Olla.me is owned and operated by Union InService Inc., a State of Delaware Corporation located in Seattle, Washington.

Your privacy and the privacy of your customers are critically important to us. At Olla.me (“Olla”, “we”, “us”, or “our”), we have a few fundamental principles:
‍
1. We don’t and won’t ask you for personally identifying information unless we truly need it. To make this Privacy Policy easier to read, www.olla.me and our products and services are collectively called the “Services" throughout this policy.

2. We don’t share your personally identifying information, PHI, or other data collected by our customers, with anyone, except as needed, to provide product support, to comply with the law, or to protect our rights.

3. This Service does not require you to enter any information to view the website or the products and services, however, in order to access or otherwise utilize the services or view additional offerings (i.e. schedule appointments, enter appointments, etc.) you will be asked to either provide your email address, phone number, and/or create an account. This information shall be governed by this Policy.

When you interact with our websites, platform, patient portals, products, services, customer support channels, or patient front door processes, we may ask you to provide some personal information to verify your identity and access the services. When we request this type of information, we will notify you as to why we are asking for information and how this information will be used.

• Contact data: The information we may collect includes your personal contact information, such as your first and last name, email address, phone number, mailing address, and information about the organization you represent, and other similar data and identifiers.
• Account data: We collect first and last name, username, and passwords when your Olla account is activated.
• Professional data: We may collect your job title, professional certifications details, employment history, and similar information when you register for our services.
• Payment and billing data: We collect information necessary for processing payments and preventing fraud, including bank account details and other related billing information.
• Location data: When you use our platform, we collect IP address and convert it to location for (1) security monitoring (2) supporting some features, such as IP whitelisting, country level location whitelisting, and (3) Delivering location-based help and website details (4) Manage privacy based on local jurisdiction.
• Other information: Examples of other information that we may collect from you include information you provide when you interact online with our patient support channels, or any additional information you chose to provide to us while interacting with our websites, products, and services.

‍We may collect information automatically from your device, such as through the website’s internet access logs and technology.

• Device data: We may collect information about your device, including internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
• Online activity data: We use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and gather other information about our user-base. You can control the use of cookies at the individual browser level by updating your cookie preferences, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

• Customer Provided Data: We may receive specific data such as name, mailing address, phone numbers and email addresses from our customers who are logging or creating accounts for their patients or clients to utilize Olla’s service.
• Analytics providers: We may receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources including selected partners and companies that specialize in providing enterprise data, analytics, and software as a service.

‍Our websites include links to other third-party sites for your convenience and information. If you access those links, you will leave the Olla Site and if you submit personal information to any of those third-party sites, your information is governed by their respective privacy policy, which may differ from ours.  Olla does not endorse or make any representations about third-party websites. We encourage you to carefully read the privacy policy of any website you visit.

While using Olla, customers and/or patients may load various types of data to our platform. Platform data is governed by the contractual agreements between Olla and its customers (i.e.  Healthcare providers or other healthcare service professionals). Olla will not disclose or distribute any such platform data except as provided in the contractual agreement between Olla and the customer or as may be required by law. Further, Olla and its customers have executed a Business Associate Agreement (“BAA”) that will further govern the processing of personal information including specifically patient data. In the event of a conflict between this policy and the established BAA, the BAA shall govern. 
‍
We have a limited relationship with the Clients of our Customers. If we receive inquiries or requests from Clients about their Personal Information, we will honor those requests as required by applicable data privacy laws. We will also direct Clients to our Customers, the controller of their personal information.

We use and process your data for the following business purposes:

• To your Providers/our Customers: We share your Personal Information with your Providers/our Customers in order to provide you with the Services and facilitate our agreements with our Customers.
• Provisioning and operating: We use your data to operate our websites and provision our products and services. The use of information collected through the platform is limited to the purpose of providing the service for which a customer engaged Olla.
• Marketing and advertising: We may contact you with marketing and promotional information (in accordance with your selected marketing preferences) about products and services that we offer and send you information regarding us. You can select unsubscribe from any of our email marketing communications or write to us at privacy@olla.me and we will update your information.
• Billing and payments: We use your data to invoice and process payments.
• General communication: We may use your data to respond appropriately to your comments, questions, requests, and inquiries.
• Product service communication: We may use your data to communicate with you directly for upcoming product releases, service updates, or if we detect suspicious activity on your account.
• Product support and improvement: We use your data to address or prevent service or technical problems and to respond to support issues. We may also use your data to improve the performance of our products, services, and support channels.
• Security: We use your data to provide online security for our websites, products, and services. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
• Research and development: We use your data to innovate new and existing product features using research and development tools and incorporating data analysis activities.
• Mergers and acquisitions: If we take steps to enter into a reorganization, restructuring, merger, acquisition, or transfer of assets (“Business Transfer”), we may also use your personal information as reasonably necessary to give effect to that Business Transfer.
• Compliance with law: Where required, we may use your data to comply with applicable laws, regulations, court orders, government, and law enforcement requests, to investigate security and privacy incidents, and to solve any customer disputes.
• Legal basis for processing: Under the General Data Protection Regulation (GDPR) and other applicable regulations, we process your personal data on several different legal basis, as follows:
  
