).

How We Use Your Information

In connection with providing you with the Websites, Apps, and services, we may use, compile, analyze, and save your information in the following ways:

-To provide our Websites and their functionality, contents and services to you.

- To provide and improve our Apps and their functionality, contents and services.

- For the purposes of treatment, quality, improvement of health status, customer and patient experience, customer and patient engagement and/or behavior modification, peer review, payment, efficiency, cost effectiveness and/or other purposes relating to operations and provisions of telehealth services.

- To carry out the services and, as applicable, facilitate the provision of health care services to you by your physician or other health care prescriber and ensure that physicians or health care prescribers have the services and support necessary for health care operations.

- To communicate with you about the Websites, Apps, and services, or your use of the Websites, Apps, and services, and send you communications on behalf of physicians or other health care prescribers utilizing the services to meet your needs.

- To provide you with information that you have requested or to respond to your inquiries.

- To provide you with technical support and to improve our Websites, Apps, and services.

- To verify your identity and administer your account, including processing your payments and fulfilling your orders.

- In order to ensure that content from our Websites and Apps is presented in the most effective manner for you and for your computer or mobile phone, to allow you to participate in interactive features of our services (when you choose to do so), and as part of our efforts to keep our Websites and Apps safe and secure.

- To communicate with you about our products and services and those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners that may be of interest to you.

- To fulfill any other purposes for which you provide it, including to allow you to transfer your user account to a new device, or sync other applications offered by Cerebral and its affiliates and third-party partners.

- To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.

- In the event of a sale, merger, consolidation, change in control, transfer of substantial assets, reorganization, or liquidation, we may transfer, sell, or assign to third parties information concerning your relationship with us, including, without limitation, personal information that you provide and other information concerning your relationship with us.

- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

- To notify you about changes to our Websites, Apps, or services.

- In any other way we may describe when you provide the information.

- For any purpose where you have given your consent.

- To comply with applicable federal and state law.

We may also use your information to contact you about goods and services that may be of interest to you, such as user surveys or promotions, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by visiting the “Notifications” section on your “My Account” page. For more information, see Choices About How We Use and Disclose Your Information.

Information We Receive From Other sources. We will combine information we receive from other sources with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

Health Information. Some information Cerebral collects constitutes PHI under the U.S. Health Insurance Portability and Accountability Act (“HIPAA”). As set forth above, CMG (or your own medical prescriber if you do not use a CMG Prescriber) will provide you with a Notice of Privacy Practices describing its collection, use and disclosure of your PHI, not Cerebral, Inc. Cerebral will use or disclose PHI only as permitted in Cerebral’s agreements with CMG (or your own medical prescriber if you do not use a CMG Prescriber) and we only collect the PHI we need to fully perform our services and to respond to you or your Prescriber. We may use your PHI to contact you to the extent permitted by law, to provide requested services, to provide information to your Prescribers and insurers, to obtain payments for our services, to respond to your inquiries and requests, and to respond to inquiries and requests from your Pescribers and benefits program. We may combine your information with other information about you that is available to use, including information from other sources, such as from your Prescribers, insurers or benefits program, in order to maintain an accurate record of our participants. PHI will not be used for any other purpose, including marketing, without your consent.

Disclosure of your Information

We do not share, sell, or otherwise disclose your personal information for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated, de-identified information about our users, and information that does not identify any individual, without restriction.

We may disclose your personal information to third parties in connection with the provision of our services or as otherwise permitted or required by law. You agree that we have the right to disclose personal information that we collect or you provide as described in this Privacy Policy, including:

- To any member of our group, which means our subsidiaries and affiliates, including our ultimate holding company and its subsidiaries.

- To CMG Prescribers (i) to schedule and fulfill appointments and provide health care services as part of the services, (ii) to whom you send messages through our services, and (iii) for other treatment, payment or health care operations purposes, including pharmacy services, upon your request.

- To health care organizations, pharmacies, contractors, service prescribers, and other third parties we use to support our business or in connection with the administration and support for your healthcare treatment purposes, such as CMG and Prescribers, Zendesk (a customer service, support and technology prescriber), and a third party pharmacy fulfillment and technology prescriber.

- To our third party service prescribers that provide services such as hosting our Websites or Apps, data analysis, IT services and infrastructure, customer service, email delivery, auditing, ordering, marketing, payment processing, and other similar services.

- To any third parties we believe necessary or appropriate to comply with applicable laws.

- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Cerebral’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Cerebral about our Website or App users is among the assets transferred.

- To fulfill the purpose for which you provide it. For example, if you email us asking us to contact a third party (including a medical professional), we may transmit the contents of your email to the recipient.

- For any other purpose disclosed by us when you provide the information.

- With your consent.