  Based on necessity to perform contracts with you: When you access, use, or register for services, you form a contract with us based on the applicable contractual agreement or terms of service. We need to process your personal data to discharge our obligations in any such contract, fulfill your requests and orders, answer questions and requests from you, and provide tailored customer support.
  
  Based on compliance with legal obligations: We may need to process your personal data to comply with relevant laws or regulatory requirements, and to respond to lawful requests, court orders, and legal processes.
  
  Based on our legitimate interests: We process your personal data to provide our services to you and your patients or clients.  
  
  Based on your consent: In certain situations, we process your data based on your consent. When applicable, we will ask for your consent before we process your information. You have a right to withdraw your consent at any time.
  
  Additional Considerations. We may also use your personal information as instructed by you for other purposes, which we will describe to you when we collect the information.

Olla takes all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally identifying information. Olla discloses potential personally identifying information only on an as-needed (or required) basis as follows:

• To Olla employees that: (i) need to know that information in order to process it on our behalf or to provide the services; and (ii) that have expressly in writing agreed to confidentiality and not to disclose it to others. Note* Some of those employees, and contractors may be located outside of your home country; by using the services you consent to the transfer of such information to them.
• To Service providers: We may disclose your information to affiliated and contracted service providers such as our hosting, billing, collaboration, email service, analytics, customer service that help us with deliver our Services. These companies are authorized to use your personal information only as necessary to provide these services to us or on our behalf.
• As required by law, such to comply with a subpoena or similar legal process. To the extent we are legally permitted to do so, we will take commercially reasonable steps to notify you if we are required to provide your personal information to third parties as part of a legal process.
• If we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a written government request.
• If Olla becomes involved in a merger, acquisition, or any form of sale of some or all its assets. In such an event, we will ensure that the acquiring organization agrees to protect personal information in accordance with the commitments we have made in this Privacy Notice, and that the acquiring organization will provide notice before personal information, customer information, or business information becomes subject to a different privacy notice.
• With your consent, to any other third party with your prior consent to do so. We do not sell your personal information to third parties.

Data privacy laws and regulations, such as The California Consumer Privacy Act (CCPA), provide you with fundamental rights. Due to our commitment to privacy, we have extended those data rights to persons in all jurisdictions.
‍
1) Right to be forgotten (“Right to Erasure”)
‍This right provides you with the ability to ask for the deletion of your data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right and depends on our retention schedule and retention period in line with other applicable laws.

‍2) Right to know how we are processing your information (“Right to Information”)
‍This right provides that you may ask us for information about what personal data is being processed and the rationale for such processing. For example, you may ask for the list of processors with whom we share your personal data.

‍3) Right to view the information we have collected about you (“Right to Access”)
‍This right provides you with the ability to get access to your personal data that is being processed. This request provides you with the right to see or view your own personal data, as well as to request copies of the personal data.

4) Right to rectification
This right provides you with the ability to ask for modifications to your personal data in case you believe that this personal data is not up to date or not accurate.

‍5) Right to withdraw consent
‍This right provides you with the ability to withdraw a previously given consent for processing of your personal data for a purpose.

‍6) Right to object to processing your information (“Right to object”)
This right allows you to object to certain types of data processing. These are:
a.   Direct marketing
b.   The processing of personal data for statistical purposes related to historical or scientific research
c.   The processing of data for tasks in the public interest
d.   The exercising of official authority invested in you
e.   Objections to data processing in yours or a third party’s legitimate interest
f.    Objections to data processing based on your own beliefs and situations.g.   Automated decision-making that affects legal rights / has material impact on you.
‍
‍7) Right to data portability
‍This right provides you with the ability to ask for transfer of your personal data. As part of such a request, you may ask for your personal data to be provided back to you in a machine-readable electronic format or, if technically feasible, transferred to another service provider.