We may also disclose your personal information: If we are under a duty to disclose or share your personal information to comply with any legal obligation, including to respond to any government or regulatory request; in order to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; or to protect the rights, property, or safety of Cerebral, our customers, or others. This may include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices about How We Use and Disclose your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your personal information.

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Websites or Apps may then be inaccessible or not function properly.

Do Not Track. Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. We do not currently respond to “do not track” signals. 

Promotional Offers from Cerebral. If you do not wish to have your contact information used by Cerebral to promote our own products or services, you can check certain boxes on the forms we use to collect your data. You can also always exercise your right to ask us not to process your personal information for marketing purposes by contacting us at the address below. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt out does not apply to information provided to Cerebral as a result of your use of the services.

Location Information. You can choose whether or not to allow our Apps to collect and use real-time information about your device’s location through the device’s privacy settings. If you block the use of location information, some parts of our Apps may then be inaccessible or not function properly.

Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative (NAI) websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

With respect to any PHI Cerebral may obtain, you have certain rights under HIPAA to access your data, to restrict use and disclosure of it, to request communication methods, to request corrections to your data, to receive an accounting of disclosures and to receive notice of any breach. See the Notice of Privacy practices provided to you by your Prescriber for more information.

Your Rights Regarding Your Information and Accessing and Correcting Your Information 

You can review and change your personal information, or delete your Cerebral account, by logging onto our Websites or Apps and visiting your “My Account” page. You may also contact us at the address below—or by emailing careteam@getcerebral.com—to request access to, correct, or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. If Cerebral deletes your user account, medical prescribers, including Prescribers, and other affiliates may still have the right to retain information as required by applicable law, regulations, or their own retention policy. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Unless otherwise required by law, Cerebral will also erase personal information when the personal information is no longer necessary in relation to the purposes for which was collected or otherwise processed; when you withdraw your consent (where lawfulness of processing was based on your consent) and there is no other legal ground for the processing; when you object to the processing and there are no overriding legitimate grounds for the processing; when your personal information has been unlawfully processed; and when it is necessary to comply with legal obligations.

With respect to any PHI Cerebral may obtain, you have certain rights under. Please review the Notice of Privacy Practices provided to you by your Prescriber for more information.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us. 

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Websites and Apps, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. The information you share in public areas may be viewed by any user of the Websites or Apps.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our Websites or Apps; any transmission is at your own risk.

Third Parties

This Privacy Policy does not address, and we are not responsible for the privacy, information, or other practices, including data privacy and security process and standards of any third parties, including physicians and other health care prescribers using the services, the manufacturer of your mobile device and other IT hardware and software, and any other third party mobile application or website to which our Websites, Apps, or services may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties.

Even though Cerebral may not be a “covered entity” as defined in HIPAA, any physician or other health care prescriber engaging through our services may be a “covered entity” and therefore subject to the provisions of HIPAA from time to time. If you are using the services, your acceptance of the Terms of Use and this Privacy Policy incorporates your acceptance and consent to the Notice of Privacy Practices included on the Websites. This notice describes how your physician or other health care prescriber uses and discloses your PHI. Cerebral has agreed that its collection, use, and disclosure of your PHI on behalf of your physician or health care prescriber will be done consistent with the Notice of Privacy Practices except to the extent you have expressly authorized additional uses and disclosures.

Use By Minors

Our Websites and Apps are not intended for children under the age of eighteen (18) without parental consent. If you are under 18 years of age, we must obtain valid and verifiable consent by your parent or legal guardian to this Privacy Policy and our Terms of Use before you can use or access our Websites, Apps, or services, including the Prescriber consultation services, and your subsequent use of and access to our Websites, Apps or services must be done under the supervision of your parent or legal guardian. Such consent will be obtained via reasonable methods, as determined by us in our sole discretion. If we determine that the consent obtained is inadequate, we will notify you and you may not use or access the Websites, Apps, or services at any time or in any manner. However, if you are a parent, legal guardian or personal representative of a minor child under 18 years of age, you may, in compliance with the Terms of Use, use our services on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. If you are under 18 and wish to create an account with Cerebral, your parent or legal guardian must create the account, submit your personal information, and agree to this Privacy Policy on your behalf. We do not knowingly collect information for individuals under the age of 18 for whom we have not obtained adequate consent pursuant to the above. If we learn that we have received any information for an individual under the age of 18 for whom we have not obtained adequate consent pursuant to the above, we will only use that information to respond directly to that child (or a parent, legal guardian or personal representative) to inform him or her that he or she cannot use our service, and subsequently we will delete that information from our own servers. If you believe we have impermissibly collected personal information from someone under the age of 18, please contact us using the information below.

California Privacy Rights

These California Privacy Rights supplement the other information contained in our Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). This notice is to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice. We may update these California Privacy Rights as necessary and in the event of changes in the CCPA. These terms apply only to California residents. 

Categories of Personal Information Cerebral Collects – California Residents

As described in more detail in other areas of our Privacy Policy, we collect and/or disclose personal information about you when you visit use our Websites or Apps, including information about you that you provide to us, and information that we automatically collect from you or your computer or device as you use our Websites or Apps. Please refer to Information We Collect About You and How We Collect It for additional information and details. 

Personal information does not include information that is: (a) publicly available information from government records; (b) de-identified or aggregated consumer information; or (c) certain information excluded from the scope of CCPA (e.g., PHI covered under HIPAA and medical information covered under the California Medical Information Act).

Categories of Sources from which Cerebral has collected Personal Information

We collect personal information directly from you, for example when you provide it to us to when you contact us to our Websites or Apps, for the creation of a Cerebral account; and indirectly from you automatically through your computer or device as you use our Websites or Apps. We may also collect personal information about you from our advertising partners and service prescribers. 

Use of Personal Information Collected from California Residents

We do not sell your personal information and have not done so in the prior 12 months from the effective date of this Policy. We may use or disclose the personal information we collect for our business purposes described elsewhere in this Privacy Policy (for example, please refer to “How We Use Your Information” and “Disclosure of Your Information”). 

Sharing Personal Information - California Residents

Cerebral may disclose your personal information to a third party for one or more business purposes. When we disclose personal information for a business purpose, such as to service prescribers, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. 

Disclosures of Personal Information for Business Purposes:

We may disclose your personal information for our business purposes, such as your contact information, other information you have provided to us and unique identifiers that identify you to us or to our service prescribers, such as companies that assist us with marketing and advertising. Please refer to Information We Collect About You and How We Collect It for additional information and details.

We disclose your personal information to certain third parties such as our health care Prescriber partners, service prescribers, including companies that assist us with marketing and advertising. For additional information please refer to “How We Use Your Information” and “Disclosure of Your Information”).

Access Request Rights

California residents have the right to request that Cerebral disclose certain information to you about our collection and use of your personal information over the past 12 months for the above business and commercial purposes. To submit an access request, see Exercising Access and Deletion Rights. Once we receive and confirm your verifiable consumer request, we will disclose to you:

- The categories of personal information we collected about you.

- The categories of sources for the personal information we collected about you.

- Our business or commercial purpose for collecting that personal information.

- The categories of third parties with whom we share that personal information.

- The specific pieces of personal information we collected about you.

- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

  1. sales, identifying the personal information categories that each category of recipient purchased; and 
  2. disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights 

California residents have the right to request that Cerebral delete your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service prescribers to delete) your personal information from our records, unless certain exceptions apply. 

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either:

- Calling us at 415-403-2156.

- Emailing us at support@getcerebral.com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:

- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

- Deny your goods or services.

- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 

- Provide you a different level or quality of goods or services.

- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Other California Privacy Rights

California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Websites that are California residents and who provide personal information in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of personal information to third parties for their own direct marketing purposes. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared your personal information with for the immediately prior calendar year (e.g. requests made in 2020 will receive information regarding such activities in 2019). You may request this information once per calendar year. To make such a request, please contact us by email at support@getcerebral.com.

Notice of Privacy Practices - Cerebral medical group, P.A. Affiliated Covered Entity

This notice describes how the medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully:

This Notice of Privacy Practices (the “Notice”) describes how Cerebral Medical Group, P.A. and all members of its Affiliated Covered Entity (collectively, “Cerebral Medical Group,” “we,” “our,” or “us”) may use and disclose your protected health information to carry out treatment, payment or business operations and for other purposes that are permitted or required by law.  An Affiliated Covered Entity is a group of health care prescribers under common ownership or control that designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).  The members of the Cerebral Medical Group Affiliated Covered Entity will share protected health information with each other for the treatment, payment, and health care operations of the Cerebral Medical Group Affiliated Covered Entity and as permitted by HIPAA and this Notice of Privacy Practices.  For a complete list of the members of the Cerebral Medical Group Affiliated Covered Entity, please contact the Cerebral Medical Group Privacy Office. 

“Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical health or condition, treatment or payment for health care services.  This Notice also describes your rights to access and control your protected health information. 

Uses and disclosures of protected health information:

Your protected health information may be used and disclosed by our health care prescribers, our staff, and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and any other use authorized or required by law.

Treatment:

We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services.  This includes the coordination or management of your health care with a third party.  For example, your protected health information may be provided to a health care prescriber to whom you have been referred to ensure the necessary information is accessible to diagnose or treat you.

Payment:

Your protected health information may be used to bill or obtain payment for your health care services.  This may include certain activities that your health insurance plan may undertake before it approves or pays for your services, such as:  making a determination of eligibility or coverage for insurance benefits and reviewing services provided to you for medical necessity.