‍8) Right to Limit Use and Disclosure of Sensitive Personal Information
You have the right, at any time, to direct us (as a business that collects sensitive personal information about you) to limit our use of your sensitive personal information to that use which is necessary to perform the services expected.(9) For CA Residents. Non-Discrimination You may not be discriminated against because you exercise any of your rights under the CCPA, in violation of California Civil Code § 1798.125. including an employee's, applicant's, or independent contractor's right not to be retaliated against for the exercise of their CCPA rights.To exercise any privacy rights, please submit a request or contact our support team at privacy@Olla.me. For your protection, we may only process requests with respect to the personal information associated with the email address that you use to send us your request, and we may need to verify your identity before processing your request. We will respond to your requests within the timelines prescribed by applicable law.

If you are visiting this website and/or accessing the Services from outside the United States, please be aware that you are sending information (including Personal Information) to the United States where Olla servers are located. This information may be transferred within the United States or back out of the United States to other countries outside of your country of residence, depending on the type of information and how its stored by us. These countries (including the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence, however, our collection, storage and use of your personal information will at all times be governed by this Privacy Notice.

If we transfer personal data out of the European Economic Area (“EEA”), Switzerland, and the UK to countries that do not benefit from an adequacy decision, as determined by the European Commission, we will rely on Standard Contractual Clauses approved by the European Commission and other contractual measures to ensure that adequate safeguards are in place with respect to the data.

Communications
If you have an account with us for access and use of our services, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Olla and our services. We primarily use our various product blogs and support documentation to communicate this type of information, so we expect to keep this type of email to a minimum.

Third-Party Processors
Olla uses various third-party services to create the best experience for users and for improving existing products and services. Third party services use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service. In all instances, Olla manages the transfer of data to the third-party services by transferring limited personal information required to provide the service in encrypted formats.

Feedback & Support
If you send us a request (via a support email or one of our feedback channels), We reserve the right to publish it (in an aggregated form) in order to help us clarify or respond to your request or to help us support other users.

We may provide technical support to service your account(s) with us. In order to do so, we may use certain personally identifying information, with your consent, to access your account for the purpose of troubleshooting, running tests, and/or otherwise providing support. In providing technical support to you, we may potentially see other personally identifying information viewable on your account pages. As with all other information, we promise to hold any information we encounter in the process of providing support to industry-standard security and data protection standards.

Security, Data Storage & Retention
To prevent unauthorized access, safeguard data accuracy, and maintain the appropriate use of information, we have put in place appropriate physical, technical, and administrative procedures to protect the personal information data you submit. We make every effort to ensure the integrity and security of our network and systems. However, since the internet is not 100% secure and as new technology evolves and emerges, we cannot guarantee that our security measures will prevent third-party interferences from illegally obtaining or tampering with your personal information.

We encourage you to help us by also taking precautions to protect your personal data when you use the services. Change your account password often, using a combination of letters, numbers, and characters, and make sure you use a secure connection. We also strongly recommend enabling two-factor authentication for signing into your account.

Olla will retain your personal information for as long as your email or account with us remains active and up to 35 days after the termination of the commercial relationship with us or needed for the purposes described above and/or as required by law. A user may request access to certain data about themselves by emailing privacy@olla.me.

We do not promote or offer the Services for use by anyone under the age of 18 (“minors”). Olla does not knowingly solicit or collect personal information from minors, and we will not knowingly link to any third-party website or platform or host any customer sites that solicit or collect personal information from minors. If you believe that a minor has disclosed personal information to us or that we have linked to such a third-party or user website or platform, please contact us at privacy@olla.me.

We may update this Privacy Policy to reflect changes to our information practices. If we make any change in how we use your personal data we will notify you by email (specified upon registration), or we will notify you by means of a notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Should you wish to report a complaint or if you feel that Olla has not addressed your concern in a satisfactory manner, you have the right to contact a regulatory body or data protection authority in relation to your complaint.  

Alternatively, you can contact the data protection supervisory authority in your jurisdiction for assistance.

If you have any questions or suggestions regarding Olla’s privacy policy, please contact Olla via email at privacy@Olla.me.
Alternatively, you can contact the data protection supervisory authority in your jurisdiction for assistance.

UNION-INSERVICE, INC
2819 S Holgate St
Seattle, WA 98144