Health care operations:

We may use or disclose, as needed, your protected health information in order to support the business activities of this office.  These activities include, but are not limited to, improving quality of care, providing information about treatment alternatives or other health-related benefits and services, development or maintaining and supporting computer systems, legal services, and conducting audits and compliance programs, including fraud, waste and abuse investigations.

Uses and disclosures that do not require your authorization:

We may use or disclose your protected health information in the following situations without your authorization.  These situations include the following uses and disclosures:  as required by law; for public health purposes; for health care oversight purposes; for abuse or neglect reporting; pursuant to Food and Drug Administration requirements; in connection with legal proceedings; for law enforcement purposes; to coroners, funeral directors and organ donation agencies; for certain research purposes; for certain criminal activities; for certain military activity and national security purposes; for workers’ compensation reporting; relating to certain inmate reporting; and other required uses and disclosures.  Under the law, we must make certain disclosures to you upon your request, and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of HIPAA.  State laws may further restrict these disclosures.

Uses and disclosures that do require your authorization:

Other permitted and required uses and disclosures will be made only with your consent, authorization or opportunity to object unless permitted or required by law.  Without your authorization, we are expressly prohibited from using or disclosing your protected health information for marketing purposes.  We may not sell your protected health information without your authorization.  Your protected health information will not be used for fundraising.  We will not use or disclose your psychotherapy notes without your authorization, except as permitted by law. If you provide us with an authorization for certain uses and disclosures of your information, you may revoke such authorization, at any time, in writing, except to the extent that we have taken an action in reliance on the use or disclosure indicated in the authorization.

Your rights with respect to your protected health information:

You have the right to inspect and copy your protected health information.  

You may request access to or an amendment of your protected health information.

You have the right to request a restriction on the use or disclosure of your protected health/personal information.  Your request must be in writing and state the specific restriction requested and to whom you want the restriction to apply.  We are not required to agree to a restriction that you may request, except if the requested restriction is on a disclosure to a health plan for a payment or health care operations purpose regarding a service that has been paid in full out-of-pocket.  

You have the right to request to receive confidential communications from us by alternative means or at an alternate location.  We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.

You have the right to request an amendment of your protected health information.  If we deny your request for amendment, you have the right to file a statement of disagreement with us.  We may prepare a rebuttal to our statement and we will provide you with a copy of any such rebuttal.

You have the right to receive an accounting of certain disclosures of your protected health information that we have made, paper or electronic, except for certain disclosures which were pursuant to an authorization, for purposes of treatment, payment, healthcare operations (unless the information is maintained in an electronic health record); or for certain other purposes.  

You have the right to obtain a paper copy of this Notice, upon request, even if you have previously requested its receipt electronically by e-mail.

Revisions to this notice:

We reserve the right to revise this Notice and to make the revised Notice effective for protected health information we already have about you as well as any information we receive in the future.  You are entitled to a copy of the Notice currently in effect.  Any significant changes to this Notice will be posted on our web site.  You then have the right to object or withdraw as provided in this Notice.

Breach of health information:

We will notify you if a reportable breach of your unsecured protected health information is discovered.  Notification will be made to you no later than 60 days from the breach discovery and will include a brief description of how the breach occurred, the protected health information involved and contact information for you to ask questions.

Complaints:

Complaints about this Notice or how we handle your protected health information should be directed to our HIPAA Privacy Officer.  If you are not satisfied with the manner in which a complaint is handled you may submit a formal complaint to the Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.  We will not retaliate against you for filing a complaint.

We must follow the duties and privacy practices described in this Notice.  We will maintain the privacy of your protected health information and to notify affected individuals following a breach of unsecured protected health information.  If you have any questions about this Notice, please contact us at (415) 403-2156 and ask to speak with our HIPAA Privacy Officer.

Acknowledgment of receipt of notice of privacy practices:

By clicking and opting in, you acknowledge that you have received or been given an opportunity to receive this Notice of Privacy Practices.

If you are the parent or personal representative of the Patient, by clicking and opting in, you acknowledge on behalf of the Patient that you have received or been given an opportunity to receive this Notice of Privacy Practices.

Revisions to Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy posted on this page. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. Your continued use of our Websites or Apps after such amendments will be deemed your acknowledgment of these changes to this Privacy Policy.

Contacting Us

If you have any questions about this Privacy Policy, please contact us at:

340 S Lemon Ave #9892 Walnut, CA 91789   

Telephone: 415-403-2156

Email: support@getcerebral.com or careteam@getcerebral.com

For security-related questions, email: security@getcerebral.com

For compliance-related questions, email: compliance@getcerebral.com

  • If you are in emotional distress, here are some resources for immediate help:

  • National Suicide Prevention Hotline:
    Call 1-800-273-8255
  • Crisis Text Line:
    Text Home to 741-741

© 2021 Cerebral Inc. All rights reserved.

LegitScript Logo